CSO Online

Security experts caution MFA alone can no longer stop threat actors

Current campaigns are allowing even novice attackers to scoop up authentication tokens with increasing frequency, bypassing ...
The Hacker News

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

MFA prompt bombing enabled Cisco attackers to steal 2.8GB in 2022, exposing push MFA weaknesses and account takeover risks.

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass ...

How Apple turned to math to defend against next-gen attacks on encryption

Apple says testing missed flaws in new encryption designed to protect against future attacks from quantum computers, so it ...
Microsoft

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...
InfoQ

Microsoft Introduces MDASH for Large-Scale AI Vulnerability Research

Microsoft has introduced a new AI-driven vulnerability discovery system called MDASH, a multi-model agentic security platform designed to automate large-scale code auditing across Windows and other ...