The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.
Security

Salt Security enhances API security platform with OAuth protection package

PALO ALTO, Calif., April 25, 2024 -- Salt Security today announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities ...
Security Boulevard

SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know

Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today.

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...