Emerging Issue Briefing Replay: Newly Discovered Weaknesses Put Web-Based Authentication at Risk
A newly disclosed vulnerability class has emerged caused by a weakness in the underlying standards for OAuth 2.0, OpenID Connect and FAPI. Despite being discovered months ago, these new “audience-injection” vulnerabilities only came out of embargo on April 25 and haven't gotten much attention. Things will get complicated because this isn't a vulnerability in a single library, but rather the standards that individual library developers adhere to.
In this briefing, Jake Williams details the underlying issues, explains why security teams should be prioritizing this and provides steps to take, specifically from a third-party risk management perspective.
Request your free content download
Find similar resources
Incident Briefing: DeepSeek Disrupts the AI Market


Incident Briefing: Hacker Claims Theft of 6M Records from Oracle Cloud
On March 21, cybersecurity company CloudSEK discovered a threat actor claiming to be selling six million data records stolen from Oracle's cloud federated SSO login servers. Join IANS Faculty member Jake Williams as he discusses what we know and don’t know about this incident and the "so what?" for CISOs to communicate.

Emerging Issue Briefing Replay: Adapting to a Shifting Government Approach to Cyber
Changes in U.S. government spending are impacting cybersecurity for the private sector. This briefing breaks down actions that organizations can take to mitigate some government changes, including enhancing in-house threat intelligence analysis and reporting, preparing for regulatory changes, and preparing for increasingly likely hacktivism attacks.
