Tag: password
-
Dashlane explains how attackers managed to download encrypted password vaults
Tags: passwordBy targeting large numbers of users, attackers increased their chances of success. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/dashlane-explains-how-attackers-managed-to-download-encrypted-password-vaults/
-
Microsoft Edge retires master password feature, adopts passkeys and biometrics
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-edge-retires-master-password-feature-adopts-passkeys-and-biometrics
-
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps.Any other app on the same phone could ask for the signed-in user’s token and get it, then read email, open files, browse the calendar, and send messages as that…
-
Quantensicherheit Passkeys sind gut. Vor allem aber hilft eine dynamische, kontextbasierte und souveräne Authentifizierung
Wir sind im Quantum-Zeitalter angekommen. Das belegt nicht nur die intensive öffentliche Diskussion über Passwortsicherheit, sondern auch die Tatsache, dass 80 Prozent aller Datenpannen, laut Verizon-DBIR 2025 auf gestohlene oder schwache Passwörter zurückzuführen sind. Die Diskussion allein ist aber nicht genug. Unternehmen müssen handeln und ihre Systeme mit sicheren Zugangsmechanismen, wie Single-Sign-On, sowie einer proaktiven,…
-
Tankfüllstandsmesser in Tankstellen öffentlich über das Internet erreichbar
Mitte Mai hat CNN über einen Verdacht von US-Behörden berichtet. Demnach sollen Akteure, die mit dem Iran in Verbindung stehen, automatische Tankfüllstandsmesser (Automatic-Tank-Gauges, ATGs) an Tankstellen in den USA angegriffen haben. Dadurch konnten die Angreifer auf Geräte zugreifen, die über das Internet erreichbar und nicht durch Passwörter geschützt waren, und angezeigte Werte verändern. Zwar konnten…
-
Meta AI customer support tricked into forwarding password reset codes
First seen on scworld.com Jump to article: www.scworld.com/brief/meta-ai-customer-support-tricked-into-forwarding-password-reset-codes
-
Fake ChatGPT Desktop App Ads Used to Push Password-Stealing Malware
Fake ChatGPT desktop app ads pushed password-stealing malware by abusing trusted AI links, hiding from scanners, and tricking users into downloads. First seen on hackread.com Jump to article: hackread.com/fake-chatgpt-desktop-app-ads-password-stealer-malware/
-
Instagram Account Hijacks Expose the Security Risks of AI-Powered Support
Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. Attackers abused Meta’s AI-powered support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. The issue affected several users, including high-profile accounts, before Instagram fixed the flaw. Security researcher Jane Wong and other…
-
Password manager Dashlane says hackers stole some customers’ password vaults
The password manager giant said hackers were able to ‘brute-force’ its two-factor system, allowing them to access customer accounts and download their password vaults. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/02/password-manager-dashlane-says-hackers-stole-some-customers-password-vaults/
-
Passwortmanager: Hacker erbeuten Passwort-Tresore von Dashlane-Nutzern
Infolge eines Brute-Force-Angriffs wurden einige Dashlane-Nutzer temporär gesperrt. Die Angreifer sollen zudem an Passwort-Tresore gelangt sein. First seen on golem.de Jump to article: www.golem.de/news/brute-force-attacke-angreifer-erbeuten-passwort-tresore-von-dashlane-2606-209302.html
-
Brute-Force-Attacke: Angreifer erbeuten Passwort-Tresore von Dashlane
Infolge eines Brute-Force-Angriffs auf Dashlane wurden einige Nutzer temporär gesperrt. Die Angreifer sollen zudem an Passwort-Tresore gelangt sein. First seen on golem.de Jump to article: www.golem.de/news/brute-force-attacke-angreifer-erbeuten-passwort-tresore-von-dashlane-2606-209302.html
-
KI-Panne bei Instagram: Support-Chatbot hilft bei Passwort-Reset für fremde Konten
Der Meta AI Supportassistent hilft Angreifern offenbar bereitwillig dabei, fremde Instagram-Konten zu übernehmen. Beschwerden im Netz häufen sich. First seen on golem.de Jump to article: www.golem.de/news/support-panne-instagram-konten-ueber-metas-ki-chatbot-gekapert-2606-209284.html
-
SolyxImmortal Malware Steals Passwords, Cookies, Files, and Keystrokes
A newly analyzed Python-based information stealer named SolyxImmortal is actively targeting sensitive user data, including browser credentials, cookies, documents, screenshots, and keystrokes. The malware uses common Python libraries and multi-threading techniques to run multiple surveillance and data theft operations simultaneously, making it efficient and difficult to detect during execution. Security researchers, including Cyfirma, report that…
-
Meta’s AI Bot Misused by Hackers to Take Over Instagram Accounts
Attackers have exploited a critical vulnerability in Meta’s AI-powered Instagram support chatbot to hijack user accounts without needing passwords, phishing, or malware. Instead of bypassing security through technical exploits, hackers simply manipulated the chatbot via natural-language requests. Meta’s AI Bot Misused by Hackers The flaw allowed attackers to bypass two-factor authentication (2FA) effectively. By interacting…
-
