The Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

Microsoft Flags Malware Delivery Tied to OAuth Login Phishing Campaign

In its new report, Microsoft has warned of a vulnerable phishing campaign where attackers exploit login feature to OAuth to deliver malware.

'A human-chosen password doesn't stand a chance': OpenClaw has yet another major security flaw — here's what we know about "ClawJacked"

OpenClaw, the vastly popular open source AI agent platform, was vulnerable to a high-severity flaw which allowed threat actors to steal sensitive data from target computers with relative ease, experts ...

How payment fraud evolved from ancient Roman coins to AI-deepfakes — and what's next

Although AI has introduced a new threat in the world of payments fraud, it has also emerged as the analytical backbone of next-generation fraud mitigation systems.