Security Boulevard

Understanding WS-Trust: A Guide to Secure Token Exchange

Deep dive into WS-Trust for enterprise identity. Learn about STS, token exchange, and secure SSO integration for modern B2B platforms.
Bleeping Computer

Auth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects

Update 1/31/23: Auth0 has withdrawn their security advisory on the JsonWebToken poisoning attack disclosed by Palo Alto Networks earlier this month. "After review and validation of community feedback ...
Infosecurity-magazine.com

Researchers Find Security Flaw in JsonWebToken Library Used By 20,000+ Projects

A new high-severity vulnerability has been found in the popular JsonWebToken open-source JavaScript package. By exploiting the flaw, an attacker could perform remote code execution (RCE) on a server ...
Dark Reading

Popular WAFs Subverted by JSON Bypass

Web application firewalls (WAFs) from five major vendors are vulnerable to malicious requests that use the popular JavaScript Object Notation (JSON) to obfuscate database commands and escape detection ...