Microsoft Authenticator stores OTPs insecurely, risking MFA token theft
Researchers found that specific releases of the Microsoft Authenticator app write generated one‑time passwords to an unprotected location on
IoT Devices Auto‑Login as Admin Open Lateral Paths in Critical Infrastructure
A recent SANS diary entry documented multiple incidents where Internet‑of‑Things (IoT) endpoints—such as smart sensors, cameras, and
New Android Lock‑Screen Bypass Lets Attackers Unlock Phones in Under a Minute
Researchers have uncovered a timing flaw in the way recent Android versions process biometric authentication. By rapidly toggling the biometric
Microsoft Authenticator Flaw Leaks TOTP Codes, Threatening MFA
Malwarebytes discovered that specific builds of the Microsoft Authenticator app unintentionally expose the generated time‑based one‑time passwords (TOTP)
Default IoT Admin Passwords Keep Attackers Inside Your Network
A recent SANS diary entry documented several incidents in which IoT devices—cameras, HVAC controllers, and smart sensors—were accessed
Spike in SSH/Telnet Scans Signals Botnet Recon Across Global Assets
The ISC podcast released on March 9 2026 reported a sharp increase in automated SSH and Telnet probing. Botnet operators
Starkiller Phishing Service Deploys Real Login Pages and MFA Proxying
Krebs on Security uncovered a new phishing‑as‑a‑service platform called Starkiller that supplies attackers with fully functional, brand‑
AI‑Powered Tycoon2FA Phishing Kit Bypasses MFA at Scale
Microsoft uncovered Tycoon2FA, an AI‑enabled phishing kit that hijacks authentication flows in real time. The kit injects malicious JavaScript
UK Mulls VPN Ban: New Threat Landscape for Defenders
The UK government is debating legislation that would prohibit the use of commercial VPN services for personal and business traffic.
AI‑Powered Tycoon2FA Kit Hijacks MFA at Scale
Microsoft’s investigation uncovered the Tycoon2FA phishing kit, which uses artificial‑intelligence to perform real‑time man‑in‑the‑middle
