A travel service, integrated into many airline service providers, carried a security flaw This could be abused to log into ...

Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has ...

Explore how the Cyberhaven attack exposes the dangers of 'consent phishing', a tactic that bypasses even robust security ...

Bluesky doesn't yet have bookmarks or the ability to save posts to read later. Kyst is a browser extension that adds this ...

API vulnerability in airline-linked travel service exposed millions to account takeovers, booking fraud, and data theft ...

OAuth is an open, secure data sharing standard designed to protect user data by providing access to that data, but keeping a user’s identity private. The standard was created in 2006 ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is ...

OAuth, short for Open Authorization, provides a framework allowing users to grant third-party applications access to their data without revealing their credentials. Nikhil's work in implementing ...

A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to ...

While crucial, the existing OWASP Top 10 lists don't properly address the unique challenges NHIs present. Being the critical ...

SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, ...