Login Subscribe

Vulnerabilities & Exploits

Microsoft Authenticator Leak Lets Apps Sniff One‑Time Codes

Microsoft Authenticator Leak Lets Apps Sniff One‑Time Codes

Security researchers found that specific builds of Microsoft Authenticator unintentionally broadcast the generated one‑time password (OTP) to any app with permission to read the device’s clipboard or accessibility data. The flaw allowed unrelated applications on the same device to capture the six‑digit code before the user could

AI Attack Bots Learn to Replicate Exploits Across Networks Without Human Guidance

A team of security researchers released a paper showing that autonomous cyber‑attack agents can abstract the techniques they learn in one environment and apply them to completely different targets. By training on a limited set of exploits, the AI‑driven bots develop a generalized playbook that lets them discover

New Android Timing Flaw Lets Attackers Unlock Phones in Under 60 Seconds

New Android Timing Flaw Lets Attackers Unlock Phones in Under 60 Seconds

A recently disclosed Android vulnerability exploits a timing mismatch in the lock‑screen authentication module. By sending specially crafted authentication requests and measuring the response latency, an attacker can determine the correct unlock sequence and bypass PIN, pattern, or biometric locks in less than a minute. The flaw resides in

Microsoft Authenticator stores OTPs insecurely, risking MFA token theft

Microsoft Authenticator stores OTPs insecurely, risking MFA token theft

Researchers found that specific releases of the Microsoft Authenticator app write generated one‑time passwords to an unprotected location on the device. The codes remain accessible until they expire, giving anyone with local access—or a compromised app sandbox—a window to steal the MFA token before it is used.

Spike in IoT Scans and New Exploit Kits Signal Rising Threat Landscape

Spike in IoT Scans and New Exploit Kits Signal Rising Threat Landscape

On March 12 the ISC observed a sharp increase in network sweeps targeting IoT devices, alongside a resurgence of low‑profile exploit kits that bundle recent CVEs for Windows and Linux systems. The scans are more aggressive than typical background noise, probing for default credentials, exposed services, and vulnerable firmware.

New Android Lock‑Screen Bypass Lets Attackers Unlock Phones in Under a Minute

New Android Lock‑Screen Bypass Lets Attackers Unlock Phones in Under a Minute

Researchers have uncovered a timing flaw in the way recent Android versions process biometric authentication. By rapidly toggling the biometric prompt and measuring the response latency, an attacker can trick the system into accepting a false authentication token, effectively bypassing the lock screen in as little as 60 seconds without

Microsoft Authenticator Flaw Leaks TOTP Codes, Threatening MFA

Microsoft Authenticator Flaw Leaks TOTP Codes, Threatening MFA

Malwarebytes discovered that specific builds of the Microsoft Authenticator app unintentionally expose the generated time‑based one‑time passwords (TOTP) through a publicly readable storage location. Malicious software on the same device can harvest these codes, allowing it to replay the second factor in an MFA flow without user interaction.

Hidden Risks: Proprietary Apps Create Security Blind Spots

A recent Security.StackExchange discussion highlighted how organizations that depend on proprietary software often operate without full visibility into the code base. Because the source is closed, internal security teams cannot perform thorough code reviews, and they must rely on the vendor’s own testing and disclosure practices. When a