Okta

Okta
Okta

Next.js CVE-2025-29927

On March 21, 2025, Vercel disclosed a critical security vulnerability (CVE-2025-29927) which makes it possible to bypass authorization checks within a Next.js application if the authorization check occurs in middleware. Note: The Okta service is not affected by this vulnerability.
Okta

Okta Social Engineering Impersonation Report - Response and Recommendation

Okta has identified an increase in phishing social engineering attempts. This report provides guidance on what you can expect when getting technical assistance from Okta Support, or contact from Okta.
Okta

Detecting Cross-Origin Authentication Credential Stuffing Attacks

Summary Okta has determined that the cross-origin authentication feature in Customer Identity Cloud (CIC) is prone to being targeted by threat actors orchestrating credential-stuffing attacks. As part of our Okta Secure Identity Commitment and commitment to customer security, we routinely monitor and review potentially suspicious activity and proactively send notifications to customers. In this case, we have proactively notified the customers we identified that have this feature enabled, and...