Threat Post

Critical Vulnerabilities Affect JSON Web Token Libraries

Critical vulnerabilities exist in several JSON Web Token (JWT) libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Critical vulnerabilities ...
Business Wire

M&A and JWT Are Surprising Sources of API Threats, According to New Wallarm Report

SAN FRANCISCO--(BUSINESS WIRE)--Wallarm, the leading end-to-end API and app security company, today announced the release of its Q2 API ThreatStats™2024 Report. In a continuation of the Q1 ThreatStats ...
Security Boulevard

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload ...
adtmag.com

New Open Source PASETO Library Offers JWT Alternative

Authentication solution provider Okta has launched a new Java developer library designed to streamline the use of Platform Agnostic Security Tokens (PASETOs) and provide an alternative to JSON Web ...
Dark Reading

JsonWebToken Security Bug Opens Servers to RCE

A high-severity vulnerability (CVE-2022-23529) has been discovered in the popular JsonWebToken (JWT) open source encryption project, which could be used by attackers to achieve remote code execution ...
InfoWorld

Critical flaw alert! Stop using JSON encryption

Developers shouldn't use JSON Web Tokens or JSON Web Encryption in their applications at all, lest their private keys get stolen A vulnerability in a JSON-based web encryption protocol could allow ...