BeyondTrust authentication bypass flaws CVE-2026-40138 and CVE-2026-40139, both CVSS 9.2, let unauthenticated attackers seize ...
Talos details ARToken, a PhaaS panel tied to EvilTokens that supports device code phishing, BEC workflows, SharePoint theft, ...
Okta and Microsoft no longer define the CIAM market alone. Five developer-first, passwordless-native, and AI-ready platforms are growing fast by solving the specific problems the incumbents leave ...
Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.
MONITORAPP has been listed for the second consecutive year as a representative vendor in Gartner® Market Guide for ...
Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure. A single malformed character in a web request can ...
Cisco has released security updates to fix a critical vulnerability, tracked as CVE-2026-20223, affecting its Cisco Secure Workload platform. The flaw, which received the maximum CVSS score of 10.0, ...
A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. A hardcoded API key embedded in ClickUp’s public website has ...
A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and credentials to any Entra ID account, researchers said. A high-severity ...
Firefox will soon be able to communicate directly with your 3D printer. Thirteen years after the idea was initially proposed, the Web Serial API has landed in Firefox Nightly, Mozilla's ...