Information security
fromThe Hacker News
1 day agoOneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
A OneLogin IAM vulnerability (CVE-2025-59363) exposes OIDC client secrets to attackers with valid API credentials, enabling application impersonation and lateral movement.