A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The ...

Enterprise software implementations have long been one of the most expensive and failure-prone layers of the technology stack. Auctor, a New York–based startup founded by William Sun, is aiming to ...

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The ...

Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and ...

Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. Attackers trick victims into entering a device code on ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

aCentre for Quality and Patient Safety Research, Institute for Health Transformation, Office of the Executive Dean Health, Faculty of Health, Deakin University, Victoria, Australia bInstitute for ...

The Alliance brings together multiple stakeholders committed to helping countries turn adaptation planning into investment strategies and bankable project pipelines. The COP30 Presidency, in ...

We therefore argue for an expanded power lens in implementation science—one that brings into view the multiple and intersecting forms of power that shape what gets implemented, by whom, and for whose ...