The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.
Threat Post

SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits

There is a way to protect users from deceptive OAuth apps, misconfigurations and misappropriated user permissions. SaaS Security Posture Management (SSPM) takes an automated approach to tracking, and ...
Infosecurity-magazine.com

API Security Flaw Found in Booking.com Allowed Full Account Takeover

Several security flaws have been found in the implementation of the Open Authorization (OAuth) social-login feature used by the online travel agency Booking.com. The vulnerabilities discovered by Salt ...