The Hacker News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.
Security Boulevard

SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know

Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today.
Computer Weekly

Salt Labs identifies OAuth security flaw within Booking.com

Critical security flaws in Booking.com’s implementation of Open Authorization (OAuth) could have enabled attackers to launch large-scale account takeovers, putting millions of people’s sensitive ...
Dark Reading

OAuth Flaw Exposed Millions of Airline Users to Account Takeovers

A vulnerability that exposed millions of airline customers to potential account takeovers has highlighted the significant risks organizations face from misconfigured OAuth authentication processes.
Hosted on MSN

Enterprise authentication shifts from VPNs to multi-protocol strategies

Enterprise authentication strategies are moving away from reliance on traditional VPNs and passwords toward multi-protocol approaches that combine SAML, OIDC, OAuth 2.0, and MFA. Studies show ...