Apple details new Safari, Location Services, Sign in with Apple privacy features
Apple has updated its privacy pages on Wednesday and shared three new white papers and tech briefs on how Safari, Location Services, and Sign in with Apple protect user …
As more companies deploy cloud apps, they must also implement security tools
86% of enterprises have deployed cloud-based tools, but only 34% have implemented single sign-on (SSO), one of the most basic and critically important cloud security tools, …
How passwords paved the way for new technology
On July 15 we lost a major contributor to modern-day IT security – Dr. Fernando Corbato, the inventor of the password. Back in the early 1950s, computers could only do …
Researcher releases PoC code for critical Atlassian Crowd RCE flaw
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …
Apple debuts privacy-minded “Sign in with Apple” SSO
Among the many news shared during Apple’s annual developer conference there’s one that stands out: the introduction of “Sign in with Apple”. About the …
The ultimate fallout from the Facebook data breach could be massive
Less than a week ago, Facebook announced that unknown attackers have managed to string together three bugs affecting the social media platform, which allowed them to steal …
The single sign-on account hijacking threat and what can we do about it?
Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …
Azure AD Connect vulnerability allows attackers to reset admin passwords
A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft …
OneLogin suffers data breach, again
OneLogin, a popular single sign-on service that allows users to access thousands of popular cloud-based apps with just one password, has suffered what seems to be a serious …
Microsoft users can ditch password-based logins for phone sign-in 2FA
Microsoft added a new feature to its authenticator app, allowing users to sign into their Microsoft account without having to enter their password. “With phone sign-in, …
OAuth2.0 implementation flaw allows attackers to pop Android users’ accounts
Incorrect OAuth2.0 implementation by third party mobile app developers has opened users of those apps to account compromise, three researchers from the Chinese University of …
OneLogin breached, customers’ Secure Notes compromised
San Francisco-based OneLogin, which offers single sign-on and identity management for cloud-based applications and claims 1400+ enterprise customers in 44 countries, has …
Featured news
Resources
Don't miss
- What vibe hunting gets right about AI threat hunting, and where it breaks down
- Health insurance lead sites sell personal data within seconds of form submission
- Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
- Acrobat Reader zero-day exploited in the wild for many months
- AI agent intent is a starting point, not a security strategy