By abusing the flaw, they would be able to book hotel rooms, rent cars, and modify any booking information, easily. To make ...

API vulnerability in airline-linked travel service exposed millions to account takeovers, booking fraud, and data theft ...

OAuth is an open, secure data sharing standard designed to protect user data by providing access to that data, but keeping a user’s identity private. The standard was created in 2006 ...

Bluesky doesn't yet have bookmarks or the ability to save posts to read later. Kyst is a browser extension that adds this ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is ...

Explore how the Cyberhaven attack exposes the dangers of 'consent phishing', a tactic that bypasses even robust security ...

A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to ...

Relatedly, lots of business-minded webapps use Google's OAuth, i.e. "Sign in with Google." It's a low-friction feedback loop—up until the startup fails, the domain goes up for sale, and somebody ...

SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, ...