Impact next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected. A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issu ...
Continue Reading
December 14, 2023
WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer f ...
Continue Reading
December 14, 2023
On May 1, 2023, the Wordfence Threat Intelligence team began the responsible disclosure process for multiple high and critical severity vulnerabilities we discovered in Kirotech’s UserPro plugin, wh ...
Continue Reading
December 14, 2023
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom ur ...
Continue Reading
December 14, 2023
Scanning Danger: Unmasking the Threats of Quishing By Shyava Tripathi, Raghav Kapoor and Rohan Shah · December 07, 2023 Phishing, a prevalent cybercrime worldwide, is responsible for as much as 90 p ...
Continue Reading
December 14, 2023
Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period ...
Continue Reading
December 14, 2023
By Deeba Ahmed Cloud Security Shakeup: Experts Urge Caution as OAuth Becomes Hacker Playground. This is a post from HackRead.com Read the original post: Microsoft: Storm-1283 Sent 927,000 Phishing Ema ...
Continue Reading
December 14, 2023
A flaw was found in Dex, an identity service that uses OpenID Connect to drive authentication for other apps. This issue may allow an attacker to make a victim navigate to a malicious website and guid ...
Continue Reading
December 14, 2023
Back to Main
