OAuth for MCP – Emerging Enterprise Patterns for Agent Authorization
By Thomas Segura TL;DR: OAuth 2.1 is a solid foundation for MCP, but the non-deterministic nature of agent interactions introduce...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Prosper disclosed a data breach impacting 17.6 million accounts
Prosper disclosed a data breach impacting 17.6 million accounts Pierluigi Paganini October 17, 2025 Threat actors stole personal data, including...
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign Pierluigi Paganini October 17, 2025 Microsoft revoked 200+...
PowerSchool hacker got four years in prison
PowerSchool hacker got four years in prison Pierluigi Paganini October 17, 2025 Matthew D. Lane, a Massachusetts student, got four...
Auction house Sotheby’s disclosed a July data breach
Auction house Sotheby’s disclosed a July data breach Pierluigi Paganini October 17, 2025 Sotheby’s reported a July 24 breach exposing...
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with...
Differences Between Secure by Design and Secure by Default
Introduction: The Rising Importance of Proactive Security Okay, so, proactive security – it's kinda a big deal now, right? I...
Evaluating the Best Passwordless Authentication Options
The Rise of Passwordless Authentication: Why Now? Okay, so passwords, right? We all hate 'em, and honestly, they're not even...
Attack Surface Management vs. Vulnerability Management — What’s Changed
For years, vulnerability management (VM) has been a cornerstone of cybersecurity services. Managed Security Providers (MSPs) and Managed Security...
Azure B2C Alternative for Startups
I once spent three solid days chasing a bug in Azure B2C’s custom policy engine — a mismatch in claim...
Samba WINS Command Injection Vulnerability (CVE-2025-10230) Notice
Overview Recently, NSFOCUS CERT detected that Samba released a security update to fix the Samba WINS command injection vulnerability (CVE-2025-10230);...
Identity Security: Your First and Last Line of Defense
Oct 17, 2025The Hacker NewsArtificial Intelligence / Identity Security The danger isn't that AI agents have bad days — it's...
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Oct 17, 2025Ravie LakshmananVulnerability / VPN Security Cybersecurity researchers have disclosed details of a recently patched critical security flaw in...
Microsoft’s Patch Tuesday: 172 Flaws Fixed
Image: EV_Korobov/Adobe Stock Microsoft has released its October 2025 Patch Tuesday updates, addressing 172 security flaws, including six zero-day vulnerabilities....
How Ransomware’s Data Theft Evolution is Rewriting Cyber Insurance Risk Models
When most business leaders think of ransomware, they picture the classic scenario: Hackers encrypt files, demand payment and promise to...
