The Hacker News

âš¡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
The Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Seven Windows authentication paths bypass MFA protections, enabling credential attacks through AD, NTLM, Kerberos, RDP, SMB, and service accounts.
PCMag

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Delete Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed to delete articles and place Russian text in the edit summary.

Bitwarden Brings Passkey Logins to Windows 11, Expanding Passwordless Sign-Ins

Bitwarden now supports passkey logins on Windows 11 for Microsoft Entra ID users, extending passwordless sign-ins to device ...
CSO Online

OAuth vulnerability in n8n automation platform could lead to system compromise

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, ...
GitHub

lexicone42/l42-cognito-passkey

Two components: auth.js (client-side) and a Token Handler backend (server-side).
IEEE

Efficient Certificateless Aggregate Authentication Scheme for Real-Time Secure Communication in Vehicular Ad Hoc Networks

Abstract: Vehicular Ad-Hoc Networks (VANETs), as a core component of Intelligent Transportation Systems, provide realtime traffic information exchange through inter-vehicle communication technologies.
IEEE

Privacy-Accountable Distributed Collaborative Authentication for Malicious Node Resistance in Vehicular Ad Hoc Networks

Abstract: In vehicular ad hoc networks (VANETs), distributed identity authentication provides the foundation for securing sessions among entities over wireless channels while eliminating single points ...