A year after introducing passkey support for consumer accounts, Microsoft is taking a major step toward a passwordless future by setting passkeys as the default sign-in method for all new accounts. “From now on, brand-new Microsoft accounts will be passwordless by default,” announced Microsoft executives Joy Chik and Vasu Jakkal. “New users will have multiple […]
Blog Grid
A new supply chain attack targeting budget Android smartphones has been uncovered, involving pre-installed, trojanized versions of WhatsApp and Telegram designed to hijack cryptocurrency transactions. According to cybersecurity researchers at Russian antivirus firm Doctor Web, the campaign—active since June 2024—involves Chinese-manufactured Android devices shipped with malicious apps disguised as popular messengers, containing crypto-clipping malware to […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security vulnerability affecting SonicWall Secure Mobile Access (SMA) 100 Series devices to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2021-20035 and carrying a CVSS score of 7.2, is a high-severity command injection vulnerability. It allows remote, […]
Browser extensions have become an integral part of employees’ daily workflows—ranging from spell checkers to AI productivity tools. However, a new report from LayerX highlights a growing blind spot in enterprise security: the vast majority of these extensions come with excessive permissions that could expose sensitive organizational data. Released today, the Enterprise Browser Extension Security […]
Google announced on Wednesday that it took significant action against harmful advertising in 2024, suspending more than 39.2 million advertiser accounts, with most being proactively identified and blocked before malicious ads could reach users. In total, the company reported that it blocked 5.1 billion bad ads, placed restrictions on 9.1 billion ads, and either blocked […]
Cybersecurity experts have identified four new privilege escalation vulnerabilities within the Windows Task Scheduler that could enable local attackers to gain elevated privileges and erase system logs, effectively concealing traces of malicious activity. The vulnerabilities are associated with a system utility called “schtasks.exe”, a command-line tool that allows administrators to manage scheduled tasks on both […]