The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Device code phishing targets 340+ Microsoft 365 orgs since Feb 2026 via OAuth abuse, enabling persistent token hijacking and ...
Hosted on MSN

Those security codes you ask to receive via text leave your accounts vulnerable. Do this instead

Do you receive login security codes for your online accounts via text message? These are the six- or seven-digit numbers sent via SMS that you need to enter along with your password when trying to ...
TechRepublic

Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions

Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions Your email has been sent A newly discovered vulnerability in Microsoft Authenticator could expose sensitive login codes ...
Yahoo

Your Guide to Activating iCloud Two-Factor Authentication for Extra Security

Two-factor authentication adds a barrier between whoever's logging in and the account by requiring authentication in two ways, such as a computer and phone. This ...
Forbes

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

Security experts advise against using SMS messages for two-factor authentication codes due to their vulnerability to interception or compromise. Recently, a security researcher discovered an unsecured ...
Hosted on MSN

One Million Two-Factor Authentication Codes Were Recently Exposed

One-time SMS codes are widely used as the second checkpoint in two-factor authentication (2FA) to sign into everything from banking apps to email accounts. As I've written before, though, SMS is one ...
Tidbits

Reacting to Unsolicited Two-Factor Authentication Codes

I have long encouraged the use of two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible (for more about the difference, see “Two-Factor Authentication, ...
Forbes

PayPal Security—2FA Codes To Be Replaced By Single-Step Login

Update, Mar. 1, 2025: This story, originally published Feb. 28, now includes details of a new PayPal “no code checkout” scam. Hot on the heels of Google confirming that it is replacing the use of SMS ...
Tidbits

AppBITS: Proton Authenticator Takes on 2FA Apps

In “Two-Factor Authentication, Two-Step Verification, and 1Password” (10 July 2023), I explained that for true two-factor authentication, you needed to acquire your time-based one-time password (TOTP) ...
CSO Online

Telnet vulnerability opens door to remote code execution as root

The flaw in a legacy Telnet implementation enables pre-auth remote code execution, exposing affected systems to full ...
BizTech

Unlocking Modern Security: A Journey Beyond Passwords in User Authentication

Matt is an associate editorial director and award-winning content creation leader. He is a regular contributor to the CDW Tech Magazines and frequently writes about data analytics, software, storage ...
CPO Magazine

Security Flaw at the U.K.’s Business Registry Exposes Organizations’ Data

A security flaw at the U.K.’s business registry, Companies House, exposed the personal information of business executives and ...