Safeguard
Tag

oauth

Safeguard articles tagged "oauth" — guides, analysis, and best practices for software supply chain and application security.

21 articles

Incident Analysis

Microsoft Midnight Blizzard Source Code Theft 2024

Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.

Feb 25, 20268 min read
Incident Analysis

Heroku OAuth Token Leak Postmortem and Lessons

A retrospective on the Heroku OAuth token incident, what the public timeline revealed about supply chain trust assumptions, and the durable lessons for platform teams.

Feb 18, 20265 min read
AI Security

How to authorize and scope permissions for autonomous AI ...

A practical, step-by-step guide to AI agent authorization: scoping permissions, using OAuth for machine identities, and verifying least-privilege boundaries hold in production.

Dec 20, 20258 min read
Incident Analysis

Salesloft Drift OAuth Breach: 700+ Salesforce Tenants Compromised

UNC6395 stole Salesloft Drift OAuth tokens to exfiltrate Salesforce data from more than 700 organisations including Cloudflare, Zscaler, and Palo Alto Networks in August 2025.

Sep 8, 20256 min read
AI Security

MCP 2025-06-18: OAuth Resource Server Rules Defenders Must Understand

The June 2025 MCP spec made every server an OAuth 2.1 resource server, mandated RFC 8707 resource indicators, and added elicitation. Here is what changes for blue teams.

Jul 9, 20256 min read
Concepts

What Is OAuth

OAuth lets one app access your data in another without ever seeing your password. Learn how delegated access works, what tokens and scopes do, and why it matters.

Aug 20, 20246 min read
Application Security

OAuth Token Security Throughout the Lifecycle

OAuth tokens grant access to APIs, services, and user data. Their security across creation, storage, use, and revocation determines your application risk posture.

Nov 8, 20234 min read
Incident Response

GitHub OAuth Token Theft: The Heroku and Travis CI Breach

Attackers stole OAuth tokens from Heroku and Travis CI to access private GitHub repositories across dozens of organizations, including npm itself. The full scope of the breach took weeks to unravel.

Apr 15, 20225 min read
Incident Response

Heroku and GitHub OAuth Token Theft: The Early Warning Signs

Stolen OAuth tokens from Heroku's integration with GitHub gave attackers access to private repositories across dozens of organizations. The breach revealed systemic weaknesses in third-party OAuth integrations.

Feb 25, 20225 min read
oauth (Page 2) — Safeguard Blog