CSOonline

Trivial Telnet authentication bypass exposes devices to complete takeover

The 11-year-old vulnerability likely impacts many devices that are no longer supported — and presents easy exploit even for those that are. Computers with Telnet open are in immediate danger of being ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
Forbes

2FA Code Attacks Surge As Russian Hackers Target Microsoft Users

Microsoft 365 is under attack, China and Russia afflited hackers suspected. Updated December 23 with advice from a mobile security solutions expert regarding the Russian device code attacks targeting ...
The Hacker News

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover ...
bitnewsbot

Russia-Linked Group Uses Device Code Phishing to Steal M365 Credentials

Since September 2025, a suspected Russia-aligned group known as UNK_AcademicFlare has executed a phishing campaign targeting Microsoft 365 credentials. The campaign mainly impacts entities in ...
Macworld

Leaked code spills details of mystery Apple smart home accessory

Macworld reports that leaked internal code reveals Apple’s mystery smart home accessory codenamed ‘J229’, expected to launch in spring 2026. The device appears to be a security camera with multiple ...
Bleeping Computer

OAuth Device Code Phishing: Azure vs. Google Compared

Come along with me on a journey as we delve into the swirling, echoing madness of identity attacks. Today, I present a case study on how different implementations of OAuth 2.0, the core authentication ...
Wired

A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds. The new attack, named ...
HotHardware

Android Pixnapping Flaw Affecting Billions Of Devices Can Steal Your Data & 2FA Codes

Android users beware—a new form of Android malware dubbed Pixnapping has been revealed to the public, and in theory, all current Android devices running Android 13 or newer are vulnerable since "the ...
Seeking Alpha

Medirom Decides to Double Installation of Authentication Device “Orb” to 200 Stores, in Collaboration with “World” Co-founded by Sam Altman and Alex Blania

TOKYO, Sept. 25, 2025 (GLOBE NEWSWIRE) -- MEDIROM Healthcare Technologies Inc. (MRM) (Headquarters: Minato-ku, Tokyo; CEO: Kouji Eguchi; NASDAQ: MRM), a diversified healthcare company, has joined ...