Tag: password
-
Passwörter sind out: Die Passkeys kommen
Einfacher in der Nutzung und schwerer zu stehlen: Passkeys gelten immer stärker als sichere Alternative zu Passwort, Phishing und gestohlenen Zugangsdaten. Passwörter schützen Online-Konten seit Jahrzehnten, wurden aber nie für die Bedrohungslage entwickelt, mit der Nutzer heute konfrontiert sind. Phishing, gestohlene Zugangsdaten und die Wiederverwendung derselben Passwörter machen sie nach wie vor zu einer… First…
-
Amos Stealer Targets macOS Keychain Files and Browser Passwords
Amos Stealer targets macOS users through fake downloads, stealing Keychain files, browser passwords, cookies, and developer configs for data theft. First seen on hackread.com Jump to article: hackread.com/amos-stealer-macos-keychain-files-browser-passwords/
-
Mit Malware erbeutet: 124 Millionen neue Passwörter bei HaveIBeenPwned
Cyberkriminelle greifen mit Infostealer-Malware häufig Zugangsdaten ab. HaveIBeenPwned hat seine Datenbank um eine große Sammlung davon erweitert. First seen on golem.de Jump to article: www.golem.de/news/mit-malware-erbeutet-124-millionen-neue-passwoerter-bei-haveibeenpwned-2606-209825.html
-
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes
Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Polish email providers such as Onet, Wirtualna Polska and Interia shifted in March 2026 to high-volume Gmail-targeted campaigns. Attackers send professionally worded Polish-language…
-
The Onboarding Password Mistake That Creates Unnecessary Risk
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe.That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue is that these passwords don’t always stay temporary. They may be sent over…
-
Datenverlust im Passwortmanager: Passwort-Tresore plötzlich leer
Tags: passwordDer niederländische Provider Ziggo hat einen Passwortmanager im Angebot. Bei einer Störung sind dort Passwörter unwiederbringlich verloren gegangen. First seen on golem.de Jump to article: www.golem.de/news/zugangsdaten-ade-datenverlust-bei-passwortmanager-trifft-kunden-eines-providers-2606-209782.html
-
New DPAPISnoop Tool Enables Extraction of CREDHIST Hashes From Windows Systems
A newly enhanced version of the open-source DPAPISnoop tool is drawing attention in the security community after researchers demonstrated its ability to extract offline-crackable hashes from Windows DPAPI credential history (CREDHIST) files, potentially exposing historical password material and enabling deeper insight into user password patterns over time. New DPAPISnoop Tool Developed by Nettitude’s CyberLabs team,…
-
Wurm Miasma infiltriert 73 Microsoft-Repositories
GitHub hat 73 infizierte Microsoft-Repositories gesperrt. Der Krypto-Wurm Miasma stahl dort gezielt Passwörter und API-Schlüssel von Entwicklern. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/wurm-miasma-microsoft-repositories
-
21,786 Home Cameras, No Password, No Warning
21,786 live cameras stream with zero authentication. Cheap gear is the real risk, webcamXP open 46% of the time. Your home router is the broadcast tower. In May 2026, Mysterium VPN queried a public internet-wide device index to count every camera and recorder that answers the open internet. They found more than three million reachable…
-
Hacker stehlen Passwörter mit TikTok-Videos: Falsche Spotify-Hacks
Cyberkriminelle nutzen Videos für kostenloses Spotify Premium auf TikTok, um Schadsoftware zum Diebstahl von Passwörtern und Krypto-Wallets zu verbreiten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-passwoerter-tiktok-videos
-
Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts
Meta says a bug in its AI-assisted account recovery workflow likely let attackers reset passwords for more than 20,000 Instagram accounts. The post Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-meta-instagram-recovery-flaw-20k/
-
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/
-
Passwort-Bypass bei Check Point: Hacker greifen VPN-Systeme an
Eine Logiklücke in Check-Point-VPNs (CVE-2026-50751) erlaubt Passwörter zu umgehen. Die Schwachstelle wird aktiv für Ransomware-Angriffe ausgenutzt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/passwort-bypass-bei-check-point
-
Apple Intelligence can now replace weak passwords without user intervention
Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/09/apple-intelligence-automated-passwords-security-updates/
