Passkeys are pushing authentication away from reusable secrets, while Click to Pay and emerging agent-led commerce are turning payments into a tighter trust problem with new security choke points.
A reported UNC1151 phishing push aimed at Gmail and a Ukrainian email portal shows how credential theft now leans on trusted identity services rather than loud malware.
A small, targeted campaign against AWS users shows how cloned console pages and live interception can make typed MFA codes part of the attack, not the defense.
A phishing operation attributed to Ghostwriter, also tracked as UNC1151, shows how attackers can turn a normal sign-in flow into a credential-grab that reaches beyond the password field.
A reported UNC1151 Ghostwriter campaign puts a familiar weak point back under the microscope: code-based 2FA can still be trapped by a convincing fake login flow.
A Lapsus$-attributed claim tied to github.com is unverified, but it highlights why developer platforms are prized for secrets, access tokens, and account control.
A phishing campaign is using Browser-in-the-Browser styling to target Microsoft 365 credentials, turning ordinary sign-in habits into the attacker’s main entry point.
Active Sessions and Lockdown Mode are being expanded, turning ChatGPT into a tighter-controlled workspace where visibility and restriction matter as much as convenience.
A reported phishing technique puts the spotlight on the recovery layer behind Google Password Manager, where convenience features can become high-value targets.
Tycoon 2FA is a reminder that identity attacks do not need to break passwords if they can relay a live login and harvest the session behind it.
Approval-based multi-factor authentication can still fail when repeated login prompts wear down the user, turning a security control into a shortcut for account access.
A consumer identity change is quietly rewriting the old recovery playbook, shifting personal Microsoft accounts away from text-message codes and toward cryptographic passkeys.
As passkeys enter the authentication mainstream, the real question is not whether passwords were flawed, but how much of digital trust now depends on cryptography, device security, and recovery design.
A legitimate AI-assisted web tool is being discussed as a faster way to assemble phishing pages, turning convenience features into an abuse problem for defenders.
As cyber threats surge, experts declare it’s time to leave passwords behind and embrace the future of authentication: passkeys.
As adversaries outpace traditional MFA, Italy’s enterprise leaders face a high-stakes shift to FIDO2 passkeys or risk regulatory and operational fallout.
Google’s new passwordless sync system promises security, but its hidden cloud architecture could be the next big cyberattack frontier.
With Entra passkeys, Microsoft bets big on a future where your face, finger, or PIN is the only way in-and phishers are locked out for good.
As organizations race to ditch passwords for passkeys, new security and compliance challenges lurk beneath the glossy tech upgrade.