Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

MFA verifies who logged in. It has no idea what they do next.

What happens after MFA succeeds? How session token theft lets attackers move laterally through enterprise networks without ...

1Password extends OpenAI collaboration with Codex MCP server for just-in-time credential access

Cybersecurity and password service provider 1Password LLC today expanded its collaboration with OpenAI Group PBC, releasing a ...

Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...