The Hacker News

âš¡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

Google blocked the first known AI-powered attack on 2FA accounts; here is how hackers tried to break in, know how to stay safe

Foreign hackers attempted a novel AI-powered cyberattack targeting two-factor authentication using a zero-day exploit. Google's Threat Intelligence Group detected and thwarted this sophisticated plot, ...

Microsoft Is Phasing Out SMS 2FA Codes For Personal Accounts

Microsoft is phasing out SMS 2FA for personal accounts as it pushes users toward passkeys and other passwordless sign-in ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Opinion

Microsoft won't send you SMS texts for login anymore - why it's pushing passkeys instead

Text messages are a weak, vulnerable way to authenticate account logins. Soon, you'll have to switch to one of these safer, more secure methods.

1Password extends OpenAI collaboration with Codex MCP server for just-in-time credential access

Cybersecurity and password service provider 1Password LLC today expanded its collaboration with OpenAI Group PBC, releasing a ...
IEEE

PQAKA: Post Quantum Authentication and Key Agreement Protocol for Intelligent Internet of Vehicles Over 5G

Abstract: As Vehicular Networks evolve toward the Intelligent Internet of Vehicles (IoV), ensuring quantum-resilient security has become essential. The current 5G Authentication and Key Agreement (AKA ...