According to recent research on employee offboarding, 70% of IT professionals say they've experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident ...
Continue Reading
December 14, 2023
mattermost is vulnerable to Open Redirect. The vulnerability is caused due to a missing validation at redirect URL parameter. The application fails to validate the custom URL scheme /oauth/{service}/m ...
Continue Reading
December 14, 2023
Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period ...
Continue Reading
December 14, 2023
Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm Gi ...
Continue Reading
December 14, 2023
Summary Watson Machine Learning Accelerator on Cloud Pak for Data had an internal dependency on Grafana. Grafana dependency is now removed. Grafana component is no longer used or shipped with Watson M ...
Continue Reading
December 14, 2023
next-auth is vulnerable to Improper Authorization. A malicious actor could create an empty/mock user by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or ...
Continue Reading
December 14, 2023
NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could cre ...
Continue Reading
December 14, 2023
Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate ...
Continue Reading
December 14, 2023
Back to Main
