Tag: authentication
-
Why You Should Use Geolocation in Your React App’s Authentication Process
Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access. First seen on hackread.com Jump to article: hackread.com/why-geolocation-react-apps-authentication-process/
-
Threat Actors Compromise Popular npm Packages to Steal Maintainers’ Tokens
Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used JavaScript tooling libraries. The campaign, first reported on July 18, 2025, utilizes a typosquatted domain, npnjs.com, to mimic legitimate npm communications and trick developers into surrendering their authentication tokens. This multi-stage operation begins with automated emails scraped…
-
Veeam Recovery Orchestrator users locked out after MFA rollout
Veeam warned customers today that a recently released Recovery Orchestrator version blocks Web UI logins after enabling multi-factor authentication (MFA). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/veeam-recovery-orchestrator-users-locked-out-after-mfa-rollout/
-
PoisonSeed outsmarts FIDO keys without touching them
Tags: attack, authentication, ceo, cryptography, exploit, fido, Hardware, login, phishing, vulnerabilityFIDO isn’t broken, just outsmarted: Expel researchers called the campaign a concerning development, given that FIDO keys are often regarded as one of the pinnacles of secure MFA. “While we haven’t uncovered a vulnerability in FIDO keys, IT and SecOps folks will want to sit up and take notice,” they said. “This attack demonstrates how…
-
Attackers Exploit Zero-Day Flaws in On-Premises SharePoint
Microsoft Issuing Emergency Patches to Combat Authentication-Bypassing Attacks. Hackers have been exploiting two zero-day vulnerabilities in on-premises installations of Microsoft SharePoint to gain remote access, and steal cryptographic keys and data. As Microsoft rolls out patches against ToolShell, experts warn administrators to also rotate keys, to help eject attackers. First seen on govinfosecurity.com Jump to…
-
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse
Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to bypass Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals.The activity, observed by Expel as part of a phishing campaign in the wild, has been attributed to a threat actor named PoisonSeed, which…
-
PoisonSeed Attack Tricks Users into Scanning Malicious MFA QR Codes
A sophisticated new cyber attack technique has emerged that exploits the cross-device sign-in features of FIDO keys, effectively bypassing one of the most secure forms of multifactor authentication (MFA) available today. Security researchers have identified this adversary-in-the-middle (AitM) attack, attributed to the PoisonSeed threat group, which demonstrates how attackers can circumvent hardware-based authentication protections through…
-
Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access
Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems.The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0.”Hard-coded login credentials were found in HPE…
-
HPE warns of hardcoded passwords in Aruba access points
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/
-
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actors-downgrade-fido2-mfa-auth-in-poisonseed-phishing-attack/
-
Hackers Exploit FIDO MFA With Novel Phishing Technique
PoisonSeed Threat Actor Uses Cross-Device Login Feature and QR Code to Trick Users. Expel researchers have found a novel adversary-in-the-middle phishing technique used by PoisonSeed, a cybercrime group previously tied to large-scale cryptocurrency thefts, to sidestep one of the most secure forms of multifactor authentication – FIDO2 physical keys. First seen on govinfosecurity.com Jump to…
-
Threat actors scanning for apps incorporating vulnerable Spring Boot tool
Tags: access, attack, authentication, ciso, compliance, country, credentials, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, finance, flaw, governance, group, hacker, incident response, infrastructure, Internet, kev, nist, organized, password, risk, technology, threat, tool, vulnerability, zero-day/health endpoints, commonly used to detect internet-exposed Spring Boot deployments. If vulnerable implementations of apps, including TeleMessage SGNL, are found, they could be exploited to steal sensitive data in heap memory, including plaintext usernames and passwords. The hole is serious enough that it was added this week to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited…
-
‘PoisonSeed’ Attacker Skates Around FIDO Keys
Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/poisonseed-attacker-fido-keys
-
Nearly 2,000 MCP Servers Possess No Security Whatsoever
Authentication in MCP, the backbone of agentic AI, is optional, and nobody’s implementing it. Instead, they’re allowing any passing attackers full control of their servers. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/2000-mcp-servers-security
-
