#authentication-flaw

[ follow ]
#cybersecurity #privacy #vulnerabilities #data-breach #security #anthropic #ai #vulnerability #malware #data-breaches
#data-breach
Information security
fromSecuritymagazine
2 days ago

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.
Information security
fromTheregister
1 day ago

McGraw Hill linked to 13.5M-record data leak

McGraw Hill experienced a data breach exposing 13.5 million records due to a Salesforce misconfiguration, leading to personal information circulating online.
Information security
fromTechCrunch
4 days ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.
Information security
fromSecuritymagazine
2 days ago

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.
Information security
fromTheregister
1 day ago

McGraw Hill linked to 13.5M-record data leak

McGraw Hill experienced a data breach exposing 13.5 million records due to a Salesforce misconfiguration, leading to personal information circulating online.
Information security
fromTechCrunch
4 days ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.
more#data-breach
#age-verification
Privacy technologies
fromThe Verge
1 day ago

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.
EU data protection
fromWIRED
1 day ago

Europe's Online Age Verification App Is Here

The European online age verification app ensures anonymous age verification using ID cards or passports, protecting children from harmful content.
fromAbove the Law
8 hours ago
Privacy technologies

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.
fromTNW | Government-Policy
2 days ago
Privacy technologies

The EU says its age verification app is ready

The European Commission's age verification app uses zero-knowledge proof technology to confirm user age without exposing personal data.
Privacy technologies
fromThe Verge
1 day ago

Age verification is a mess but we're doing it anyway

Age verification methods on the internet are flawed, leading to challenges in effectively preventing underage access to inappropriate content.
EU data protection
fromWIRED
1 day ago

Europe's Online Age Verification App Is Here

The European online age verification app ensures anonymous age verification using ID cards or passports, protecting children from harmful content.
Privacy technologies
fromAbove the Law
8 hours ago

438 Experts Said Age Verification Is Dangerous. Legislators Are Moving Forward With It Anyway. - Above the Law

Age verification mandates for the internet are technically flawed, threaten privacy, and may cause more harm than good, according to 438 researchers from 32 countries.
more#age-verification
#cybersecurity
fromTechCrunch
4 hours ago
Information security

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Information security
fromSecurityWeek
10 hours ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.
Information security
fromTechCrunch
4 hours ago

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.
Careers
fromSecurityWeek
2 days ago

CISO Conversations: Ross McKerchar, CISO at Sophos

Ross McKerchar transitioned from IT to cybersecurity, becoming CISO at Sophos, emphasizing leadership skills and the growing cybersecurity profession.
Information security
fromSecurityWeek
10 hours ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.
Privacy technologies
fromYahoo Tech
1 week ago

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.
more#cybersecurity
Artificial intelligence
fromTechRepublic
8 hours ago

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.
fromwww.housingwire.com
3 hours ago

Disconnected systems fueling title, wire fraud risks

Disconnected systems, inconsistent definitions of data, and the manual nature of data movement create ongoing challenges in the title industry, according to FundingShield President Adam Chaudhary.
Real estate
Wearables
fromEngadget
5 hours ago

Sam Altman's 'human verification' company thinks its eye-scanning orbs could solve ticket scalping

Concert Kit uses World ID to help artists combat ticket scalping by verifying real human buyers.
fromNature
3 days ago

Researchers: here's how to audit your fragmented digital identity

A search for 'Guo Wei' in ORCID returned 616 profiles, none affiliated with the Jiangsu University of Science and Technology, highlighting the difficulty in verifying academic identities.
Higher education
Digital life
fromwww.dw.com
3 days ago

Dangerous Apps In the Web of Data Brokers

Smartphone apps collect detailed location data, often shared with data brokers, posing security risks to users, including soldiers and government officials.
#privacy
Privacy technologies
fromComputerWeekly.com
7 hours ago

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.
more#privacy
#nist
Information security
fromTechzine Global
1 day ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.
Information security
fromTechzine Global
1 day ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.
more#nist
#anthropic
Artificial intelligence
fromThe Verge
2 hours ago

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.
Information security
fromTheregister
23 hours ago

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.
Artificial intelligence
fromThe Verge
2 hours ago

Anthropic's new cybersecurity model could get it back in the government's good graces

Anthropic's relationship with the Trump administration has improved due to its new cybersecurity model, Claude Mythos Preview.
Information security
fromTheregister
23 hours ago

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.
more#anthropic
#identity-verification
Privacy professionals
fromEngadget
1 day ago

Anthropic will ask Claude users to verify their identities 'for a few use cases'

Anthropic is implementing identity verification for certain capabilities on Claude, requiring users to provide a government-issued ID and a selfie.
Privacy professionals
fromEngadget
1 day ago

Anthropic will ask Claude users to verify their identities 'for a few use cases'

Anthropic is implementing identity verification for certain capabilities on Claude, requiring users to provide a government-issued ID and a selfie.
more#identity-verification
EU data protection
fromComputerWeekly.com
1 day ago

CYBERUK '26: UK lagging on legal protections for cyber pros | Computer Weekly

The outdated Computer Misuse Act hinders UK cyber security innovation and needs urgent reform to protect cyber professionals.
#zoom
more#zoom
#ransomware
EU data protection
fromTheregister
2 days ago

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.
EU data protection
fromTheregister
2 days ago

Autovista blames ransomware for service disruption

Autovista is addressing a ransomware infection affecting its systems in Europe and Australia, prioritizing the secure restoration of impacted applications.
more#ransomware
Software development
fromZDNET
2 days ago

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.
#malware
fromSecurityWeek
2 days ago
Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Information security
fromSecurityWeek
2 days ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.
more#malware
Privacy professionals
fromZDNET
2 days ago

