Cloud Security Alliance

Reimagining the Browser as a Critical Policy Enforcement Point: A Zero Trust Security Architecture for Modern Enterprises

Explores turning the browser into a policy enforcement point within a Zero Trust framework, covering governance, MFA, device ...
Security Boulevard

Session-Based Authentication vs Token-Based Authentication: Key Differences Explained

Detailed comparison of session-based and token-based authentication for enterprise SSO. Learn about scalability, security, and CIAM best practices.
CSO Online

Five Chrome extensions caught hijacking enterprise sessions

Malicious Chrome extensions posing as productivity tools were found stealing session tokens, blocking security controls, and ...
The Hacker News

Why Secrets in JavaScript Bundles are Still Being Missed

Scanning 5M apps uncovered 42K exposed secrets in JavaScript bundles, revealing major gaps in traditional SAST, DAST, and ...
The Silicon Review

n8n Supply Chain Attack Steals OAuth Tokens Via Nodes

A supply chain attack on n8n injected malicious community nodes to steal user OAuth tokens, highlighting critical risks in ...

Credential-stealing Chrome extensions target enterprise HR platforms

Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP ...
Security Info Watch

From Malicious to Manipulated: How AI Is Redefining Insider Threat Detection

Insider threats increasingly stem from compromised, careless, or fabricated identities. AI is emerging as the critical ...
CSO Online

Flaws in Chainlit AI dev framework expose servers to compromise

Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow ...
Security Boulevard

Driving Passwordless Adoption with FIDO and Biometric Authentication

Driving Passwordless Adoption with FIDO and Biometric Authentication - 06:13 For decades, passwords have been the default ...
SecurityWeek

Chainlit Vulnerabilities May Leak Sensitive Information

Vulnerabilities in Chainlit could be exploited without user interaction to exfiltrate environment variables, credentials, ...
The Hacker News

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Five fake Chrome extensions impersonate Workday and NetSuite to steal cookies, block admin controls, and hijack sessions for ...

ConsentFix debrief: Insights from the new OAuth phishing attack

ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push ...