The Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.
techtimes

Passwordless Authentication: Is Biometric Login & Security Tech Really Safer?

Biometric login revolutionizing passwordless authentication: Is this security tech safer than passwords? Explore benefits, risks, and 2025 trends. Pixabay, Mohamed_hassan Passwordless logins have ...
Windows Report

Microsoft Introduces Passkey Authentication for Windows Devices Through Entra

Microsoft introduces passkey support for Microsoft Entra on Windows devices, enabling passwordless sign-in using Windows Hello.

Why Fallback Channels Are Now Core To Secure Authentication

Fallback channels do not eliminate risk, but they can absorb shocks. They can turn isolated failures into recoverable moments ...
VentureBeat

MCP shipped without authentication. Clawdbot shows why that's a problem.

Model Context Protocol has a security problem that won't go away. When VentureBeat first reported on MCP's vulnerabilities last October, the data was already alarming. Pynt's research showed that ...
Forbes

Adapting Authentication For Digital Finance: Balancing Security, Compliance And User Experience

In the evolving digital finance landscape, robust authentication is paramount. Modern financial products offer unprecedented digital accessibility, but this convenience exists within a complex ...
Bleeping Computer

Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks

Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable ...
Bleeping Computer

ASUS warns of critical auth bypass flaw in DSL series routers

ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. Tracked as CVE-2025-59367, this vulnerability allows remote, ...