Security Boulevard

Your API Has Authorization Bugs. Hadrian Finds Them.

Authorization vulnerabilities are the most common critical finding in our API penetration tests. We find them on nearly every ...
Dark Reading

When Good Tokens Go Bad

Tokens are an identity's crown jewel for digital authentication and authorization. Whether they are human or machine, and instantiated as API tokens, OAuth credentials, session tokens, or ephemeral ...
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
CSOonline

What you need to know about the new OWASP API Security Top 10 list

According to a report released by Akamai earlier this year, API calls now represent 83% of all web traffic. Web-enabled applications already have 40% of their attack surface in the form of APIs ...
ZDNet

Cyota gives RSA token-less authentication

RSA Security's proposed acquisition of privately held Cyota will allow the company to offer a relatively cheap two factor, non token-based authentication system for its banking customers. RSA is ...
Business Wire

VeriSign Licenses Mobile Tokens and Mobile Authentication Services from Diversinet

As a leading mobile authentication service provider, Diversinet provides its customers with cost effective, mobile-optimized strong authentication products and services that reduce identity theft and ...
Infosecurity-magazine.com

Comment: Two-factor Authentication – World of the Token Necklace

Security breaches are on the up – we all know that – and they are set to get worse. In order to interact with suppliers online, organizations will be expected to have stronger authentication, which is ...