Tag: password

WhatsApp Rolls Out Optional Password Feature to Strengthen User Security

Feb 24, 2026 7:02 AM

Tags: access, cyber, defense, google, password, unauthorized

WhatsApp is developing a new feature to significantly strengthen account security by introducing optional account passwords. Currently available in the Google Play Beta Program through version 2.26.7.8, this functionality aims to add another robust layer of defense against unauthorized access and account takeovers. While still under development and not yet available for beta testing, this…
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon

Feb 24, 2026 6:01 AM

Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerability

Recommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
Connected & Compromised: When IoT Devices Turn Into Threats

Feb 23, 2026 6:01 PM

Tags: attack, Internet, iot, network, password, threat

Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things’ attack surfaces more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/iot/connected-compromised-iot-devices-turn-threats
Password managers keep your passwords safe, unless”¦

Feb 23, 2026 5:02 PM

Tags: attack, password

Researchers investigated the zero-knowledge claims of password managers”, and found some possible attack scenarios. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/password-managers-keep-your-passwords-safe-unless/
Using CardSpace as a Secure Password Manager

Feb 23, 2026 4:00 PM

Tags: identity, passkey, password, windows

Explore how Windows CardSpace’s ‘Identity Agent’ architecture paved the way for modern Passkeys and secure password management in 2026. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/using-cardspace-as-a-secure-password-manager/
Phishing-Kampagne umgeht Multi-Faktor-Authentifizierung von Microsoft 365

Feb 23, 2026 2:00 PM

Tags: authentication, cyberattack, mfa, microsoft, password, phishing, threat

KnowBe4 Threat Labs hat eine komplexe Phishing-Kampagne entdeckt, die auf US-amerikanische Unternehmen und Fachkräfte abzielt. Die Angriffe kompromittieren Microsoft-365-Konten (Outlook, Teams, Onedrive), indem sie den OAuth-2.0-Geräteautorisierungsfluss missbrauchen und dadurch selbst starke Passwörter und Multi-Faktor-Authentifizierung (MFA) überlisten. Das Opfer wird auf das legitime Microsoft-Portal ‘https://microsoft.com/devicelogin” weitergeleitet, um einen vom Angreifer bereitgestellten Gerätecode einzugeben. Durch die Eingabe…
Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs

Feb 23, 2026 2:00 PM

Tags: encryption, exploit, hacker, malicious, malware, password, phishing, wifi, windows

A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys. First seen on hackread.com Jump to article: hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
WhatsApp is adding another lock to your account

Feb 23, 2026 2:00 PM

Tags: android, google, password, update

Meta has released WhatsApp Beta for Android 2.26.7.8 through the Google Play Beta Program. The update includes references to password-protected accounts, indicating plans to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/whatsapp-account-password-feature-beta/
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers

Feb 23, 2026 1:01 PM

Tags: advisory, apt, backup, china, control, credentials, cve, exploit, flaw, government, group, ivanti, mobile, network, password, service, software, threat, update, vpn, vulnerability, zero-day

Patch, but verify first: Unit 42 directed organizations to Ivanti’s security advisory for remediation guidance, which recommends applying version-specific RPM patches for EPMM 12.x branches that require no appliance downtime. Ivanti cautioned, however, that the patch does not survive a version upgrade and must be reinstalled if the software is updated. “The permanent fix for…
Every day in every way, passwords are getting worse and worse

Feb 23, 2026 11:02 AM

Tags: password

The only good password is no password at all First seen on theregister.com Jump to article: www.theregister.com/2026/02/23/password_opinion/
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
How does NHI reassured stability in cybersecurity

Feb 23, 2026 5:01 AM

Tags: cybersecurity, password

How Can Organizations Protect Their Systems with Non-Human Identities? Have you ever considered the critical role that Non-Human Identities (NHIs) play in safeguarding your organization’s cybersecurity? Organizations are increasingly resorting to NHIs to maintain robust security protocols. These machine identities, a combination of encrypted passwords, tokens, or keys known as “Secrets,” are crucial for ensuring……
Researchers Demonstrate 27 Attacks Against Major Password Managers

Feb 22, 2026 9:02 PM

Tags: attack, flaw, password

Researchers demonstrate multiple attacks against major password managers, showing how compromised servers and design flaws can expose encrypted vault data. First seen on hackread.com Jump to article: hackread.com/researchers-demonstrate-password-managers-attacks/
Passwörter per ChatGPT erstellen: Warum du das lieber lassen solltest

Feb 22, 2026 1:02 PM

Tags: chatgpt, password

First seen on t3n.de Jump to article: t3n.de/news/passwoerter-chatgpt-erstellen-unsicher-1730517/
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Feb 21, 2026 1:02 PM

Tags: authentication, login, mfa, password, phishing, service

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand’s real website, and…
Password Managers Share a Hidden Weakness

Feb 21, 2026 1:02 PM

Tags: cybersecurity, password

Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online anti-censorship “portal” for the world, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-password-managers-share-a-hidden-weakness/
Dynamic Objects in Active Directory: The Stealthy Threat

Feb 20, 2026 6:01 PM

Tags: access, attack, blueteam, breach, cloud, computer, container, control, credentials, cve, data, defense, detection, dns, endpoint, group, identity, malicious, microsoft, monitoring, password, powershell, risk, soc, strategy, threat, tool, update, vulnerability

