News

Security Boulevard

OAuth Device Flow Vulnerabilities: A Critical Analysis of the 2024-2025 Attack Wave

The cybersecurity landscape witnessed a seismic shift in 2024-2025 as threat actors, led by groups like ShinyHunters (UNC6040), systematically exploited OAuth device authorization grant ...
Security Boulevard

The Enterprise Risk of OAuth Device Flow Vulnerabilities – And How SSOJet Solves It

Modern enterprises rely on dozens of SaaS, PaaS, and IaaS platforms, many of which bake authentication and access security deep into their products. But in 2025, a new wave of sophisticated phishing ...
GitHub

Refine scopes for the OAuth v2

I started using V2 in order to employ the auto OAuth flow. When I created a clientId in TS, I chose a reasonable set of scopes which I thought would cater for the tsdproxy to setup machines etc.
GitHub

Enable developers to implement a custom OAuth authentication flow

Is your feature request related to a problem? Please describe. The problem is: The internal sealed class ClientOAuthProvider implements one specific OAuth flow: Authorization Code flow. Furthermore ...
Ars Technica

What is device code phishing, and why are Russian spies so successful at it?

Researchers have uncovered a sustained and ongoing campaign by Russian spies that uses a clever phishing technique to hijack Microsoft 365 accounts belonging to a wide range of targets, researchers ...