Too many people don’t know the difference between OpenID Connect and the OAuth 2.0 specifications. This results in devs publishing insecure apps because they’re using an ID token to secure the API where they should be using an access token. This article helps explain to you the difference.
A researcher has found a vulnerability in the latest version of reCAPTCHA that could let spambots bypass reCAPTCHA fields across millions of sites. The developer has a script that uses Google’s speech recognition API to solve audio challenges associated with the latest version of reCAPTCHA.