Securing digital keys when your phone unlocks the car 2026-06-18 at 09:00 By Mirko Zorz In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She […]
Securing digital keys when your phone unlocks the car Read More »
China-linked spies backdoored authentication stack to stay hidden for years 2026-06-15 at 18:27 By Zeljka Zorz A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the results of a forensic investigation published by cybersecurity firm Sygnia. The group’s
China-linked spies backdoored authentication stack to stay hidden for years Read More »
Apple Intelligence can now replace weak passwords without user intervention 2026-06-09 at 15:21 By Anamarija Pogorelec Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. Automatically Fix Passwords (Source: Apple) Introduced as a standalone app in 2024, Passwords gives users a central place
Apple Intelligence can now replace weak passwords without user intervention Read More »
Let’s Encrypt works toward post-quantum certificates at web scale 2026-06-05 at 15:49 By Anamarija Pogorelec Let’s Encrypt plans to pursue a post-quantum-safe Web PKI through Merkle Tree Certificates (MTCs), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. The project is targeting late
Let’s Encrypt works toward post-quantum certificates at web scale Read More »
Thieves can pull off keyless car theft in under a minute and here’s how to stop them 2026-06-05 at 09:24 By Mirko Zorz A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough.
Thieves can pull off keyless car theft in under a minute and here’s how to stop them Read More »
Microsoft Entra pushes passkeys, tightens identity security 2026-06-02 at 15:47 By Anamarija Pogorelec Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero trust security strategy, over the last 30 days. Features reaching general availability Identity and authentication updates Phishing-resistant
Microsoft Entra pushes passkeys, tightens identity security Read More »
The new economics of fraud: Cheaper, faster, more convincing 2026-05-22 at 08:29 By Anamarija Pogorelec Scams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals redirect efforts toward trust and third parties Fraud involves behavioral manipulation, fragmented
The new economics of fraud: Cheaper, faster, more convincing Read More »
7 hard truths security pros should know: 2026 DevOps Threats Report 2026-05-20 at 09:34 By Help Net Security In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your
7 hard truths security pros should know: 2026 DevOps Threats Report Read More »
What happens when your identity provider becomes the kill chain 2026-05-20 at 09:34 By Help Net Security In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in
What happens when your identity provider becomes the kill chain Read More »
Earbud sensors can authenticate users by their heartbeat, study finds 2026-05-19 at 09:17 By Mirko Zorz Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so
Earbud sensors can authenticate users by their heartbeat, study finds Read More »
Android pushes new scam, theft, and AI protections in 2026 update wave 2026-05-13 at 07:03 By Sinisa Markovic Phone scammers spoofing bank caller IDs have driven an estimated $980 million in annual losses worldwide, according to Europol. Android’s 2026 security roadmap takes direct aim at that pattern with a verified call system built in partnership
Android pushes new scam, theft, and AI protections in 2026 update wave Read More »
ChatGPT advanced account security adds passkeys and hardware keys 2026-05-04 at 02:31 By Anamarija Pogorelec Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips password-based sign-in from ChatGPT and
ChatGPT advanced account security adds passkeys and hardware keys Read More »
FIDO Alliance wants to keep AI agents from going rogue on online payments 2026-04-29 at 05:30 By Sinisa Markovic AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf.
FIDO Alliance wants to keep AI agents from going rogue on online payments Read More »
Your IAM was built for humans, AI agents don’t care 2026-04-27 at 11:18 By Help Net Security Identity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where “Who are you?” was sufficient to decide what someone could do. That model served enterprises well
Your IAM was built for humans, AI agents don’t care Read More »
Users advised to drop passwords and make room for passkeys 2026-04-24 at 23:26 By Sinisa Markovic In a decisive move that could reshape how users log in online, the National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in favour of passkeys, positioning them as the future of authentication. “Passkeys should become consumers’
Users advised to drop passwords and make room for passkeys Read More »
Google brings instant email verification to Android, no OTP needed 2026-04-23 at 15:10 By Anamarija Pogorelec Google has introduced cryptographically verified email credentials for Android through the Credential Manager API. This API aligns with the W3C Digital Credential API standard. It provides a unified way for apps to request and retrieve user credentials for authentication
Google brings instant email verification to Android, no OTP needed Read More »
Product showcase: Ente Auth encrypts, backs up, and syncs 2FA 2026-04-16 at 08:11 By Anamarija Pogorelec Two-factor authentication (2FA) is an essential layer of protection for online accounts, and Ente Auth makes it easier to manage securely across devices. Ente Auth is a free, open-source authenticator app designed to generate and store one-time passcodes for
Product showcase: Ente Auth encrypts, backs up, and syncs 2FA Read More »
29 million leaked secrets in 2025: Why AI agents credentials are out of control 2026-04-14 at 08:11 By Help Net Security AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of external services. Every integration point requires an identity. Most
29 million leaked secrets in 2025: Why AI agents credentials are out of control Read More »
Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day 2026-04-07 at 20:31 By Mirko Zorz Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google also adopted after announcing that it had improved the
Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day Read More »
AI-enabled device code phishing campaign exploits OAuth flow for account takeover 2026-04-07 at 14:59 By Anamarija Pogorelec A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research
AI-enabled device code phishing campaign exploits OAuth flow for account takeover Read More »