Massive Data Leak at Texas Adoption Agency Exposes 1.1 Million Records
Texas adoption agency suffers major data leak, exposing over 1.1M sensitive records including case notes, contact info, and internal communications to public without any security authentication or password. First seen on hackread.com Jump to article: hackread.com/massive-data-leak-texas-adoption-agency-million-records/
-
Windows Server 2025: Authentication Bypass mit Golden dMSA
In Windows Server 2025 wurden delegated Managed Service Accounts (dMSA) neu eingeführt. Deren Design ermöglicht schwerwiegende Angriffe auf Managed Service Accounts und Active Directory-Ressourcen. Semperis-Research hat nun mit Golden dMSA ein Tool entwickelt, das die Logik des Angriffs enthält und … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/17/windows-server-2025-authentication-bypass-mit-golden-dmsa/
-
Why silent authentication is the smarter way to secure BYOD
In this Help Net Security video, Andy Ulrich, CISO at Vonage, explains how silent authentication offers a smarter, seamless solution to the security and productivity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/17/silent-authentication-byod-video/
-
Lenovo Vantage Flaws Enable Attackers to Gain SYSTEM-Level Privileges
Security researchers at Atredis have uncovered multiple privilege escalation vulnerabilities in Lenovo Vantage, a pre-installed management platform on Lenovo laptops that handles device updates, configurations, and system health monitoring. These flaws, tracked under CVEs 2025-6230, 2025-6231, and 2025-6232, allow unprivileged users to bypass authentication mechanisms and execute code with SYSTEM-level privileges, potentially leading to full…
-
OLG-Urteil: S-PushTAN für Transaktions-Authentifizierung unzureichend
Das von Sparkasse beim Online-Banking eingesetzte S-PushTAN-Verfahren ist für die Absicherung von Transaktionen unzureichend. Das hat das OLG-Dresden in einem Urteil festgestellt und einem Phishing-Opfer, welches grob fahrlässig handelte, einen Teil-Schadensersatz zugesprochen. Das S-PushTAN-Verfahren der Sparkassen Das S-PushTAN-Verfahren wird beim … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/07/16/olg-urteil-s-pushtan-fuer-transaktions-authentifizierung-unzureichend/
-
Red Bull-Themed Phishing Attacks Target Job Seekers’ Credentials
A few significant investments in email filtering, authentication procedures, and endpoint protection, attackers are constantly improving their techniques to circumvent automated security measures in a time when phishing is still a major cyberthreat. A recent campaign identified by Evalian’s Security Operations Center (SOC) exemplifies this evolution, employing sophisticated deception to target job seekers with spoofed…
-
Microsoft Broadens Zero Trust Training to Address Network and SecOps Domains
Zero Trust architectures are being adopted by enterprises globally to update their security postures in response to the fast changing cyberthreat landscape, where traditional perimeter-based defenses are becoming more and more insufficient. Zero Trust operates on the principle of >>never trust, always verify,
-
Critical D-Link Vulnerability Lets Remote Attackers Crash Servers Without Authentication
Security researchers have discovered a critical stack-based buffer overflow vulnerability in D-Link DIR-825 Rev.B 2.10 routers that allows remote attackers to crash servers without requiring authentication. The vulnerability, designated as CVE-2025-7206, affects the router’s httpd binary and can be exploited by manipulating the language parameter in the switch_language.cgi script. This flaw poses significant risks to…
-
Critical Ruckus Wireless Flaws Threaten Enterprise Wi”‘Fi Security
Tags: authentication, cyber, flaw, healthcare, network, remote-code-execution, risk, software, vulnerabilityMultiple critical vulnerabilities discovered in Ruckus Wireless management products pose severe security risks to enterprise networks, with issues ranging from authentication bypass to remote code execution that could lead to complete system compromise. The vulnerabilities affect Virtual SmartZone (vSZ) and Network Director (RND) software used to manage large-scale wireless deployments across schools, hospitals, and smart…
-
MCP is fueling agentic AI, and introducing new security risks
Tags: access, ai, api, attack, authentication, best-practice, ceo, cloud, corporate, cybersecurity, gartner, injection, LLM, malicious, monitoring, network, office, open-source, penetration-testing, RedTeam, risk, service, supply-chain, technology, threat, tool, vulnerabilityMitigating MCP server risks: When it comes to using MCP servers there’s a big difference between developers using it for personal productivity and enterprises putting them into production use cases.Derek Ashmore, application transformation principal at Asperitas Consulting, suggests that corporate customers don’t rush on MCP adoption until the technology is safer and more of the…