Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages.

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Learn how a human-centric approach can reduce authentication errors in enterprise environments while improving security and ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not laced with malicious code. In 2025, those odds got significantly worse.

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

--total number of ips active in the block list to trigger I am Under Attack Mode and turn the auth puzzle on automatically 100, --if over 100 ip addresses are currently in the block list for flooding ...

­Microsoft's Windows Hello for Business (WHfB) default phishing-resistant authentication model recently was found susceptible to downgrade attacks, allowing threat actors to crack into even ...