Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Stop texting passwords to your partner, it's riskier than you think

Couples often text passwords, but it's risky. Learn how to safely share online accounts with a password manager.
CoinDesk

The $293 million KelpDAO hack shows why DeFi is finally being forced to grow up

For protocol founders and security researchers, the incident reinforced a broader shift underway across crypto: DeFi is no longer primarily battling coding bugs. It’s battling complexity.
IEEE

Multi-Channel Multi-Protocol Quantum Key Distribution System for Secure Image Transmission in Healthcare

Abstract: Quantum key distribution (QKD) is a viable technique for safeguarding image transmission against numerous attacks. To address the limitations of existing methods in securing electronic ...

A hotel check-in system left a million passports and driver’s licenses open for anyone to see

The tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access ...
TweakTown

Security researcher finds zero-day exploit that defeats Windows 11 BitLocker, calls it an insane 'backdoor' discovery

Users who rely solely on TPM-based BitLocker are most at risk, while those with a PIN or USB security key at boot are ...
The Hacker News

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Turla turns Kazuar into a 3-module P2P botnet, enabling stealthy C2, resilient tasking, and persistent access.
Microsoft

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by ...
TechSpot

A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

The Epitome of WTF: A researcher known as "Nightmare-Eclipse" recently released YellowKey, a security vulnerability that allegedly enables a full bypass of BitLocker's full-volume encryption. The ...