Explore how the Cyberhaven attack exposes the dangers of 'consent phishing', a tactic that bypasses even robust security ...

Bluesky doesn't yet have bookmarks or the ability to save posts to read later. Kyst is a browser extension that adds this ...

SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, ...

By abusing the flaw, they would be able to book hotel rooms, rent cars, and modify any booking information, easily. To make ...

The do’s and don’ts of implementing an authentication process that provides strong security without irritating your users.

API vulnerability in airline-linked travel service exposed millions to account takeovers, booking fraud, and data theft ...

Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has ...

Ayrey is also a rising star in the bug-hunting world. Last week at security conference ShmooCon, he gave a talk on a flaw he found with Google OAuth, the tech behind “Sign in with Google,” which ...

Update, Jan. 16, 2025: This story, originally published Jan. 15, now includes a statement from Google and further clarification of the initial response to the researcher’s findings, as well as ...

and that businesses should make sure they're not leaving sensitive information behind Researchers propose additional safeguards Experts have found a vulnerability in Google’s OAuth “Sign in ...

Researchers have discovered a flaw in Google’s OAuth system that could allow attackers to access potentially sensitive data from former employee accounts at defunct startups. Google’s OAuth is ...