1. Ory Hydra consent flow vulnerability: arbitrary logo injection enables cookie exfiltration and clickjacking
A security research disclosure identifies multiple hardening gaps in Ory Hydra's consent and device authorization flows that, if exploited, could expose user credentials and enable UI-based attacks. The most actionable issue involves the consent page template at `consent.html`, which renders a logo specified by the OA...