Latest Tech News

Microsoft Entra ID gets passkeys default authentication starting September (No image available)

Microsoft Entra ID gets passkeys default authentication starting September

Microsoft has announced that passkeys will become the default authentication method for the Entra ID enterprise identity service starting September 2026. [...]
New phishing kits target Microsoft 365 accounts, evade MFA (No image available)

New phishing kits target Microsoft 365 accounts, evade MFA

Two new phishing kits, Jalisco and OmegaLord, have been discovered in attacks targeting Microsoft 365 accounts, using techniques that defeat multi-factor authentication (MFA). [...]
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applications can execute untrusted code during system boot, enabling deployment of malicious UEFI bootkits or other malware,"
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain servers can tie a person's separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or
SAP warns of critical flaws in NetWeaver and Commerce Cloud (No image available)

SAP warns of critical flaws in NetWeaver and Commerce Cloud

SAP has addressed 16 vulnerabilities across multiple products as part of its July 2026 security updates, including three critical flaws in NetWeaver, Commerce Cloud, and AppRouter. [...]
How Pentera Turns AI Security Workflows into Validation Engines

How Pentera Turns AI Security Workflows into Validation Engines

AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because attackers do not move through environments one
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating a successful sign-in event that would otherwise alert defenders. And bad actors have begun
Microsoft starts testing cleaner Windows Search without ads (No image available)

Microsoft starts testing cleaner Windows Search without ads

Microsoft is now testing a cleaner and faster version of Windows Search that should prioritize relevant results over ads and promotional content. [...]
This Luddite Puppet Hopes You’re Not Reading This on Your Smartphone (No image available)

This Luddite Puppet Hopes You’re Not Reading This on Your Smartphone

On this week’s episode of The Big Interview podcast, WIRED’s senior culture editor Manisha Krishnan talks to Gowanus about eschewing Big Tech, going outside, and rejection in the age of dating apps.
The Chatbot That Foretold Why People Share Secrets With ChatGPT (No image available)

The Chatbot That Foretold Why People Share Secrets With ChatGPT

In the 1960s an MIT professor named Joseph Weizenbaum created a chatbot called ELIZA. The conversations people had with it set precedents for the chatbots to come.
US sanctions VPN, malware providers for enabling ransomware attacks (No image available)

US sanctions VPN, malware providers for enabling ransomware attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against U.S. organizations. [...]
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle out of the intercepted request, and pulled back a file the agent had been told in plain terms not
DOGE Used AI for Housing Policy. The Government Won’t Say How (No image available)

DOGE Used AI for Housing Policy. The Government Won’t Say How

In response to a public records request, HUD has withheld documents about DOGE’s use of AI—in part by citing a privilege that doesn’t exist.
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused of offering its tools to ransomware groups, along with its 45-year-old Ukrainian
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

A campaign of 148 npm packages disguised as student web proxies turned visitors' browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them. The operators used the registry as free hosting for a booby-trapped proxy site and let the students who came to dodge