Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Microsoft Entra ID
Microsoft Entra ID authentication overhaul to start in September 2026

Microsoft will begin rolling out passkeys as the default authentication experience for Microsoft Entra ID in the public cloud on September 1, 2026. Organizations with SMS or …

authentication
Only 28% of financial workforce MFA is phishing-resistant

Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new …

Microsoft 365 phishing
Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during …

email
Poisoned “Office 365” search results lead to stolen paychecks

A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into …

Microsoft Entra ID
Microsoft hands Entra ID users new option for MFA

Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, …

vulnerabilities
32% of top-exploited vulnerabilities are over a decade old

Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining …

MFA
Passwords, MFA, and why neither is enough

Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through why each …

phishing
Cybercriminals are scaling phishing attacks with ready-made kits

Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate …

internet
Session tokens give attackers a shortcut around MFA

In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web …

authentication
Passwordless is finally happening, and users barely notice

Security teams know the strain that comes from tightening authentication controls while keeping users productive. A new report from Okta suggests this strain is easing. …

biometrics
The identity mess your customers feel before you do

Customer identity has become one of the most brittle parts of the enterprise security stack. Teams know authentication matters, but organizations keep using methods that …

key
Old authentication habits die hard

Many organizations still rely on weak authentication methods while workers’ personal habits create additional risks, according to Yubico. Training and policy gaps 40% of …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools