A new cyber threat named 'Evilginx Pro' is causing alarm in the digital world. This advanced phishing tool can easily bypass your account’s Two-Factor Authentication (2FA). Traditional phishing only ...

Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to ...

When it comes to digital safety, setting up an extra layer of security for accounts is heavily recommended. The idea behind this approach, known as multi-factor authentication (MFA), is to ensure that ...

DNS analysis links more than 70 malicious domains to a months-long phishing campaign impersonating U.S. university login portals, including the University of California system and the University of ...

A new downgrade attack designed to bypass FIDO authentication with a “dedicated phishlet” has been discovered by enterprise cybersecurity provider Proofpoint. The adversary-in-the-middle (AiTM) attack ...

Sessions within Entra ID can be hijacked if the correct authentication is disabled. A new attack allows malicious actors to perform a FIDO downgrade and take over accounts. Fortunately for Microsoft, ...

The FIDO standard is generally regarded as secure and user-friendly. It is used for passwordless authentication and is considered an effective means against phishing attempts. However, research ...

As awareness grows around many MFA methods being “phishable” (i.e. not phishing resistant), passwordless, FIDO2-based authentication methods (aka. passkeys) like YubiKeys, Okta FastPass, and Windows ...

Scattered Spider, the ransomware collective believed to be behind recent retail hacks in the UK, including those targeting Marks & Spencer (M&S) and Harrods, has evolved its arsenal to incorporate ...

A previously unknown Kremlin-linked group has conducted cyber-espionage operations against Dutch police, NATO member states, Western tech companies, and other organizations of interest to the Russian ...

Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed ...

Microsoft flags a new Kremlin hacking team buying stolen usernames and passwords from infostealer markets for use in cyberespionage attacks. Microsoft on Tuesday published technical documentation on a ...