Explore how the Cyberhaven attack exposes the dangers of 'consent phishing', a tactic that bypasses even robust security ...

Bluesky doesn't yet have bookmarks or the ability to save posts to read later. Kyst is a browser extension that adds this ...

SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, ...

By abusing the flaw, they would be able to book hotel rooms, rent cars, and modify any booking information, easily. To make ...

The do’s and don’ts of implementing an authentication process that provides strong security without irritating your users.

API vulnerability in airline-linked travel service exposed millions to account takeovers, booking fraud, and data theft ...

Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has ...

Update, Jan. 16, 2025: This story, originally published Jan. 15, now includes a statement from Google and further clarification of the initial response to the researcher’s findings, as well as ...

and that businesses should make sure they're not leaving sensitive information behind Researchers propose additional safeguards Experts have found a vulnerability in Google’s OAuth “Sign in ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is ...

Relatedly, lots of business-minded webapps use Google's OAuth, i.e. "Sign in with Google." It's a low-friction feedback loop—up until the startup fails, the domain goes up for sale, and somebody ...