Dark Reading

Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish

Attackers who gain initial access to a victim's network now have another method of expanding their reach: using access tokens from other Microsoft Teams users to impersonate those employees and ...
Ars Technica

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched

Microsoft’s Teams client stores users’ authentication tokens in an unprotected text format, potentially allowing attackers with local access to post messages and move laterally through an organization ...
Security Boulevard

What are Refresh Tokens? Complete Implementation Guide & Security Best Practices

Learn how refresh tokens work in enterprise SSO. This guide covers implementation, rotation, and security best practices for CIAM systems.
Ars Technica

Microsoft Teams stores cleartext auth tokens, won’t be quickly patched | Ars OpenForum

This is a known issue with OAuth and is how basically any electron app works. The tl;dr is if you're able to steal files "as the user" it's already game over. This is no different than stealing ...