Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...
SiliconANGLE

Intruder releases free tool to detect broken API authorization

Attack surface management company Intruder Solutions Ltd. today announced the launch of AutoSwagger, a free, open-source tool that scans OpenAPI-documented application programming interfaces for ...
Security Boulevard

Understanding Implicit Identity Authentication Methods

A deep dive into implicit identity authentication methods for software development, covering oauth 2.0 flows, security risks, and modern alternatives for single-page applications.
Business Wire

Motive and Telefónica Advance GSMA Open Gateway Initiative, Jointly Showcasing Revenue Potential Through API-Based Phone Number Verification

MADRID--(BUSINESS WIRE)--Motive and Telefónica have successfully completed a proof of concept (PoC) showcasing seamless authentication using GSMA Open Gateway’s Number Verification API. Debuted at the ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
Security Boulevard

What are Refresh Tokens? Complete Implementation Guide & Security Best Practices

Learn how refresh tokens work in enterprise SSO. This guide covers implementation, rotation, and security best practices for CIAM systems.