The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
Dark Reading

1Password Launches Unlock With Single Sign-On for OIDC-Supported Identity Providers

TORONTO, June 28, 2023 /PRNewswire/ -- 1Password, the leader in human-centric security and privacy, today announced the availability of Unlock with Single Sign-On (SSO) for additional identity ...
Opinion
Morning Overview on MSNOpinion

OpenAI says the TanStack breach reached two employee devices but did not compromise user data or production systems

Two developer workstations inside OpenAI installed compromised versions of the popular open-source TanStack library after an attacker hijacked the project’s automated publishing pipeline, the company ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
SDxCentral

StarlingX 12 release adds OIDC support, sharpens edge cloud management

The open source StarlingX project announced its 12.0 release. The project’s cloud infrastructure software stack bundles components such as Kubernetes, Linux, and optional OpenStack into a single ...
ZDNet

Identity standards group expands certification program

In its efforts to maximize interoperability, trust and security among adopters of OpenID Connect identity protocols, the OpenID Foundation revealed this week newly certified tools that support ...