The cost of compromise: Why password attacks are still winning in 2025
Poor password management is responsible for thousands of data breaches, but it doesn’t have to be this way.
Sponsored feature
Authentication
China approves rules for national ‘online number’ ID scheme
Asia In Brief PLUS: Original emoji retired; Xiaomi's custom silicon; Pakistan dedicates 2,000 MW to AI and crypto
Public Sector26 May 2025 | 18
April's Patch Tuesday leaves unlucky Windows Hello users unable to login
Updated Can't Redmond ask its whizz-bang Copilot AI to fix it?
Patches09 Apr 2025 | 11
Why the long name? Okta discloses auth bypass bug affecting 52-character usernames
Mondays are for checking months of logs, apparently, if MFA's not enabled
Security04 Nov 2024 | 14
Deadline looms: Google Workspace mandates OAuth by September 30
27 days to get your users' third-party apps on Google’s sign-in
Devops03 Sep 2024 | 8
Microsoft, Google do a victory lap around passkeys
Windows giant extends passwordless tech to everyone else
Security02 May 2024 | 74
BROADER TOPICS
NARROWER TOPICS
Twilio reminds users that Authy Desktop apps die in March – not in August
'This is an excellent way to piss off thousands of developers'
Devops15 Feb 2024 | 31
Microsoft's security roadmap: Protect secrets in Azure DevOps
You can’t steal what you can’t access ... we hope
Sysadmin Month16 Jul 2023 | 2
Modern Auth comes to on-prem Exchange Server gear
Guess this'll have to do while we wait for *checks notes* ES 2025
CSO08 May 2023 | 2
Microsoft switches gears, keeps Exchange Online's CARs around until Sept 2024
At least Redmond listens to some customers
SaaS10 Apr 2023 | 1
French parliament says oui to AI surveillance for 2024 Paris Olympics
Liberté, égalité, reconnaissance faciale for all
Security24 Mar 2023 | 47
Microsoft freaks out users with Windows 11 warning: 'LSA protection is off'
Alerts telling folks their 'device may be vulnerable' triggered by KB5007651
OSes22 Mar 2023 | 52
Attackers abuse Microsoft’s 'verified publisher' status to steal data
Malicious OAuth apps were the tickets into victims' systems
Security01 Feb 2023 | 7
Microsoft locks door to default guest authentication in Windows Pro
Bringing OS version into sync with Enterprise and Education editions
CSO17 Jan 2023 | 24
Crooks copy source code from Okta’s GitHub repository
The hack wraps up a year of bad security incidents for identity
Security23 Dec 2022 | 13
Windows Server domain controllers may stop, restart after recent updates
Microsoft outlines a workaround while pulling together a fix to LSASS memory leak
Patches28 Nov 2022 | 19
Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers
Emergency out-of-band updates to the rescue
Patches21 Nov 2022 | 36
Microsoft to kill off old access rules in Exchange Online
Awoooogah – this is your one-year warning to switch over, enterprises
CSO28 Sep 2022 | 13
Oracle Cloud at one point would let you access any other customer's data
chmod a+rw at hyperscale
PaaS + IaaS21 Sep 2022 | 5
Microsoft: The deadline to get off Basic Auth is approaching
Exchange Online face Halloween deadline
OSes05 Sep 2022 | 50
FBI: Look out, crooks stole $1.3b in cryptocurrency in just three months this year
DeFi, as in, defying belief
Cyber-crime01 Sep 2022 | 9
LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data
Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor
Cyber-crime22 Aug 2022 | 6
DataDome looks to CAPTCHA the moment with test of humanity that doesn't hurt
As the verification technology weathers ongoing criticism from users, one anti-bot security vendor rolls out its own tool
Security21 Jul 2022 | 15
Mergers and acquisitions put zero trust to the ultimate test
Bypasses an arduous integration process with right security footing from the start
CSO13 Jul 2022 | 1
Zero Trust: What does it actually mean – and why would you want it?
Systems Approach 'Narrow and specific access rights after authentication' wasn't catchy enough
Networks30 Jun 2022 | 10
Start using Modern Auth now for Exchange Online
Before Microsoft shutters basic logins in a few months
CSO29 Jun 2022 | 27
DeadBolt ransomware takes another shot at QNAP storage
Keep boxes updated and protected to avoid a NAS-ty shock
Cyber-crime18 Jun 2022 | 16
Vehicle owner data exposed in GM credential-stuffing attack
Car maker says miscreants used stolen logins to break into folks' accounts
Security25 May 2022 | 29
Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies
Critical authentication bypass revealed, older flaws under active attack
CSO19 May 2022 | 6
GitHub to require two-factor authentication for code contributors by late 2023
Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks
Security05 May 2022 | 17
Threat group builds custom malware to attack industrial systems
US security agencies say the tools can give hackers control of ICS and SCADA devices
Security14 Apr 2022 | 8
HCL and HP named in unflattering audit of India’s biometric ID system
Same biometric used for different people, no archives, lousy infosec among the issues
Security12 Apr 2022 | 16
Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln
Patch flaws and enforce authentication policies, CISA and FBI warn
Security16 Mar 2022 | 3
Azure flaw allowed users to control others' accounts
AutoWarp security hole wasn't exploited – though researchers saw a way into a bank and a telco
Security08 Mar 2022 | 7
The zero-password future can't come soon enough
SpyCloud highlights poor password hygiene of consumers and the threat to enterprises
Security02 Mar 2022 | 121
Silk could tie up all-but-unbreakable encryption, say South Korean boffins
At last, a worm that improves security
Security28 Jan 2022 | 36
Biting the hand that feeds IT
