AWS VDP: Password Reuse Vulnerability on AWS Sign-in Page via Password Reset Flow leads to Security Policy Violation

Asset URL: ██████ Summary: The AWS sign-in page allows users to reuse old passwords when resetting their password, which violates security best practices outlined in OWASP Authentication Cheat Sheet and NIST 800-63B Digital Identity Guidelines. This misconfiguration could potentially weaken accou...

The price of ChatGPT’s erotic chat? $20/month and your identity

To talk dirty to ChatGPT, you may soon have to show it your driver’s license. OpenAI announced last month that ChatGPT will soon offer erotica—but only for verified adults. That sounds like a clever guardrail until you realize what “verified” might mean: uploading government identification to a...

Your passport, now on your iPhone. Helpful or risky?

Apple has launched Digital ID, a way for users in the US to create and present a government-issued ID in Apple Wallet using their passport information. For now, it works only for identity verification at Transportation Security Administration TSA checkpoints in more than 250 airports. Apple says...

AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI

This paper introduces the Agentic AI Governance Assurance & Trust Engine AAGATE, a Kubernetes-native control plane designed to address the unique security and governance challenges posed by autonomous, language-model-driven agents in production. Recognizing the limitations of traditional...

How the Solid Protocol Restores Digital Agency

The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you've never heard of. These entities collect, store, and trade your...

The Postman: a Journey of Ethical Hacking in PosteID/SPID Borderland

This paper presents a vulnerability assessment activity that we carried out on PosteID, the implementation of the Italian Public Digital Identity System SPID by Poste Italiane. The activity led to the discovery of a critical privilege escalation vulnerability, which was eventually patched. The...

How Postal Code Data Impacts Cybersecurity, Privacy and Fraud Prevention

Postal codes now play a key role in cybersecurity, fraud prevention, and digital identity verification, raising new concerns…...

SpyCloud’s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats

Austin, TX, United States, 19th March 2025, CyberNewsWire...

Apache Syncope Input Validation Error Vulnerability

Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from an input validation error vulnerability that c...

Security Analysis of the EU’s Digital Wallet

A group of cryptographers have analyzed the eiDAS 2.0 regulation electronic identification and trust services that defines the new EU Digital Identity Wallet...

FBI warns online daters to avoid “free” online verification schemes that prove costly

The FBI has warned of fraudsters targeting users of dating websites and apps with “free” online verification service schemes that turn out to be very costly. Instead of being free, as advertised, the verification schemes involve steep monthly subscription fees, and will steal personal information...

COTI and Civic Partner to Give Users Self-sovereignty of Their Digital Identity

By Uzair Amir COTI's V2 confidentiality layer secures Civic's Dynamic DID, empowering users with control over their data and seamless regulatory compliance. This is a post from HackRead.com Read the original post: COTI and Civic Partner to Give Users Self-sovereignty of Their Digital Identity...

Announcing NEW Malwarebytes Identity Theft Protection

We’ve always been committed to keeping you safe and secure online. But these days, cybersecurity isn’t just about defending you from malware; it’s about protecting your—and your family’s—entire digital identity. We know that people are worried. In fact, in our latest report, titled “Everyone’s...

cheqd’s Recent Rollout Focuses on Monetizing Digital Identity

By Owais Sultan The decentralized identity startup, cheqd, unveils Credential Payments, blending financial incentives with self-sovereign identity measures. cheqd, a startup… This is a post from HackRead.com Read the original post: cheqd’s Recent Rollout Focuses on Monetizing Digital Identity...

Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric

In today's digital age, SaaS applications have become the backbone of modern businesses. They streamline operations, enhance productivity, and foster innovation. But with great power comes great responsibility. As organizations integrate more SaaS applications into their workflows, they...

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

The Atlantic Council released a detailed commentary on the White Houses new "Implementation Plan for the 2023 US National Cybersecurity Strategy." Lots of interesting bits. So far, at least three trends emerge: First, the plan contains a somewhat more concrete list of actions than its parent...

LinkedIn and Microsoft Entra introduce a new way to verify your workplace

In the digital world, when you meet professional contacts for the first time online, you need additional trust signals to increase your confidence that they are who they say they are. We’re thrilled to announce that millions of LinkedIn members will be able to verify their place of work with a...

LinkedIn and Microsoft Entra introduce a new way to verify your workplace

In the digital world, when you meet professional contacts for the first time online, you need additional trust signals to increase your confidence that they are who they say they are. We’re thrilled to announce that millions of LinkedIn members will be able to verify their place of work with a...

Why Healthcare Can't Afford to Ignore Digital Identity

Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. — b y Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion o...

5 ways to connect with Microsoft Security at Identiverse 2022

Identiverse is where the industry gathers to discuss all things identity. The 2022 conference will take place June 21 to 24 in Denver, Colorado, and I’m absolutely thrilled that Microsoft will be there. At Identiverse, we’ll share how we help customers secure access in a hybrid, multicloud, and...