The Hacker News

ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

ThreatsDay Bulletin: active exploits, supply chain attacks, AI abuse, and stealth data risks observed this week.

Google is making it dramatically easier to sign in to apps without OTP or link hassles

Google now lets Android apps verify your email in one tap, no OTP codes and no inbox hunting. Here's how the new Credential Manager API works.
InfoWorld

Offer customers passkeys by default, UK’s NCSC tells enterprises

Developers of enterprise apps and websites will need to get to grips with passkeys: The UK's National Cyber Security Center ...
InfoWorld

UK’s NCSC calls passkeys the default, says passwords are no longer fit for the purpose

Citing resistance to phishing and credential reuse, the agency recommends passkeys wherever supported and warns that ...
Cybernews

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

n8n: Updates fix critical security vulnerabilities in automation platform

The update was announced to all admins via email; they should apply it promptly. Code injection is a risk. As announced on ...