next-auth is vulnerable to Improper Authorization. A malicious actor could create an empty/mock user by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or ...
Continue Reading14 декабря, 2023
authentik is vulnerable to authentication bypass due to an insufficient PKCE check. The vulnerability is caused by code_verifier step during the OAUTH initialisation flow. Authentik improperly accepts ...
Continue Reading14 декабря, 2023
Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period ...
Continue Reading14 декабря, 2023
Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors ...
Continue Reading14 декабря, 2023
Introduction In July, the GitHub Security Lab team conducted a collaborative review of one of our favorite software pieces. While it's not uncommon for our Security Lab researchers to work togeth ...
Continue Reading14 декабря, 2023
2023 has seen its fair share of cyber attacks, however there's one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an ...
Continue Reading14 декабря, 2023
Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issu ...
Continue Reading14 декабря, 2023
Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks Like the SaaS shadow IT of the past, AI is placing CISOs and cybersecurity teams in a tough but familiar spot. Employees are ...
Continue Reading14 декабря, 2023
Back to Main