A MedusaLocker-branded publication listing a named victim and 11 alleged email records shows how ransomware crews use even limited data claims to raise the cost of ignoring them.
A Fortinet credential-harvesting campaign known as FortiBleed highlights how stolen perimeter access can matter more than a new exploit.
A two-week wave of password spraying against Microsoft 365 shows how weak credentials and permissive sign-in controls can turn identity into the softest layer of cloud security.
A fresh look at AirDrop and Quick Share shows how short-range convenience can become a pre-authentication attack surface, even when no user taps accept.
Bethesda has set The Elder Scrolls IV: Oblivion Remastered for Nintendo Switch 2 on August 11, 2026, and any high-profile launch now moves through a chain of stores, accounts, downloads, and update checks.
CISA’s KEV listing for a SimpleHelp flaw turns a niche authentication bug into a reminder that privileged remote-access tools can become high-value targets fast.
A seasonal HYPE offer for new customers is less interesting for the euro amount than for what it reveals about app-based finance: eligibility logic, device-linked security, and the fraud patterns that trail every limited-time promotion.
A newly disclosed weakness in the AI workflow builder could let an attacker present a trusted session cookie and act as another user, even though the exact root cause has not been made public.
A SimpleHelp authentication flaw has landed in CISA’s exploited-vulnerability catalog, a reminder that remote administration tools can become high-value targets long before most defenders finish patching.
A huge password-spray wave against Microsoft’s command-line cloud tooling shows why authentication, not code, is often the real battleground in modern cloud attacks.
A six-flaw patch round for NetScaler ADC and Gateway shows how small bugs in perimeter appliances can ripple into authentication trouble and service outages.
Apache Tomcat has disclosed one bug that can weaken authentication and another that can weaken servlet-level access control, a reminder that identity and authorization fail in different ways.
Apache has disclosed flaws in Tomcat’s authentication and access-control paths, a reminder that container-level mistakes can ripple through every application sitting on top of them.
A newly posted victim entry tied to Pear may point to data-extortion pressure, but no public evidence here confirms a breach, stolen files, or encryption.
Repeated unauthorized access to an insurance policy portal shows how ordinary customer logins can become high-value targets for identity theft, fraud, and downstream abuse.
The launch of hosted Model Context Protocol servers makes X easier for AI tools to reach, but it also puts authentication scope and tool boundaries at the center of the conversation.
A critical pre-authentication bug tied to CVE-2026-8037 shows how a single management API mistake can threaten the control plane of a network edge device.
A security notice flags multiple Apache Tomcat vulnerabilities, including one critical flaw that could let a malicious user bypass authentication on affected systems.
A large mobile app review points to a familiar but dangerous pattern: AI features are only as safe as the secrets and authentication behind them.
Business Email Compromise is best understood as coordinated fraud, built from compromised access, financial research, and cash-out networks rather than a simple inbox trick.