A new report released today by application programming interface security startup Salt Security Inc. warns of significant vulnerabilities in several major online platforms’ social sign-in and Open ...

Nginx on Tuesday released its latest product offering, the Plus R8, which includes an initial release of OAuth 2-based authentication. Nginx CEO Gus Robertson said that many of today's most popular ...

ShinyHunters compromised Google, Qantas & dozens more using OAuth device flow attacks—bypassing MFA without exploiting a single software bug. My deep-dive analysis reveals how they did it and what ...

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...

One of the tasks I dread is configuring a web server to send email correctly via Gmail. The simplest way of sending emails is SMTP, and there are a number of scripts out there that provide a simple ...

Google Threat Intelligence Group has tracked threat actor UNC6395 stealing OAuth tokens via Salesloft Drift integrations in a ...

Application Programming Interfaces (APIs) are the backbone of many services and applications, enabling different software to interact with each other seamlessly. However, with this increased ...

Leading online broking firms met up with stock exchanges on March 4 to propose guidelines for allowing access to the brokers’ Application Programming Interface (API) for retail players who trade using ...

The Salesloft incident comes on the heels of a broad social engineering campaign that used voice phishing to trick targets into connecting a malicious app to their organization’s Salesforce portal.