Latest News

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential…

Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working…

A list of topics we covered in the week of May 12 to May 18 of 2025

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail…

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US…

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.

**Overview** Session cookies of applications using the laravel-auth0 SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. **Am I Affected?** You are affected by this vulnerability if you meet the following pre-conditions: 1. Applications using laravel-auth0 SDK with version <=7.16.0 2. laravel-auth0 SDK uses the Auth0-PHP SDK with version 8.0.0-BETA1 or higher and below 8.14.0. 3. Session storage configured with CookieStore. **Fix** Upgrade Auth0/laravel-auth0 to v7.17.0. As an additional precautionary measure, we recommend rotating your cookie encryption keys. Note that once updated, any previous session cookies will be rejected. **Acknowledgement** Okta would like to thank Félix Charette for discovering this vulnerability.

**Overview** Session cookies of applications using the Auth0 Wordpress plugin configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. **Am I Affected?** You are affected by this vulnerability if you meet the following pre-conditions: 1. Applications using the Auth0 WordPress Plugin with version <=5.2.1 2. Auth0 WordPress Plugin uses the Auth0-PHP SDK with version 8.0.0-BETA1 or higher and below 8.14.0. 3. Session storage configured with CookieStore. **Fix** Upgrade Auth0/wordpress plugin to v5.3.0. As an additional precautionary measure, we recommend rotating your cookie encryption keys. Note that once updated, any previous session cookies will be rejected. **Acknowledgement** Okta would like to thank Félix Charette for discovering this vulnerability.

**Overview** Session cookies of applications using the Auth0 symfony SDK configured with CookieStore have authentication tags that can be brute forced, which may result in unauthorized access. **Am I Affected?** You are affected by this vulnerability if you meet the following pre-conditions: 1. Applications using the Auth0 symfony SDK with version <=5.3.1 2. Auth0/Symfony SDK uses the Auth0-PHP SDK with version 8.0.0-BETA1 or higher and below 8.14.0. 3. Session storage configured with CookieStore. **Fix** Upgrade Auth0/symfony to v5.4.0. As an additional precautionary measure, we recommend rotating your cookie encryption keys. Note that once updated, any previous session cookies will be rejected. **Acknowledgement** Okta would like to thank Félix Charette for discovering this vulnerability.

Plus: 12 more people are indicted over a $263 million crypto heist, and a former FBI director is accused of threatening Donald Trump thanks to an Instagram post of seashells.