The Hacker News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

CVE-2025-59363 "allowed attackers with valid API credentials to enumerate and retrieve client secrets for all OIDC ...

The Identity Layer Is The New Perimeter: Why Detection Must Go Beyond Endpoints

We know how to secure the identity layer. Actually doing it, however, continues to challenge organizations of all sizes.