A novel phishing technique uses QR codes presented during MFA authentication to bypass FIDO-based protections.
Posted inCybersecurity News

A novel phishing technique uses QR codes presented during MFA authentication to bypass FIDO-based protections.

Security researchers have identified a novel phishing technique that leverages QR codes presented during simulated multifactor authentication (MFA) processes to bypass FIDO-based protections. The method exploits legitimate cross-device sign-in flows — without compromising the underlying FIDO standard — by manipulating user behavior and undermining core assumptions of phishing-resistant authentication.
WebAuthn PRF Encryption: Passkeys and WebAuthn – the next frontier for secure file encryption.
Posted inEncryption

WebAuthn PRF Encryption: Passkeys and WebAuthn – the next frontier for secure file encryption.

The evolution of passkeys and WebAuthn is not only advancing passwordless authentication—it is also unlocking new capabilities in the realm of data security. Among the most significant recent developments is the ability to use passkeys, in conjunction with the WebAuthn PRF (Pseudo-Random Function) extension, to securely encrypt and decrypt files. This represents a powerful new use case for passkeys, offering users phishing-resistant, hardware-backed, and password-free file encryption.
Russia’s state-sponsored APT28 threat actors are employing a previously unknown software called Authentic Antics against email systems.
Posted inCybersecurity News

Russia’s state-sponsored APT28 threat actors are employing a previously unknown software called Authentic Antics against email systems.

The UK’s National Cyber Security Centre (NCSC) has identified a new cyber espionage campaign attributed to Russian military intelligence operatives. According to a recent report, threat actors associated with the GRU—specifically the well-known group APT28—have been actively utilizing a previously unknown malicious software known as “Authentic Antics” to carry out targeted cyber operations against email systems.
Critical vulnerability in NVIDIA Container Toolkit, widely used in AI environments, presents significant security risk to cloud infrastructures.
Posted inCybersecurity News

Critical vulnerability in NVIDIA Container Toolkit, widely used in AI environments, presents significant security risk to cloud infrastructures.

A recently disclosed critical vulnerability in the NVIDIA Container Toolkit, widely used in AI and high-performance computing environments, presents a significant security risk to cloud infrastructures running GPU-accelerated workloads. Tracked as CVE-2025-23266, the vulnerability enables privilege escalation from within containers, allowing attackers to gain root-level access to the host system. With a CVSS score of 9.0 (Critical), the flaw affects a substantial portion of GPU-enabled cloud environments, including those offering multi-tenant AI services.
WiFi sensing means WiFi networks are used for more than just data transmission – and that could pose risks for cybersecurity.
Posted inCybersecurity News

WiFi sensing means WiFi networks are used for more than just data transmission – and that could pose risks for cybersecurity.

As wireless technologies continue to evolve, WiFi networks are increasingly being utilized for more than mere data transmission. WiFi sensing harnesses existing WiFi signals to detect and interpret physical activities, presence, and even physiological states, all without the need for wearables or dedicated monitoring hardware. While the opportunities afforded by WiFi sensing are significant, especially in enhancing security and automation, this innovation also introduces new challenges for cybersecurity and privacy.