Securing

Upcoming changes in EU online payments and what they mean for security

Wojciech Dworakowski — Wed, 03 Dec 2025 11:51:00 +0000

The EU is introducing major updates to online payment regulations, including PSD3, PSR, Verification of Payee, Instant Payments and eIDAS. This article explains what these changes require and how they will impact mobile onboarding, transaction authorization and fraud prevention across financial systems.

The post Upcoming changes in EU online payments and what they mean for security appeared first on Securing.

From the AI Red Teaming Diary – Example LLM Vulnerabilities in Real-World Applications

Dawid Nastaj — Tue, 28 Oct 2025 13:18:00 +0000

Have you ever wondered what real-world security issues pentesters report during tests of LLM-based applications and AI Red Teaming processes? In this article, I will present five interesting vulnerabilities that I identified during testing LLM applications for companies in the banking, healthcare, finance, and logistics industries. You will also learn how to prevent these types of security issues.

The post From the AI Red Teaming Diary – Example LLM Vulnerabilities in Real-World Applications appeared first on Securing.

Identity Broker case study: How to prevent tenant isolation vulnerabilities with Okta’s Account Auto-Link

Natalia Trojanowska-Korepta — Thu, 14 Aug 2025 06:30:00 +0000

Discover how misconfigured Account Auto-Link in Okta can break Software-as-a-Service tenant isolation and learn how to configure Okta as an Identity Broker in a secure way.

The post Identity Broker case study: How to prevent tenant isolation vulnerabilities with Okta’s Account Auto-Link appeared first on Securing.

Mifare Classic cards security

Bartosz Klinowski — Fri, 04 Jul 2025 02:08:00 +0000

Mifare Classic cards are still widely used around the world. They are employed in public transportation, parking facilities, hotels, access control systems, and more. In this article, I will focus on how 1 kB Mifare Classic cards work, along with the associated security-related issues.

The post Mifare Classic cards security appeared first on Securing.

Transaction Authorization Pitfalls – How to improve the current payment ecosystem to protect users and businesses?

Wojciech Dworakowski — Tue, 24 Jun 2025 13:02:00 +0000

Common pitfalls, attack techniques, and overlooked design decisions that weaken payment security. This article is based on 20+ years of field experience, real-life fraud cases, and countless security reviews across banking and fintech systems.

The post Transaction Authorization Pitfalls – How to improve the current payment ecosystem to protect users and businesses? appeared first on Securing.

Next.js-based Application Security Insights

Dawid Nastaj — Fri, 06 Jun 2025 12:42:02 +0000

Next.js can be an interesting choice when building your new full-stack application. What should you keep in mind when doing so from the security perspective? In this article, I will highlight common mistakes that may occur when writing code with Next.js framework. Moreover, you will find out how I discovered CVE-2023-48309 in the NextAuth.js, Next.js-compatible authentication library.

The post Next.js-based Application Security Insights appeared first on Securing.

Threats to consider when integrating Digital ID solutions into your organization

Szymon Chadam — Tue, 03 Jun 2025 09:27:51 +0000

This article aims to help you gain a better understanding of the threat surface associated with integrating Digital ID solutions into your organization.

The post Threats to consider when integrating Digital ID solutions into your organization appeared first on Securing.

Red Team stories – Bypassing RFID-based access control systems

Julia Zduńczyk — Wed, 14 May 2025 07:02:07 +0000

During our Red Team physical security tests, we frequently encounter RFID-based access control systems that are surprisingly easy to bypass. From cloning cards to exploiting misconfigurations, these real-world cases reveal how attackers can move from lobby to server room unnoticed.

The post Red Team stories – Bypassing RFID-based access control systems appeared first on Securing.

Which IAM SaaS architecture is for you – exploring IAM architectures in Software-as-a-Service solutions

Natalia Trojanowska-Korepta — Tue, 13 May 2025 09:52:30 +0000

An in-depth exploration of common Software-as-a-Service (SaaS) architectures from the perspective of Identity and Access Management (IAM), including a comprehensive threat model focused on multitenancy.

The post Which IAM SaaS architecture is for you – exploring IAM architectures in Software-as-a-Service solutions appeared first on Securing.

Public clouds are secure by default… but not necessarily in your case

Łukasz Bobrek — Thu, 17 Apr 2025 15:34:09 +0000

Is it true that the public cloud is not secure by default? In this article, we will discuss the security of individual public cloud services considering the broader context.

The post Public clouds are secure by default… but not necessarily in your case appeared first on Securing.