Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Analytics Insight

What Is Trafficmind and How Does It Stop Bot Attacks

Bot attacks are one of the most common threats you can expect to deal with as you build your site or service. One exposed attack vector can bring your e-commerc ...
Security Boulevard

Common ecommerce security vulnerabilities and testing strategies

Ecommerce platforms represent one of the most consistently targeted areas of the modern digital estate. They process payment ...
The Hacker News

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

SafeLine self-hosted WAF blocks SaaS bot abuse with 99.45% accuracy, cutting fake sign-ups and stabilizing CPU usage.

Hackers target Microsoft Entra accounts in device code vishing attacks

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device ...
Yahoo Finance

Imprivata Introduces Advanced Access Management and Passwordless Authentication Capabilities to Improve User Efficiency and Strengthen Security

WALTHAM, Mass., Feb. 10, 2026 (GLOBE NEWSWIRE) -- Imprivata, a leading provider of access management solutions for healthcare and other mission-critical industries, today introduced comprehensive new ...
Bleeping Computer

The Double-Edged Sword of Non-Human Identities

In a sweeping analysis conducted in late 2025, Flare researchers uncovered more than 10,000 Docker Hub container images leaking secrets (including production API keys, cloud tokens, CI/CD credentials, ...
Channel NewsAsia Singapore

What you need to know about the ban on private organisations using NRIC numbers for authentication

SINGAPORE: Private organisations have until the end of 2026 to phase out the use of NRIC numbers for authentication, the Personal Data Protection Commission (PDPC) announced on Monday (Feb 2).