Passwordstate 9.9 fixes authentication bypass flaw on August 28, 2025, adding clickjacking defenses for 29,000 customers.

CCP shared a blog to discuss progress and updates in their long-term goals to improve the ESI API system for EVE Online's ...

Additionally, an API is vulnerable to attack if the API key is the only authentication material, as it can be obtained by criminals as well. How to Prevent Broken Authentication Developers and ...

At Black Hat USA 2025, Dirk-jan Mollema showed how low-privilege cloud accounts can be turned into hybrid admins, bypassing ...

Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible.

Both authentication and authorization are crucial for API security. Without proper authentication, you can't be sure who is trying to access your APIs. Without proper authorization, you can't control ...

In addition, according to Salt Security’s March API security report, 78% of API-related attacks came from attackers who maliciously achieved legitimate-seeming authentication.

Many API authentication measures are easily exploitable. For example, some APIs use API keys or tokens to authorize client access to datasets.

A look at the recently released YubiKey 5 hardware authenticator series and how web authentication with the new WebAuthn API leverages devices like the YubiKey for painless website registration and ...

“Everyone feels the need to write a custom authentication protocol” says George Reese, which he claims is one of the things he learnt working on a programming API for cloud providers and Saas ...