Active Directory’s “dynamic objects” feature offers attackers a perfect evasion cloak. These objects automatically self-destruct without a trace, so they allow adversaries to bypass quotas, pollute access lists, and persist in the cloud, leaving forensic investigators with nothing to analyze. Key takeaways The threat: Dynamic objects self-delete without leaving any traces, or “tombstones” in AD…
Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Feb 20, 2026 2:01 PM

Tags: crypto, malware, password, windows

Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets/
CharlieKirk Grabber Malware Targets Windows Systems to Steal Login Credentials

Feb 20, 2026 2:01 PM

Tags: control, credentials, cyber, data, login, malware, password, theft, windows

CharlieKirk Grabber is a Python-based Windows infostealer that focuses on rapid “smash”‘and”‘grab” credential theft and data exfiltration rather than long-term system control or destructive behavior. It targets browser”‘stored passwords, Wi”‘Fi keys, Discord tokens, and gaming sessions, then exfiltrates the collected data via third”‘party file hosting and encrypted Discord or Telegram channels. File Name CharlieKirk.exe File…
Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026

Feb 20, 2026 1:01 PM

Tags: access, attack, authentication, cyber, identity, insurance, metric, mfa, password

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are First seen on thehackernews.com…
Passwort in Whatsapp: Diese neue Sicherheitsfunktion soll dich noch besser schützen

Feb 20, 2026 1:01 PM

Tags: password

First seen on t3n.de Jump to article: t3n.de/news/passwort-in-whatsapp-diese-neue-sicherheitsfunktion-soll-dich-noch-besser-schuetzen-1730128/
LLM-Generated Passwords Expose Security Risks with Predictability and Weakness

Feb 20, 2026 11:01 AM

Tags: cyber, LLM, password, risk

LLM-generated passwords may look complex and “high entropy,” but new research shows they are highly predictable, frequently repeated, and far weaker than traditional cryptographic password generators. At the core of a secure password generator is a CSPRNG, which produces characters from a uniform, unpredictable distribution, making each position in the password hard to guess. Large…
PayPal launches latest struggle to get rid of SMS for MFA

Feb 20, 2026 9:01 AM

Tags: authentication, ceo, ciso, communications, compliance, cybersecurity, email, finance, fraud, government, group, login, mfa, mobile, nfc, passkey, password, phishing, risk, service, strategy, switch, update

Muddled effort, mixed messages Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says he’s “always found it odd” that PayPal still supports SMS as its primary secondary authentication factor.”Everyone in financial services and government has abandoned it for not being sufficiently secure and are moving to even phishing-resistant authentication, such as passkeys, Yubikeys,” he…
10 Passwordless-Optionen für Unternehmen

Feb 20, 2026 6:01 AM

Tags: access, ai, apple, authentication, ciso, cloud, control, crypto, endpoint, fido, github, google, hacker, Hardware, iam, identity, infrastructure, mfa, microsoft, mobile, monitoring, okta, passkey, password, service, software, tool, vpn

Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen. Wir zeigen Ihnen zehn. Passwörter sind seit Jahrzehnten der Authentifizierungsstandard für Computersysteme, obwohl sie sich immer wieder aufs Neue als anfällig für diverse Cyberangriffsformen erwiesen haben und kompromittierte Benutzerkonten auf regelmäßiger Basis zum Einfallstor für kriminelle Hacker werden. Ein Mittel für CISOs, um diesem Problem…
Why must healthcare embrace Agentic AI for data protection

Feb 20, 2026 12:00 AM

Tags: ai, cybersecurity, data, healthcare, password

Are Non-Human Identities the Key to Unlocking Agentic AI in Data Protection? Organizations across industries are increasingly focusing on the management of Non-Human Identities (NHIs). These machine identities, akin to digital passports, play a pivotal role in cybersecurity by managing encrypted passwords, tokens, and keys. Yet, how can NHIs serve as the cornerstone for Agentic……
Connected and Compromised: When IoT Devices Turn Into Threats

Feb 19, 2026 10:01 PM

Tags: attack, Internet, iot, network, password, threat

Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things’ attack surfaces more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/iot/connected-compromised-iot-devices-turn-threats
AI-generated passwords are a security risk

Feb 19, 2026 7:01 PM

Tags: ai, cybercrime, password, risk

AI-generated passwords are “highly predictable” and aren’t truly random, making them easier for cybercriminals to crack. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/ai-generated-passwords-are-a-security-risk/
ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

Feb 19, 2026 4:01 PM

Tags: ai, cyber, flaw, leak, password, rce, remote-code-execution, risk, tactics, threat, tool, zero-day

The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries, often all at the same time.Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about…
Shadow Machines: The Non-Human Identities Exposing Your Cloud AI Stack

Feb 19, 2026 10:01 AM

Tags: access, ai, api, authentication, automation, business, cloud, compliance, container, control, credentials, data, encryption, framework, governance, iam, identity, infrastructure, iot, jobs, login, mfa, password, risk, risk-management, saas, service, software, strategy, supply-chain, tool

Shadow Machines: The Non-Human Identities Exposing Your Cloud & AI Stack madhav Thu, 02/19/2026 – 06:30 The machines we don’t see are the ones running our businesses. Unfortunately, most IAM systems do not track them. In an ironic twist, the ghost in the machine has become the machine itself: invisible, autonomous, and increasingly beyond human…