JDK 26 JDK 26的早期访问构建版本Build 30在上周发布，其中包括对Build 29的更新，其中包括对各种问题的修复。更多关于该版本的详细信息可以在发布说明中找到。 JDK 27 JDK 27的早期访问构建版本Build 4也在上周发布 ...

Attackers trick users into approving access on real Microsoft pages OAuth device code phishing surged sharply since September 2025 Both cybercriminals and state-linked actors reportedly use this ...

A surge in phishing campaigns abusing Microsoft’s OAuth device code authorization flow has been observed with multiple threat clusters using the technique to gain unauthorized access to Microsoft 365 ...

AI on the JVM accelerates: New frameworks like Embabel, Koog, Spring AI, and LangChain4j drive rapid adoption of AI-native and AI-assisted development in Java. Java 25 anchors a modern baseline: The ...

Attackers leveraged stolen secrets to hijack integrations and access customer data, highlighting the need for enterprises to audit connected apps and enforce token hygiene. Salesforce has disclosed ...

In August 2025, attackers exploited the Salesloft-Drift OAuth integration to compromise over 700 organizations’ Salesforce instances. This wasn’t a direct vulnerability in Salesforce, but rather an ...

OAuth 2.1 is the officially mandated authorization standard in the Model Context Protocol (MCP) specifications. According to the official documentation, authorization servers must implement OAuth 2.1 ...

Proofpoint observed campaigns impersonating trusted brands like SharePoint and DocuSign with malicious OAuth applications to get into Microsoft 365 accounts. Threat actors have cooked up a clever way ...

Community driven content discussing all aspects of software development from DevOps to design patterns. Packaged as part of the 2018 version 10 release, the Java var reserved word introduced type ...

A trio of ongoing campaigns have highlighted once again the continued popularity among cybercriminals of malicious OAuth apps as a go-to attack method. In one wave of recent attacks, threat actors ...