China-based espionage group compromised Notepad++ for six months
The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers.
Advertisement
authentication
Some ChatGPT browser extensions are stealing your data
A threat actor is seeding the internet with AI browser extensions that can intercept a user’s authenticated session tokens and hijack accounts.
Stealing cookies: Researchers describe how to bypass modern authentication
Passwordless authentication standards have improved identity security, but new research indicates this technology is vulnerable to token hijacks and man-in-the-middle attacks.
Microsoft upgrades security for signing keys in wake of Chinese breach
Policymakers and researchers have sharply criticized Microsoft’s security practices after an illicitly obtained key enabled a wide-ranging espionage operation.
The rise of hassle-free and secure authentication
Okta's Federal CSO discusses the rise of passwordless authentication and the need for enhanced web application security.
Government learns that authenticators are key part of modernization
As federal telework inspires movement to zero-trust models, agencies are figuring out what methods work best for them, an authentication expert says.
Advertisement
Researcher claims $100,000 for ‘Sign in with Apple’ hack
It highlights the big payouts Apple has been offering through a bug bounty program it expanded last year.
Google makes safe logins more convenient by allowing smartphones to be security keys
It's the latest anti-phishing effort from Google's Advanced Protection team.
Authentication startup Trusona raises $20 million by promising to help clients ditch passwords
Trusona is working with the likes of Microsoft and the health care company Aetna.
Google to replace Titan keys for free after uncovering Bluetooth flaw
The vulnerability would require an outsider to already have obtained a victim's username and password.