The Hacker News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

CVE-2025-59363 "allowed attackers with valid API credentials to enumerate and retrieve client secrets for all OIDC applications within an organization's OneLogin tenant," Clutch Security said in a ...

It’s even easier for Google’s AI agent to code for you.

Previously, Google’s AI coding agent Jules was accessible on GitHub or its website. Now, developers can access it directly in their terminal using a new command line interface or in tools like Slack ...
ADTmag

The Worm That Ate JavaScript: Inside the Shai-Hulud Supply Chain Attack

The JavaScript development community faced one of its most sophisticated supply chain attacks in September, when a self-replicating worm infiltrated the npm registry and compromised more than 180 ...