{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib4rojfolzrsu3atpdgaoeqvedjcc4nqk5tpeoben7s75vuae6hwm",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mfdgtofvbba2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreie4mngdsaocnj4qfqqmcfdeft26pptjcwl6cnwemlk47spzly43pm"
    },
    "mimeType": "image/jpeg",
    "size": 69257
  },
  "path": "/critical-better-auth-api-key-bypass-enables-account-takeover/",
  "publishedAt": "2026-02-20T19:22:48.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Critical better-auth API Key Bypass Enables Account Takeover",
    "VPN Central"
  ],
  "textContent": "The better-auth API keys plugin contains a critical authentication bypass vulnerability tracked as CVE-2025-61928 that allows unauthenticated attackers to create privileged API keys for any user account. All versions before 1.3.26 suffer from this flaw, affecting 300,000+ weekly npm downloads powering authentication for enterprises including Equinor. ZeroPath’s SAST scanner discovered the issue October 1, 2025 during dependency […]\n\nThe post Critical better-auth API Key Bypass Enables Account Takeover appeared first on VPN Central.",
  "title": "Critical better-auth API Key Bypass Enables Account Takeover"
}