Saturday 04 July 2026 06:13:42 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#Passkeys


When the Password Dies, the Real Battle Moves to Devices and Checkout Rules

Published: 29 June 2026 14:39Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: AUDITWOLF

Passkeys are pushing authentication away from reusable secrets, while Click to Pay and emerging agent-led commerce are turning payments into a tighter trust problem with new security choke points.

Ghostwriter’s Login Trap: Why a Familiar Mailbox Can Become a High-Value Target

Published: 29 June 2026 10:08Category: Cyber Warfare & Nation-State OperationsGeo: Europe / BelarusAuthor: AGONY

A reported UNC1151 phishing push aimed at Gmail and a Ukrainian email portal shows how credential theft now leans on trusted identity services rather than loud malware.

Fake AWS Logins, Real-Time Theft: The Cloud Phish That Turns MFA Into a Relay

Published: 25 June 2026 10:10Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: NEURALSHIELD

A small, targeted campaign against AWS users shows how cloned console pages and live interception can make typed MFA codes part of the attack, not the defense.

Fake Gmail Panels Put Passwords and One-Time Codes in the Same Trap

Published: 16 June 2026 15:22Category: Security Awareness & Social EngineeringGeo: Europe / PolandAuthor: PATCHKNIGHT

A phishing operation attributed to Ghostwriter, also tracked as UNC1151, shows how attackers can turn a normal sign-in flow into a credential-grab that reaches beyond the password field.

A Gmail Phish That Hunts for the Second Factor, Not Just the Password

Published: 16 June 2026 12:42Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: PATCHKNIGHT

A reported UNC1151 Ghostwriter campaign puts a familiar weak point back under the microscope: code-based 2FA can still be trapped by a convincing fake login flow.

When an Extortion Claim Points at GitHub, the Real Target Is Identity

Published: 13 June 2026 14:23Category: Ransomware & ExtortionGeo: North America / USAAuthor: NEBULASCOUT

A Lapsus$-attributed claim tied to github.com is unverified, but it highlights why developer platforms are prized for secrets, access tokens, and account control.

BitB Phishing Pushes Microsoft 365 Users Into a Dangerous Login Illusion

Published: 09 June 2026 14:44Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: PATCHKNIGHT

A phishing campaign is using Browser-in-the-Browser styling to target Microsoft 365 credentials, turning ordinary sign-in habits into the attacker’s main entry point.

OpenAI Adds New Locks to ChatGPT as Account Security Becomes the Real Battleground

Published: 08 June 2026 12:48Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: SHADOWFIREWALL

Active Sessions and Lockdown Mode are being expanded, turning ChatGPT into a tighter-controlled workspace where visibility and restriction matter as much as convenience.

The Passkey Trap: Why One PIN Can Become the Weakest Link in a Synced Vault

Published: 28 May 2026 14:30Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: NEURALSHIELD

A reported phishing technique puts the spotlight on the recovery layer behind Google Password Manager, where convenience features can become high-value targets.

Why Tycoon 2FA Still Matters: The Cloud Login Trap That Can Beat Weak MFA

Published: 27 May 2026 12:06Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: SHADOWFIREWALL

Tycoon 2FA is a reminder that identity attacks do not need to break passwords if they can relay a live login and harvest the session behind it.

Prompt Fatigue: The Quiet MFA Trick That Turns Protection Into Permission

Published: 26 May 2026 17:29Category: Cloud, SaaS & Identity SecurityAuthor: SHADOWFIREWALL

Approval-based multi-factor authentication can still fail when repeated login prompts wear down the user, turning a security control into a shortcut for account access.

Microsoft Turns the Key on SMS: Passkeys Move to the Center of Personal Account Security

Published: 22 May 2026 12:21Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: SHADOWFIREWALL

A consumer identity change is quietly rewriting the old recovery playbook, shifting personal Microsoft accounts away from text-message codes and toward cryptographic passkeys.

When the Secret Stops Working: Passkeys Push Passwords Into Their Hardest Test Yet

Published: 14 May 2026 18:55Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: AUDITWOLF

As passkeys enter the authentication mainstream, the real question is not whether passwords were flawed, but how much of digital trust now depends on cryptography, device security, and recovery design.

When the Prompt Becomes the Payload: AI Site Builders Enter the Phishing Economy

Published: 12 May 2026 13:51Category: Security Awareness & Social EngineeringGeo: North America / USAAuthor: PATCHKNIGHT

A legitimate AI-assisted web tool is being discussed as a faster way to assemble phishing pages, turning convenience features into an abuse problem for defenders.

The Password is Dead: Inside the Global Push for Passkeys on World Password Day 2026

Published: 07 May 2026 11:06Category: Privacy, Regulation & ComplianceAuthor: SECPULSE

As cyber threats surge, experts declare it’s time to leave passwords behind and embrace the future of authentication: passkeys.

Breaking the Password Habit: Italian CISOs Race Against the Clock in the Passkey Migration War

Published: 01 April 2026 05:13Category: Privacy, Regulation & ComplianceGeo: EuropeAuthor: SECPULSE

As adversaries outpace traditional MFA, Italy’s enterprise leaders face a high-stakes shift to FIDO2 passkeys or risk regulatory and operational fallout.

Invisible Locks, Visible Risks: How Google Authenticator’s Passkey Cloud Could Become a Hacker’s Playground

Published: 25 March 2026 13:38Category: Cloud, SaaS & Identity SecurityGeo: North AmericaAuthor: SECPULSE

Google’s new passwordless sync system promises security, but its hidden cloud architecture could be the next big cyberattack frontier.

Microsoft Declares War on Phishers: Windows Sign-ins Get a Passwordless Fortress

Published: 10 March 2026 17:48Category: Cloud, SaaS & Identity SecurityGeo: North AmericaAuthor: TRUSTBREAKER

With Entra passkeys, Microsoft bets big on a future where your face, finger, or PIN is the only way in-and phishers are locked out for good.

Beyond Passwords: The Hidden Risks and Rewards of Going Passwordless Under ISO 27001

Published: 16 February 2026 18:12Category: Privacy, Regulation & ComplianceAuthor: LOGICFALCON

As organizations race to ditch passwords for passkeys, new security and compliance challenges lurk beneath the glossy tech upgrade.

Windows 11 now lets you use 1Password and Bitwarden for managing passkeys

Published: 16 November 2025 18:31Category: Cyber Intelligence & Threat TrendsGeo: North AmericaAuthor: DEBUGSAGE