<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title>Security on Erwan Joly</title>
    <link>/tags/security/</link>
    <description>Recent content in Security on Erwan Joly</description>
    <generator>Hugo</generator>
    <language>en-us</language>
    <lastBuildDate>Thu, 18 Jun 2026 00:00:00 +0000</lastBuildDate>
    <atom:link href="/tags/security/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Account Pre-Hijacking: Two Variants the Industry Keeps Confusing</title>
      <link>/blog/sso-account-prehijacking/</link>
      <pubDate>Thu, 18 Jun 2026 00:00:00 +0000</pubDate>
      <guid>/blog/sso-account-prehijacking/</guid>
      <description>Account pre-hijacking is not one attack: it&amp;#39;s two, with very different preconditions and severity. Here&amp;#39;s how to tell them apart, why triagers keep getting it wrong, and how to reproduce both from scratch.</description>
    </item>
  </channel>
</rss>
