authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 ...
Continue Reading
July 24, 2025
authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 ...
Continue Reading
July 24, 2025
Summary Deactivated users that had either enrolled via OAuth/SAML or had their account connected to an OAuth/SAML account can still partially access authentik even if their account is deactivated. The ...
Continue Reading
July 22, 2025
Summary An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /o ...
Continue Reading
July 21, 2025
Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race ...
Continue Reading
July 21, 2025
A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes ...
Continue Reading
July 21, 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that's designed to deliver a malware codenamed LAMEHUG. "An obvious feature of LAME ...
Continue Reading
July 20, 2025
OAuth Dynamic Client Registration allows for various metadata fields such as 'client_name', 'website_uri' during the registration process. When the OAuth server accepts permissive ...
Continue Reading
July 18, 2025
Back to Main
