Microsoft shuts down illegal code-signing operation used by ransomware criminals to mask their malware

Microsoft seized websites and took down hundreds of virtual machines running a cybercrime service that allegedly sold code-signing certificates to ransomware gangs, thus making their malware look like legitimate software – and allowing criminals to infect thousands of machines in Read More …

Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools

Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks. Despite its critical role in the enterprise identity infrastructure, Read More …

Experts warn nearly half of the world’s passwords can easily be cracked in just a few minutes

Using real-world samples recovered from the dark web, Kaspersky researchers have tested how long it would take to crack most passwords, and found that almost half of the world’s passwords can be cracked in less than a minute. Additionally, the research shows Read More …

Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this vulnerability. The Read More …

Thousands of official government email addresses, including plaintext passwords available online

The official email accounts of public officials all over the world have been leaked online, with many exposed alongside their plaintext passwords, making it trivial for an attacker to breach their accounts. Researchers at Proton scoured the darker side of Read More …

Hungary: Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts

Hungary’s government has discovered the hard way that the biggest threat to national security might just be its own password choices. An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, Read More …

Google Authenticator: The Hidden Mechanisms of Passwordless Authentication

Passwordless authentication is often presented as the end of account takeover. But to understand the real threat landscape, we need to examine how passwordless is actually deployed in the real world. Attackers do not break protocols in theory. They target Read More …

Europol, Microsoft, TrendAI and Collaborators Halt Tycoon 2FA Operations

Researchers from TrendAI have been tracking the infrastructure, as well as the campaigns and operator behaviors that can be linked to Tycoon 2FA to build a clearer picture of how its services was being used at scale. By November 2025, Read More …

CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 [Common Weakness Enumeration (CWE)-288: Authentication Bypass Using an Alternate Path or Channel] allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other Read More …