OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

Updated on October 1, 2025

A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances.
The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case of…

Read the rest of the story at Read More

Source: The Hacker News

December 20, 2024 Uncategorized

Sophos Issues Hotfixes for Critical Fire...

April 17, 2025 Uncategorized

CISA Flags Actively Exploited Vulnerabil...

December 4, 2023 Uncategorized

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

Related posts

Sophos Issues Hotfixes for Critical Fire...

CISA Flags Actively Exploited Vulnerabil...

New BLUFFS Bluetooth Attack Expose Devic...

Leave a Comment Cancel reply

Recent News

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild