Oauth
The latest Oauth coverage — news, analysis, and updates from the WindowsNews.AI desk.
MISO & Microsoft Cloud AI: Revolutionizing Grid Planning & Real-Time Operations
The Midcontinent Independent System Operator (MISO), one of North America's largest regional transmission organizations, has embarked on a transformative partnership with Microsoft to build a...
Microsoft Copilot Ethics Scandal: Shell Transcript Raises AI Surveillance Concerns
The recent publication of what appears to be an unredacted transcript between Microsoft Copilot and a user discussing Royal Dutch Shell's ethical practices has ignited a firestorm of controversy...
CoPhish Attack: How Microsoft Copilot Studio Can Be Weaponized for OAuth Token Theft
Microsoft's Copilot Studio has become the latest vector for sophisticated phishing attacks, with security researchers at Datadog Security Labs uncovering a method they've dubbed "CoPhish" that...
Archived but Not Forgotten: The Story of Microsoft’s Facebook SDK for Windows 10 and HoloLens
The GitHub repository for Microsoft’s official Windows SDK for Facebook now sits in archived, read-only state—a silent monument to an ambitious 2015 push to make Universal Windows apps more...
Microsoft Account Hacks Bypass 2FA: The Datacenter IP Mystery Explained
A growing number of Microsoft account holders are discovering successful sign-ins from IP addresses inside Microsoft's own network—despite having two-factor authentication (2FA) enabled and...
Okta Exposes VoidProxy Phishing Service That Steals Session Cookies to Bypass MFA
A new industrialized phishing service named VoidProxy is arming cybercriminals with the ability to hijack Google and Microsoft accounts in real time, exfiltrating session cookies that bypass...
Exposed appsettings.json Files Unleash 'Master Key' to Azure Tenants via OAuth Token Abuse
A single, publicly exposed appsettings.json file containing Azure Active Directory (now Entra ID) application credentials can act as a master key to an organization’s entire cloud estate, security...
Windows Live Mail Survives on Windows 11 With IMAP Tricks, But Experts Urge Migration
Windows Live Mail refuses to die quietly. Fifteen years after its last major update, the discontinued email client can still be cajoled into sending and receiving mail on Windows 11—but the process...
Microsoft and CISA Demand Hybrid Exchange Overhaul: October 31 Permanent Cutoff After Vulnerability Alert
Microsoft has drawn a hard line in the sand for hybrid Exchange administrators: after October 31, 2025, any on-premises server still relying on the legacy shared service principal for rich...
Per-Mailbox Cloud Management Lets Admins Finally Retire the Last Exchange Server
Microsoft has released a per‑mailbox cloud management feature that finally gives hybrid Exchange organizations a clear path to unplugging the last on‑premises Exchange server. With the new...
Visual Studio MCP GA Brings GitHub Server v0.12.1, but Prompt Injection Risks Demand Vigilance
Microsoft has shipped general availability support for the Model Context Protocol (MCP) directly into Visual Studio, letting developers connect Copilot Chat to external services through a simple...
ChatGPT Gets Gmail and Calendar Access: OpenAI's Productivity Play Raises Security Flags
OpenAI has quietly breached the walls of Google Workspace. Starting this week, ChatGPT Pro users can grant the AI direct access to their Gmail inboxes, Google Calendars, and Google Contacts—turning...