heise online

Page 2: The Backend-for-Frontend Pattern: The Architectural Solution

Given the serious security issues with token storage in the browser, a fundamental question arises: Why even try to store access tokens securely in the frontend when you can instead leave them where ...
Dark Reading

When Good Tokens Go Bad

Tokens are an identity's crown jewel for digital authentication and authorization. Whether they are human or machine, and instantiated as API tokens, OAuth credentials, session tokens, or ephemeral ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and codebases.
heise online

No Chance for Token Theft: The Backend-for-Frontend Pattern

The Backend-for-Frontend pattern addresses security issues in Single-Page Applications by moving token management back to the server. Martina Kraus has been involved in web development since her early ...
CSO Online

Klue breach exposed Salesforce CRM data through stolen OAuth tokens

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce ...
Threat Post

Microsoft OAuth Flaw Opens Azure Accounts to Takeover

Some Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover. A vulnerability in the way Microsoft applications use OAuth for third-party ...