TechRepublic

Fake Google Security Alert Hides a Phishing Scam

A developer reported the scam after noticing a slight discrepancy in the email address. The scam passed Google’s own DKIM checks. One of the oldest signs of a scam email is an incorrect domain.

ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
Digital Journal

Google OAuth flaw leaves many users vulnerable via failed startup domains

Google's advertising practices are also subject to investigations or proceedings in Britain, the EU and the United States. — © AFP/File Josh Edelson Google's ...
InfoWorld

A wake-up call for identity security in devops

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service accounts, and third-party OAuth apps. Here’s how to address it. In early 2025, ...