Identity Alone Isn't Enough: Why Device Security Has to Share the Load

Identity checks alone can't stop attackers using stolen session tokens and compromised devices. Specops Software outlines why ...

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...
IEEE

PRIDA-ME: A Privacy-Preserving, Interoperable and Decentralized Authentication Scheme for Metaverse Environment

Abstract: The metaverse is a new virtual world that has the potential to significantly impact our interactions with digital content and with each other. It is a shared virtual environment where users ...
cybernews

Critical PAN-OS zero-day vulnerability exploited in the wild, with no patches available

Palo Alto Networks warns that its widely deployed firewalls are under attack with hackers exploiting a critical zero-day vulnerability. Unauthenticated attackers can achieve remote code execution with ...
The Hacker News

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) ...
IEEE

Online Banking User Authentication Methods: A Systematic Literature Review

Abstract: Online banking has become increasingly popular in recent years, making it a target for cyberattacks. Banks have implemented various user authentication methods to protect their customers’ ...
The Hacker News

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects ...