authentication
AIMap: Open-source tool finds and tests exposed AI endpoints
Public-facing Ollama servers, MCP endpoints, and inference proxies have multiplied across the internet over the past year, often deployed without authentication or rate …
ChatGPT advanced account security adds passkeys and hardware keys
Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. …
FIDO Alliance wants to keep AI agents from going rogue on online payments
AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are …
Your IAM was built for humans, AI agents don’t care
Identity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where “Who are you?” was sufficient to …
Users advised to drop passwords and make room for passkeys
In a decisive move that could reshape how users log in online, the National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in favour of passkeys, …
Google brings instant email verification to Android, no OTP needed
Google has introduced cryptographically verified email credentials for Android through the Credential Manager API. This API aligns with the W3C Digital Credential API …
Product showcase: Ente Auth encrypts, backs up, and syncs 2FA
Two-factor authentication (2FA) is an essential layer of protection for online accounts, and Ente Auth makes it easier to manage securely across devices. Ente Auth is a free, …
29 million leaked secrets in 2025: Why AI agents credentials are out of control
AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of …
Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day
Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a …
AI-enabled device code phishing campaign exploits OAuth flow for account takeover
A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow …
Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app
Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is …
Click, wait, repeat: Digital trust erodes one login at a time
Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments …
Featured news
Resources
Don't miss
- Synology issues critical fix for MailPlus Server vulnerabilities
- Mystery hackers use novel SharkLoader dropper against governments, software devs
- A privacy-first take on local malware analysis
- Two CEOs on why security and AI readiness belong together
- The uptime questions every engineering leader should ask this week