The Hacker News

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.
SecurityWeek

The Credential Crisis: How Stolen Credentials Defeat Modern Security

Stolen credentials and AI-driven attacks are allowing cybercriminals to bypass traditional security defenses and operate as ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...
CSO Online

Identity as the primary attack surface: What modern breaches are really exploiting

Hackers aren't breaking through firewalls anymore; they are just logging in with stolen credentials, meaning your identity ...

Hackers bypass SonicWall VPN MFA due to incomplete patching

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN ...
PC World

4 ways hackers can break 2FA—and why you should still use it anyway

Two-factor authentication adds an extra layer of defense against hackers—even if your password is stolen or guessed, another checkpoint will block account access. I regularly recommend enabling 2FA as ...
Dark Reading

Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication

­Microsoft's Windows Hello for Business (WHfB) default phishing-resistant authentication model recently was found susceptible to downgrade attacks, allowing threat actors to crack into even ...
Los Angeles Times

Your guide to Proposition 4: California climate bond

The Safe Drinking Water, Wildfire Prevention, Drought Preparedness, and Clean Air Bond Act of 2024 would have the state borrow $10 billion to pay for climate and environmental projects — including ...