Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
Bleeping Computer

Microsoft to secure Entra ID sign-ins from script injection attacks

Microsoft plans to enhance the security of the Entra ID authentication system against external script injection attacks starting in mid-to-late October 2026. This update will implement a strengthened ...