Security Boulevard

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload ...
The Next Web

Threadsy is first web based Email client to implement Gmail OAuth. No passwords needed! [Updated]

Update: This article originally stated that Threadsy was the first web app to implement Gmail OAuth which was incorrect. That title goes to Etacts. Thready was the first web based email client to ...
The Next Web

Calling all Twitter tool providers to implement OAuth

OAuth has rightly gained lots of popularity these days and even given the current session fixation issues, I’m a strong fan of the delegated access control it promotes and helps implementing. (For ...
JD Supra

Beyond the Perimeter: Securing OAuth Tokens and API Access to Thwart Modern Cyber Attackers

The threat landscape continues to evolve, and cybersecurity professionals must keep pace with threat actors’ changing tactics and objectives. A recent supply attack that reportedly affected hundreds ...
Dark Reading

OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps

A vulnerability in the implementation of the Open Authorization (OAuth) standard that websites and applications use to connect to Facebook, Google, Apple, Twitter, and more could allow attackers to ...
Ars Technica

OAuth and OAuth WRAP: defeating the password anti-pattern

The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It’s a stop-gap solution that will enable broader OAuth adoption while ...