Essential components include Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA). RBAC maps permissions to ...

A travel service, integrated into many airline service providers, carried a security flaw This could be abused to log into people's accounts and change their bookings It has since been reported and ...

OAuth is an open, secure data sharing standard designed to protect user data by providing access to that data, but keeping a user’s identity private. The standard was created in 2006 ...

Bluesky doesn't yet have bookmarks or the ability to save posts to read later. Kyst is a browser extension that adds this ...

API vulnerability in airline-linked travel service exposed millions to account takeovers, booking fraud, and data theft through OAuth flaws.

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is ...

OAuth, short for Open Authorization, provides a framework allowing users to grant third-party applications access to their data without revealing their credentials. Nikhil's work in implementing ...

A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to ...

Relatedly, lots of business-minded webapps use Google's OAuth, i.e. "Sign in with Google." It's a low-friction feedback loop—up until the startup fails, the domain goes up for sale, and somebody ...

SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, ...