#OAuth

Security awareness tips, industry news, and product updates.

Employee reviewing an application permission request on a laptop screen
Phishing & Social EngineeringThreat Intelligence

Consent Phishing: Malicious OAuth Apps That Bypass MFA

Consent phishing tricks users into approving a malicious OAuth app — granting attackers token-based access to mail and files without ever touching a password or triggering MFA. Here is how it works and how to shut it down.

Marcus Chen·6/23/2026·6 min read
Abstract visualization of connected cloud applications and integrations
Compliance & RegulationsThreat Intelligence

When the Vendor Is the Breach: The Salesloft Drift Lesson

One compromised chatbot integration exposed 700+ organizations through stolen OAuth tokens. The Salesloft Drift attack shows why third-party access is now your biggest blind spot.

Rachel Andersen·6/20/2026·4 min read