Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
Ars Technica

OAuth and OAuth WRAP: defeating the password anti-pattern

The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It’s a stop-gap solution that will enable broader OAuth adoption while ...