Security Boulevard

Web Single Sign-On: Understanding WS-Federation

Master WS-Federation for enterprise SSO. Learn how Passive Requestor Profiles bridge legacy ASP.NET, SharePoint, and ADFS ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

Why The Core Of Modern Cybersecurity Is Bridging Identity And Data

The traditional "identity first" approach is struggling because it treats access as a binary state—either you’re in or you’re out.
SecurityWeek

900 Sangoma FreePBX Instances Infected With Web Shells

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.