Security News

Facebook is expanding its bug bounty program to include vulnerabilities in third-party apps and websites that involve improper exposure of Facebook user access tokens. What’s in scope? “Access...

Facebook announced on Monday that it has expanded its bug bounty program to introduce rewards for reports describing vulnerabilities that involve the exposure of user access tokens. read more

The newly expanded Facebook bug bounty program sniffs out access token exposure flaws.

A GitHub API token leaked from Homebrew’s Jenkins provided a security researcher with access to core Homebrew software repositories (repos). read more

Krebs on Security is reporting that all 85,000 Google employees use two-factor authentication with a physical token. A Google spokesperson said Security Keys now form the basis of all account...

Following the compromise of an ESLint maintainer’s account last week, malicious packages that attempted to steal login tokens from the npm software registry were published without authorization. read more

But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas BienstockJust one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a...

USB gizmo biz apologies amid infosec drama Yubico has apologized to a security vulnerability researcher who had complained the dongle peddler lifted his work to nab a $5,000 Google bug bounty.…

The Pixelbook's power button is a 2FA token, which is great, and almost nobody noticed, which isn't.

Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a...