ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...
IEEE

Enhancing User Authentication: An Approach Utilizing Context-Based Fingerprinting With Random Forest Algorithm

Abstract: In the evolving world of Cyber Attacks, this research presents an innovative approach aimed at fortifying user authentication within the Application Programming Interfaces (APIs) Ecosystem.
The Hacker News

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 ...
Reuters

Shopify resolves login issues that impacted thousands of users on Cyber Monday

Dec 1 (Reuters) - Shopify (SHOP.TO), opens new tab, said it had fixed certain issues related to logging in to the online shopping platform that impacted thousands of customers and several small ...
IEEE

Reinventing Multi-User Authentication Security From Cross-Chain Perspective

Abstract: Blockchain systems encompass many distinct and autonomous entities, each utilizing its own self-contained identity authentication algorithm. Unlike identity authentication within a singular ...
Hacker

Session vs JWT Authentication — How They Work, Key Differences, and Real-World Examples

Your browser does not support the audio element. This story contains AI-generated text. The author has used AI either for research, to generate outlines, or write the ...
Bleeping Computer

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and ...
Forbes

Google Confirms It Has Been Hacked — What User Data Has Been Stolen?

Update, August 9, 2025: This story, originally published on August 7, has been updated with additional information from cybersecurity experts regarding the now confirmed hacking of Google. This ...
GitHub

OAuth users cannot bypass "Authentication Required" Pop-Up

Hi everyone! We have a problem with running a Nextcloud instance where all users log in via OAuth2 using this social login app. For users signed in that way, an "Authentication required" popup appears ...
WTRF.com

SecurityBridge Acquires CyberSafe To Deliver Contextual SSO, MFA And Passwordless Authentication To SAP Users

NEW YORK, NY, UNITED STATES, July 23, 2025 /EINPresswire.com/ -- SecurityBridge, the creator of the Cybersecurity Command Center for SAP, today announced the ...
Mobile ID News

Android to Allow Users to Disable Failed Authentication Lock Security Feature

Android’s security infrastructure is set to become more flexible with upcoming changes to its Failed Authentication Lock feature. The security measure, which debuted in Android 15 alongside enhanced ...