Microsoft SharePoint exploited to hack multiple energy firms

Hackers are abusing SharePoint to break into people's emails ...
SecurityWeek

Why Identity Security Must Move Beyond MFA

Organizations with a comprehensive identity security strategy are better positioned to defend against evolving threats and ...

Lost Your Phone? Here's How to Get Back Into Your Accounts Without Losing Everything

Whenever you get a new phone or authenticator, you risk locking yourself out of your multi-factor authentication (MFA) ...

ShinyHunters claim to be behind SSO-account data theft attacks

The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) ...
Cyber Defense Magazine

How Real-Time Phishing Relay Attacks Work—And How To Stop Them Cold Today

Real-time phishing relay attacks are now the most dangerous and effective weapon in the modern cybercriminal’s arsenal. They ...
Security Boulevard

Passwordless Authentication vs MFA: Security, UX & Implementation Compared

Comparison of Passwordless Authentication and MFA for CTOs. Explore security, UX, and implementation strategies for ...
CSO Online

GitLab 2FA login protection bypass lets attackers take over accounts

The platform warns users of on-premises versions to upgrade to the latest versions; SaaS and web versions have been patched.
Bitdefender

North Korean Hackers Use Phony QR Codes in Phishing Attacks on US Orgs, FBI Warns

The FBI has issued an alert to warn organizations of a QR code phishing campaign from the North Korean hacking group Kimsuky (APT43).
Security Boulevard

Access Token vs Refresh Token: Key Differences & When to Use Each

Deep dive for CTOs on access vs refresh tokens. Learn key differences, security best practices for CIAM, and how to build enterprise-ready SSO systems.

Okta SSO accounts targeted in vishing-based data theft attacks

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks.
Cloud Security Alliance

Reimagining the Browser as a Critical Policy Enforcement Point: A Zero Trust Security Architecture for Modern Enterprises

Explores turning the browser into a policy enforcement point within a Zero Trust framework, covering governance, MFA, device ...
CPO Magazine

FBI Alert: North Korean Hackers Using Malicious QR Codes in Phishing Attacks

The FBI has warned about North Korean hackers Kimsuky leveraging QR codes in phishing attacks targeting U.S. and foreign government entities, academia, think tanks, and others.