Skip to content
The Nexus
DossierENTITY

OpenID Connect

Coverage of OpenID Connect in the Nexus archive.

Earliest in view: May 21 · 19:54 UTCMost recent: Jun 30 · 11:18 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 30 · 11:18 UTCTHE HACKER NEWS
    Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

    Attackers are exploiting a critical authentication bypass vulnerability (CVE-2026-48558) in SimpleHelp to deploy two new malware families, TaskWeaver and Djinn Stealer. The vulnerability impacts the OpenID Connect (OIDC) flow, allowing unauthenticated access.

  • SECURITYMay 21 · 19:54 UTCTHE REGISTER
    Npm registry sets stage for more secure package publishing

    GitHub has implemented staged publishing for npm packages, requiring maintainer approval via two-factor authentication before packages become publicly available. This security measure aims to prevent compromised packages from poisoning the software supply chain by addressing the vulnerability of automated workflows that rely on tokens. The feature, discussed since 2020, works alongside trusted publishing using OIDC authentication to improve overall package security.

OpenID Connect · Dossier · The Nexus