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Password manager Dashlane has disclosed that “fewer than” 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party.On May 31, 2026, the company said an “external” threat actor launched a brute-force attack against certain Dashlane user accounts with the aim of breaking two-factor authentication…
-
Dashlane password manager users locked out by brute force attacks
Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dashlane-password-manager-users-locked-out-by-brute-force-attacks/
-
Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers
Hackers stole usernames, hashed passwords, and other data from a service that allowed players to cheat in Grand Theft Auto V. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/01/grand-theft-auto-v-cheat-service-gets-hacked-exposing-thousands-of-gamers/
-
Brute-force attack triggers Dashlane account lockouts
Password manager Dashlane has confirmed that a brute-force attack targeting user accounts triggered temporary account suspensions and authentication issues. The company first … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/dashlane-brute-force-attack-user-accounts/
-
CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password
CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create WordPress admin accounts. 2,858 attacks blocked in 24 hours. WP Maps Pro plugin allows WordPress site owners to embed Google Maps and OpenStreetMap with markers, listings, and location search. It’s a store locator tool. Unremarkable. The plugin is installed on over 15,000 websites, according to sale…
-
Nach 11 Jahren Verzweiflung: Claude knackt Passwort einer Bitcoin-Wallet mit 400.000 Dollar
Tags: passwordFirst seen on t3n.de Jump to article: t3n.de/news/bitcoin-wallet-verzweiflung-claude-passwort-1742871/
-
Cyberkriminelle nutzen die Phishing-Plattform Kali365, um legitime Microsoft-365-Verfahren für einen Zugriff ohne Passwörter
Das FBI warnt aktuell vor Kali365, einer seit April 2026 aktiven Phishing-as-a-Service-Plattform, die gezielt Microsoft-365-Umgebungen ins Visier nimmt. Hierbei werden keine Zugangsdaten gestohlen, sondern OAuth-Tokens gekapert, wodurch selbst eine Multifaktor-Authentifizierung (MFA) umgangen wird. Die Plattform bietet zudem KI-generierte Phishing-Vorlagen, automatisierte Kampagnen-Tools und Echtzeit-Tracking-Dashboards und wird über Telegram als Abonnementmodell vertrieben. Der Angriff läuft dabei in…
-
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts no password required
So, you’ve enabled multi-factor authentication. You’ve taught your staff never to type their passwords into dodgy-looking login pages. Surely your Microsoft 365 accounts are safe now? First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/fbi-kali365-phishing-kit-breaks-microsoft-365-accounts-no-password-required
-
Memcached SASL Flaw Exposes Usernames to Enumeration Attacks
A newly identified vulnerability in Memcached has raised concerns among security professionals after researchers confirmed a timing side-channel flaw that allows attackers to enumerate valid usernames. Tracked as CVE-2026-47783, the issue affects Memcached versions before 1.6.42 and specifically impacts SASL (Simple Authentication and Security Layer) password database authentication. The flaw stems from improper username validation…
-
Steam-Malware: Gratis-Horror-Spiel kapert Passwörter und Krypto-Wallets
Steam-Malware alarmiert Gamer: Das Horror-Spiel ‘Beyond The Dark” griff offenbar Passwörter, Browserdaten und Krypto-Wallets ab. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/gaming/steam-malware-gratis-horror-spiel-kapert-passwoerter-krypto-wallets-329341.html
-
Steam-Malware: Gratis-Horror-Spiel kapert Passwörter und Krypto-Wallets
Steam-Malware alarmiert Gamer: Das Horror-Spiel ‘Beyond The Dark” griff offenbar Passwörter, Browserdaten und Krypto-Wallets ab. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/gaming/steam-malware-gratis-horror-spiel-kapert-passwoerter-krypto-wallets-329341.html
-
Proton Pass adds monitored credential sharing for AI agents
Proton Pass, a secure, end-to-end encrypted password manager, added credential sharing through AI access tokens, allowing users to give AI agents access to selected items and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/proton-pass-adds-monitored-credential-sharing-for-ai-agents/
-
Breach Roundup: Shai-Hulud Copycat Hits npm
Also, YellowKey Gets CVE, 7-Eleven Breach, Linux Maintainers Warn on AI Bug Spam. This week, more incidents that we can here list. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge to stop loading passwords in plaintext. Tycoon 2FA offers a way around Microsoft multifactor. Convenience, taquitos and data breach: The 7-Eleven…
-
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linux-kernel-ptrace-flaw-ssh-keys/
-
Proton Launches Credential Tokens to Tackle AI Agent Security Gap
A growing tension sits at the heart of enterprise AI deployments: organisations want agents to act autonomously, yet handing over passwords and API keys to automated systems represents a significant and largely unresolved security risk. Proton is now attempting to close that gap with the launch of Proton Pass for AI Agents, a capability that…