Readers discuss the security benefits and drawbacks of passkeys, with some finding them confusing and others championing them as a superior alternative to passwords.
Major platforms like YouTube, Instagram, and TikTok are labeling AI-generated content but offer no filters to exclude it. DeviantArt and Pinterest have filters, but they are difficult to find and largely ineffective, suggesting a reluctance by tech giants to truly address the issue.
Korean security companies are speeding up their efforts to enter next-generation markets like quantum security and public mydata authentication. Genians is developing quantum-resistant gateway technology, Raonsecure is targeting the public mydata digital authentication market with its OmniOne CX service, and Gabia has been selected as a supplier for the '2026 High-Performance Computing Support Project'.
Google's Threat Intelligence Group detected and stopped a novel AI-generated zero-day exploit targeting two-factor authentication. The sophisticated attack, potentially linked to foreign hackers, aimed for mass exploitation but was thwarted before it could occur.
A North Korea-linked hacking group, Kimsuky, is reportedly using AI to develop malware targeting South Korea's government electronic authentication system, posing a significant security threat.
Cybercriminals have reportedly leveraged artificial intelligence to craft a potent hacking tool capable of circumventing security measures in a widely used system administration software. Google's security team uncovered this novel threat, which exploited an unknown vulnerability to bypass multi-factor authentication. The developer was alerted and patched the flaw before it could be weaponized, marking a significant development in AI-driven cyberattacks.
Cybercriminals used an AI model to find and weaponize a previously unknown software flaw, Google's threat team confirmed Monday.
For the first time, Google says it has spotted and stopped a zero-day exploit developed with AI. According to a report from Google Threat Intelligence Group (GTIG), "prominent cyber crime threat actors" were planning to use the vulnerability for a "mass exploitation event" that would have allowed them to bypass two-factor authentication on an unnamed […]
ICICI Bank has launched biometric authentication for UPI transactions up to Rs 5,000 on its iMobile app, allowing users to authorize payments via fingerprint (Android) or face recognition (iOS) without entering a UPI PIN. The feature is available on Android v30 and iOS v28.2, enhancing security by eliminating shoulder-surfing risks while speeding up transactions. Transactions above Rs 5,000 still require traditional UPI PIN verification. NPCI introduced this biometric option for payments below Rs 5,000 in October 2025.
Scammers are using AI-generated deepfake videos of celebrities including Taylor Swift and Rihanna to promote fraudulent money-making schemes on TikTok and other social platforms. The ads manipulate real footage from interviews and red carpet events, using TikTok branding to lure users to third-party services that collect personal information. TikTok, Meta, and YouTube are struggling to combat the surge of convincing deepfakes, with Swift recently filing trademark applications to protect her voice from AI copycats.
Microsoft released an emergency patch for a critical vulnerability (CVE-2026-40372) in ASP.NET Core's DataProtection NuGet package. The flaw affects versions 10.0.0-10.0.6 on Linux and macOS systems, allowing unauthenticated attackers to forge authentication payloads and gain SYSTEM privileges. The vulnerability stems from faulty HMAC signature verification. Severity is rated 9.1/10. Users must update to version 10.0.7 and rotate their DataProtection key ring to prevent continued compromise.
The FBI announced the dismantling of the W3LL phishing operation, which allegedly targeted over 17,000 victims globally and facilitated over $20 million in fraud by selling phishing kits and stolen credentials.
