two-factor authentication

A massive, unprotected database containing 149 million usernames and passwords was discovered, exposing credentials for major email, social media, financial,…

PcComponentes denied a massive data breach, clarifying it was targeted by a credential stuffing attack using credentials from older, unrelated…

A sophisticated phishing technique called Browser-in-the-Browser is resurging, embedding fake login windows within legitimate webpages to steal credentials by mimicking…

Meta denied a system breach, attributing a wave of password reset emails to an external party exploiting a technical flaw…

Instagram resolved a widespread glitch that erroneously sent password reset emails to users, confirming an external party triggered the automated…

Meta is launching a global, unified support center for Facebook and Instagram to streamline account issue management, featuring tools for…

Pixnapping is a new Android attack method that uses transparent screen layers to stealthily capture and reconstruct on-screen pixel data,…

A mandatory security update for X's domain migration is causing account lockouts and login loops, requiring users to switch two-factor…

X is phasing out the Twitter.com domain, requiring users with physical security keys or passkeys to re-enroll them by November…

X is phasing out the twitter.com domain for authentication, requiring users to re-register their physical security keys under x.com by…

A security flaw called Pixnapping allows malicious apps to intercept sensitive data like two-factor codes and private messages without requiring…

The npm registry faces increasing threats from attacks like phishing campaigns and the self-propagating "Shai-Hulud" worm, leading GitHub to implement…

Plex has confirmed a security breach involving unauthorized access to customer emails, usernames, and securely hashed passwords, but no payment…

A phishing campaign compromised at least 18 widely used JavaScript npm packages, injecting malicious code to hijack cryptocurrency transactions and…

Plex is advising all users to reset their passwords immediately after an unauthorized party accessed a restricted database, compromising email…

Plex has experienced a security breach where an unauthorized party accessed customer data, including email addresses, usernames, and securely hashed…

Passkeys are often implemented alongside passwords rather than replacing them, creating a hybrid and sometimes confusing login process that varies…

Google has officially denied reports of a massive Gmail security breach, stating that no widespread compromise of user data has…

Google denies recent claims of increased scam risks for Gmail users on desktops and laptops, asserting that its security systems…

Proton has launched a privacy-focused authenticator app for 2FA, featuring end-to-end encryption and cross-platform compatibility. The app supports offline use,…