The Hacker News

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication

Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.

Microsoft: Hackers abuse OAuth error flows to spread malware

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages.
Hackaday

Building A Hackerspace Entry System

A hackerspace is a place that generally needs to be accessed by a wide group of people, often at weird and unusual hours.

This fake Google Security check can steal your passwords. Here’s how to stay safe

A new phishing campaign is impersonating Google’s account security checks to trick users into installing a malicious web app that steals passwords, passcodes, and other sensitive data directly from ...
Biometric Update

Next steps in Papua New Guinea’s DPI rollout include digital ID for KYC, AI adoption

Papua New Guinea’s digital government transformation includes an AI adoption framework and a pilot of remote KYC checks for online bank account applications.