Everyone knows what a password is. But we can’t say the same for two-factor authentication or passkeys, which is a shame because these two security features dramatically boost the safety of your ...

The phishing platform “Whisper 2FA” has rapidly become one of the most active tools used in large-scale credential theft campaigns, according to new research from Barracuda. Since July 2025, the ...

Android devices are vulnerable to a new attack that can covertly steal two-factor authentication codes, location timelines, and other private data in less than 30 seconds. The new attack, named ...

Proton Authenticator is a new free, open-source 2FA app for mobile and desktop. It supports encrypted multi-device sync, local-only storage, and easy import/export of 2FA tokens. The app works with or ...

When a sizeable chunk of online attacks involves weak passwords and unauthorized account access, second-factor authentication (2FA) is one of those magic bullets that can save your digital life from ...

Qantas attacked days after FBI warning. Update, July 4, 2025: This story, originally published on July 2, has been updated with the latest statement from Qantas, including a lengthy explanation by ...

Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. As BleepingComputer first reported earlier this month, Coinbase had ...

Google Prompt is a pretty good 2-factor authentication (2FA) option for the vast majority of users, with Google now adding fingerprint or PIN authentication to the process. Over the past few days, ...

A new version of the phishing kit Tycoon 2FA, which uses advanced tactics to bypass multi factor authentication (MFA) and evade detection, has been analyzed by threat researchers at Barracuda. Tycoon ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. A cybercrime group known as Sneaky Log has been selling a ...

A phishing-as-a-service (PhaaS) kit dubbed Mamba 2FA is targeting Microsoft 365 users using a variety of convincing adversary-in-the-middle (AitM) disguises. According to the Sekoia Threat Detection & ...