Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

Bitwarden adds support for passkey login on Windows 11

Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication.
Security Boulevard

External Authentication: Exploring WS-Trust for Authentication

Learn how WS-Trust powers external authentication in hybrid identity environments. Explore the Security Token Service (STS) ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
Le Lézard

Bitwarden Enables Passkey Login to Windows 11

Bitwarden, the trusted leader in password, passkey, and secrets management, today announced support for logging into Windows using passkeys stored in the Bitwarden vault. The new capability enables ...
Security Boulevard

Zero Trust Architecture: The Technical Blueprint

Zero Trust isn't magic. It's a specific set of architectural components working together—policy engine, identity fabric, ...
The Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.
CSO Online

OAuth phishers make ‘check where the link points’ advice ineffective

Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware ...