In October, I reported two security issues to Okta’s auth0/nextjs-auth0 project, here and here. The latter bug, an oauth parameter injection, allows for a range of types of abuse, like scoping tokens for unintended services, setting redirect_uri and scope to arbitrary values to leak tokens, and so on.
Recent Stories
Google Now Stuffing Ads Into Its AI Products
The internet search giant recently announced new ad spots companies can buy to bombard users with links to sponsored products.
Jan 15, 2026Is AI’s war on busywork a creativity killer? What the experts say
Tech companies are promising to automate mundane, time-consuming tasks. But these are often the gateway to moments of spontaneous inspiration.
Jan 15, 2026The Dark Side of Hot Seed Rounds in the Age of AI: When Founders Just Keep the Money
A Cautionary Tale from 2025/2026 Here’s something I never thought I’d have to write about, but after watching it happen three times in a single year (really more than that), it’s …