Abstract: The fields of security and usability often conflict with each other. Security focuses on making systems difficult for attackers to compromise. However, doing this also increases difficulty ...

Tycoon2FA has returned with new device-code phishing attacks targeting Microsoft 365 users through legitimate OAuth login ...

Abstract: The pervasive use of mobile devices exposes users to an elevated risk of shoulder-surfing attacks. Despite the prior work on shoulder-surfing resistance of mobile user authentication methods ...

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.

Amid mounting student complaints over CBSE’s new On-Screen Marking system, a Class 12 student and cybersecurity researcher ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Nisarga Adhikary claimed he had hacked the CBSE website and identified serious lapses in the agency's On Screen Marking (OSM) ...