Security News

The newly expanded Facebook bug bounty program sniffs out access token exposure flaws.

A GitHub API token leaked from Homebrew’s Jenkins provided a security researcher with access to core Homebrew software repositories (repos). read more

Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account...

Following the compromise of an ESLint maintainer’s account last week, malicious packages that attempted to steal login tokens from the npm software registry were published without authorization. read more

But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas BienstockJust one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a...

USB gizmo biz apologies amid infosec drama Yubico has apologized to a security vulnerability researcher who had complained the dongle peddler lifted his work to nab a $5,000 Google bug bounty.…

The Pixelbook's power button is a 2FA token, which is great, and almost nobody noticed, which isn't.

Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a...

Again some bad news for cryptocurrency users. Tether, a Santa Monica-based start-up that provides a dollar-backed cryptocurrency tokens, has claimed that its systems have been hacked by an...

GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have opened its users up to session hijacking attacks.