The Hacker News

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
The Hacker News

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

Salesforce disabled Klue Battlecards integration after attackers used compromised OAuth tokens to access customer CRM data ...
Developer Tech

JetBrains marketplace malware exposes developer API keys

Security researchers identified a coordinated malware campaign within the JetBrains Marketplace designed to exfiltrate ...
techtimes

ServiceNow Data Breach: Gated Advisory Left Customers Unaware of Exploited Zero-Auth API

Enterprise security teams are auditing logs and rotating credentials this week after ServiceNow confirmed that attackers successfully queried sensitive customer instance data through an ...
Security Boulevard

Your MCP Server Is a Resource Server Now. Act Like It.

TL;DR — Without an identity layer, AI agents accessing enterprise tools create real exposure: data exfiltration through unscoped access, audit failures when no one can trace which user authorized ...
TechRepublic

6 Best Open Source IAM Tools in 2026

Open-source IAM tools offer free, secure access management. Explore the six best IAM solutions for strong authentication. Identity access management (IAM) tools, crucial for cybersecurity, have become ...
Security Boulevard

The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM

When Twilio announced its acquisition of Stytch yesterday (on October 30, 2025), it sent ripples through the developer community. But this isn't just another tech acquisition story. This is about a ...
GitHub

Simple Keycloak Guard for Laravel

️ I`m building an API with Laravel. ️ I will not use Laravel Passport for authentication, because Keycloak Server will do the job. ️ The frontend is a separated project. ️ The frontend users ...