#openid-connect

[ follow ]
#onelogin #cve-2025-59363 #client-secrets #iam-security #zero-trust #cicd #devsecops #cybersecurity
Information security
fromThe Hacker News
1 day ago

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

A OneLogin IAM vulnerability (CVE-2025-59363) exposes OIDC client secrets to attackers with valid API credentials, enabling application impersonation and lateral movement.
DevOps
fromDevOps.com
4 months ago

Why CI/CD Pipelines Break Zero-Trust: A Hidden Risk in Enterprise Automation - DevOps.com

Zero-trust principles must be applied in CI/CD pipelines to ensure comprehensive security by verifying both job identity and runtime trust.
[ Load more ]