-
Datenpanne bei Instagram: Mark Zuckerbergs Handynummer plötzlich im Netz
Tags: passwordDurch einen Bug beim Passwort-Reset von Instagram ließen sich zeitweise Rufnummern anderer Nutzer abgreifen. Auch Zuckerberg blieb nicht verschont. First seen on golem.de Jump to article: www.golem.de/news/datenpanne-bei-instagram-mark-zuckerbergs-handynummer-ploetzlich-im-netz-2606-209563.html
-
Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-Attack
Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incident First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/jlr-cyberattack-ciso-inperson/
-
New Apple feature automatically changes your compromised passwords
At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it’s rolling out with iOS 27. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/
-
Microsoft’s open source tools were hacked to steal passwords of AI developers
Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/08/microsofts-open-source-tools-were-hacked-to-steal-passwords-of-ai-developers/
-
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to…
-
Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse
Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk. First seen on hackread.com Jump to article: hackread.com/instagram-recovery-tool-bug-accounts-password-reset/
-
Meta AI Recovery Tool Flaw Exposed 20,000+ Instagram Accounts
A flaw in Meta’s AI-powered Instagram recovery tool exposed over 20,000 accounts, letting attackers reset passwords and take over profiles. Meta’s High Touch Support tool, known as HTS, was designed to help Instagram users recover locked accounts: you provide an email address, you get a password reset link. The flaw was equally simple: the tool…
-
Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users
Instagram glitch exposed Mark Zuckerberg’s email addresses and phone number, plus contact details of other top users, through a password reset flaw. First seen on hackread.com Jump to article: hackread.com/instagram-glitch-leaks-contact-info-mark-zuckerberg-users/
-
Instagram Patches Account Recovery Flaw Leaking User Contact Information
A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phone numbers, before Meta rapidly patched it on June 6, 2026. The vulnerability, which affected the platform’s password reset interface, allowed any unauthenticated user to initiate a standard recovery request for a target username and…
-
Experts say we should use passkeys, but can a smartphone PIN really be safer than a password?
The long-running series in which readers answer other readers’ questions explores a topical issue of personal cybersecurity<ul><li>Readers reply: <a href=”https://www.theguardian.com/lifeandstyle/2026/jun/07/readers-reply-alien-music-playlist-first-contact”>If an alien asked you: ‘What is music?’ what would you play for them?</li></ul>I’ve been struggling to get my head around the idea that a passkey, which can be a PIN on your phone, or facial…
-
Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords
Threat actors are deploying an updated SHub Stealer variant named Reaper that exploits the native macOS Script Editor to bypass OS-level protections and compromise cryptocurrency assets. First seen on hackread.com Jump to article: hackread.com/reaper-macos-infostealer-script-editor-crypto-passwords/
-
Scheinverschlüsselung: Fedora-Update deckt uralte Security-Panne bei Outlook auf
Einige Outlook-Nutzer haben offenbar jahrelang unwissentlich Passwörter im Klartext an E-Mail-Server übermittelt, obwohl die SSL/TLS-Option aktiv war. First seen on golem.de Jump to article: www.golem.de/news/scheinverschluesselung-fedora-update-deckt-uralte-security-panne-bei-outlook-auf-2606-209448.html
-
Attackers obtained encrypted password vaults from some Dashlane user accounts
Dashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/05/dashlane-brute-force-attack-vaults-customer-accounts/
-
Dashlane Reveals How Hackers Downloaded Encrypted Password Vaults
Dashlane has disclosed the findings of a recent security investigation, confirming that a limited number of users were impacted by a targeted brute-force attack against its device registration system. The company emphasized that its internal infrastructure was not breached and that no evidence suggests a broader compromise beyond a small subset of accounts. Device Registration…