techtimes

Cloudflare OAuth Opens to All Developers After Zero-Downtime Hydra Upgrade

Cloudflare ended years of partner-only restrictions on Wednesday, opening self-managed OAuth 2.0 to every developer on its platform. The move eliminates the manual onboarding process that previously ...
InfoWorld

How fuzzy APIs are remaking the web

With the advent of AI-mediated APIs, the era of manually hard-coding every integration between every microservice may be ...
CSOonline

Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol

Organizations that delayed retiring the legacy IKEv1 VPN protocol are now facing an actively exploited authentication bypass flaw that Check Point says has already been leveraged in ransomware-linked ...
TechRepublic

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. A hardcoded API key embedded in ClickUp’s public website has ...
The Next Web

The passwordless future is years away. Here is what businesses should do now

Every year since roughly 2018, the cybersecurity industry has declared that passwords are dying. Passkeys, biometrics, and FIDO2 hardware tokens would replace them. The promise was elegant: no more ...
Microsoft

Announcing General Availability (GA) of building single-page applications for Power Pages

We are excited to announce the general availability of support for single-page applications (SPAs) with Power Pages, starting with site version 9.8.1.x and later. With this release, you can build ...
thecyberexpress

AI-Coded Moltbook Platform Exposes 1.5 Mn API Keys Through Database Misconfiguration

Viral social network “Moltbook” built entirely by artificial intelligence leaked authentication tokens, private messages and user emails through missing security controls in production environment.
Security Boulevard

API Authentication Methods Explained: API Keys, OAuth, JWT & HMAC Compared

Ever wonder why a single api leak can tank a company's stock? (Will data breaches impact company stock price?) In the enterprise, authentication isn't just a "lock"—it's the foundation of your entire ...
cybernews

Code that works can also be malware: this WhatsApp API is stealing messages

A popular WhatsApp library trusted by tens of thousands of developers was quietly spying on messages, contacts, and credentials, maintaining access even after being uninstalled. For more than six ...
The Hacker News

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every ...
Bleeping Computer

Malicious npm package steals WhatsApp accounts and messages

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. A fork of ...
GIGAZINE

Let's Encrypt details changes to certificate issuance, including new certificate chains, removal of Client Authentication EKU, and shorter certificate validity periods.

Let's Encrypt has announced details of its overall policy regarding certificates issued going forward, including 'certificate chain renewal,' 'removal of TLS client authentication EKU (Enhanced Key ...