What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
GitHub

auth-js has a new home

Nothing changed! You can continue using @supabase/auth-js as normal. Nothing has changed in the way the package is published!
IEEE

PRIDA-ME: A Privacy-Preserving, Interoperable and Decentralized Authentication Scheme for Metaverse Environment

Abstract: The metaverse is a new virtual world that has the potential to significantly impact our interactions with digital content and with each other. It is a shared virtual environment where users ...
Bleeping Computer

Hackers exploit critical telnetd auth bypass flaw to get root

A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. The security issue is ...
The Hacker News

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls.
The Hacker News

Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access

A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 ...