SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Microsoft

Inside an AI‑enabled device code phishing campaign

Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational accounts at scale. While traditional device ...
Biometric Companies

Token presents a new biometric ‘button’ for air-gapped authentication

Token, the creator of biometric wearables such as the fingerprint-sensor-equipped smart ring, has unveiled a new hardware authentication device – this time in the form of a button. TokenCore Node ...
Biometric Companies

AI agent identity and next‑gen enterprise authentication prominent at RSAC 2026

Passwordless authentication for humans and non-human identities is emerging as a key theme of RSA Conference 2026, with vendors rolling out new hardware, biometric and passwordless technologies ...
ExtremeTech

Engineer Catches Discord Saving Unencrypted Copies of Users' Conversations, Authentication Tokens

Arc Raiders, a popular third-person multiplayer extraction shooter game, has come under scrutiny after players found out that the game was recording private Discord conversations and account tokens ...
CSOonline

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access. Another device code phishing campaign that abuses OAuth ...
PC Gamer

Today I learned Motorola was once developing a password pill that turns your body into an authentication token: 'We have demoed this working and authenticating a phone'

For the quickest way to join, simply enter your email below and get access. We will send a confirmation and sign you up to our newsletter to keep you updated on all your gaming news.
Bleeping Computer

Your MFA Is Costing You Millions. It Doesn't Have To.

For nearly twenty years enterprises have been told the same thing. Authentication is a cost center. Password resets burn IT time. Authenticator apps interrupt employees. MFA deployments cost real ...
The Hacker News

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, ...
Krebs on Security

The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many ...
Network World

DEF CON research takes aim at ZTNA, calls it a bust

Establish authentication token rotation schedules and demand vendor transparency on security architectures. “In conclusion, well, it turns out there are no magic ZTNA beans, we’ve got the same old bug ...