A newly discovered vulnerability in password reset mechanisms allows attackers to hijack user accounts by manipulating password reset links. This “Password Reset Poisoning” attack exploits improper reliance on user-supplied HTTP headers, allowing attackers to redirect reset requests. Effective mitigations include server-side domain validation, maintaining allowlists, and regular security audits to prevent exploitation and protect sensitive information.
Major US healthcare data provider hit by data breach – over 5 million patients affected, here’s what we know
Healthcare data firm Episource has confirmed a cyberattack in January 2025, resulting in the loss of data for over five million people, including health plans,