A data removal service helped me reclaim my privacy - see if you need one, too

Personal data is collected and sold by brokers, making removal services essential for protecting sensitive information.
Information security
fromComputerWeekly.com
1 day ago

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.
Information security
fromDevOps.com
5 hours ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.
Privacy technologies
fromnews.bitcoin.com
21 hours ago

Anthropic Adds ID Verification to Claude for Select AI Users

Anthropic implemented ID checks for Claude users in April 2026 to limit abuse and meet legal obligations, while not storing ID images on its systems.
#tinder
Privacy technologies
fromwww.bbc.com
4 hours ago

Tinder and Zoom offer 'proof of humanity' eye-scans to combat AI

Tinder will implement eye-scanning technology to verify users as human, addressing concerns over AI-generated fake profiles.
Privacy technologies
fromwww.bbc.com
4 hours ago

Tinder and Zoom offer 'proof of humanity' eye-scans to combat AI

Tinder will implement eye-scanning technology to verify users as human, addressing concerns over AI-generated fake profiles.
more#tinder
#cisco
Information security
fromThe Hacker News
1 day ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
1 day ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
Information security
fromThe Hacker News
1 day ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
1 day ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
more#cisco
#apache-activemq
Information security
fromSecurityWeek
12 hours ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
Information security
fromThe Hacker News
17 hours ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.
Information security
fromSecurityWeek
12 hours ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
Information security
fromThe Hacker News
17 hours ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.
more#apache-activemq
Information security
fromHarvard Gazette
2 hours ago

Time for government, business leaders to figure out AI cybersecurity regulation - Harvard Gazette

Agentic AI poses both opportunities for cybersecurity and risks to personal data, economy, and national security, necessitating regulation by leaders.
Deliverability
fromWIRED
1 month ago

How to Avoid Getting Locked Out of Your Google Account

Set up Recovery Contacts and two-factor authentication to protect your Google account and regain access if locked out.
Information security
fromTechRepublic
1 day ago

McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked

Unauthorized access to limited internal data at McGraw-Hill was linked to a Salesforce misconfiguration, raising concerns about potential identity fraud and harassment.
#microsoft
Information security
fromSecurityWeek
3 days ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
Privacy technologies
fromThe Verge
2 days ago

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.
Information security
fromThe Hacker News
2 days ago

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft addressed 169 security flaws, including one actively exploited vulnerability, marking the second largest Patch Tuesday ever.
Information security
fromSecurityWeek
3 days ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
more#microsoft
Privacy technologies
fromTechRepublic
2 days ago

WhatsApp New Update Lets You Chat Without Sharing Your Phone Number

WhatsApp is introducing usernames, allowing users to chat without sharing phone numbers, enhancing privacy and user experience.
Information security
fromThe Hacker News
8 hours ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
Information security
fromComputerworld
23 hours ago

Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE

Identity and access management is crucial for cybersecurity, with a focus on IAM hygiene necessary to mitigate risks from vulnerabilities.
Information security
fromTheregister
2 days ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.
Information security
fromSecurityWeek
2 days ago

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.
Information security
fromSecurityWeek
2 days ago

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.
Information security
fromTheregister
2 days ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.
#iam
Information security
fromInfoWorld
2 days ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromComputerworld
2 days ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromInfoWorld
2 days ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
Information security
fromComputerworld
2 days ago

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional IAM tools are inadequate for managing agent access, which is ephemeral and complex, requiring a new approach to runtime enforcement.
more#iam
Information security
fromTechzine Global
4 days ago

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.
Information security
fromSecurityWeek
2 days ago

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.
Information security
fromThe Hacker News
3 days ago

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.
#openai
more#openai
fromFinbold
3 days ago

Kraken insider extortion reveals remote work security blind spot

"Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco stated.
Information security
Information security
fromTechzine Global
3 days ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
#identity-management
fromThe Hacker News
1 week ago
Information security

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.
Information security
fromThe Hacker News
1 week ago

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.
Information security
fromThe Hacker News
1 week ago

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Enterprise IAM faces fragmentation, leading to Identity Dark Matter and a significant gap in visibility and security oversight.
Information security
fromThe Hacker News
1 week ago

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.
more#identity-management
Information security
fromThe Hacker News
1 week ago

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.
Information security
fromTechzine Global
4 weeks ago

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.
Information security
fromThe Hacker News
1 month ago

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Many Windows authentication paths bypass MFA protections, allowing attackers to compromise networks using valid credentials despite MFA deployment on cloud applications.
Information security
fromComputerworld
1 month ago

OAuth phishers make 'check where the link points' advice ineffective

Attackers use phishing emails with malicious OAuth links containing broken parameters to redirect users to attacker-controlled destinations through legitimate identity providers.
Information security
fromTheregister
1 month ago

Every day in every way, passwords are getting worse

Passwords remain ubiquitous, aging and increasingly vulnerable due to implementation flaws, password manager weaknesses, and AI-related risks.
fromWIRED
1 month ago

Password Managers Share a Hidden Weakness

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.
Information security
Information security
fromThe Hacker News
1 month ago

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Several major cloud-based password managers are vulnerable to multiple password recovery attacks enabling integrity breaches or full organizational vault compromise.
Information security
fromSecurityWeek
2 months ago

Webinar Today: Identity Under Attack - Strengthen Your Identity Defenses

Adopt an identity-first security strategy to protect sensitive data, meet compliance requirements, and balance security, user experience, and operational efficiency against identity threats.
fromComputerworld
2 months ago

11 steps to smarter Google account security

While you're thinking about third-party add-ons for your computer and phone, take a moment to review everything you have installed on both fronts and consider how many of those programs you actually still use. The fewer cracked windows you allow on your Google account, the better - and if you aren't even using something, there's no reason to keep it connected.
Information security
[ Load more ]