The Hacker News

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

BeyondTrust fixes CVSS 9.9 pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; 11,000 instances exposed.

EnforceAuth Launches First AI-Native Security Fabric to Govern Autonomous Software Decisions

New Platform Addresses Critical Authorization Gap for AI Agents and Automated Workflows; Opens Free Enterprise Waitlist ...

Authentication in 2026 - moving beyond foundational MFA to tackle the new era of attacks

Organizations must build on existing security practices and embrace phishing-resistant authentication to deliver robust ...
Bleeping Computer

Critical auth bypass bug in CrushFTP now exploited in attacks

Attackers are now targeting a critical authentication bypass vulnerability in the CrushFTP file transfer software using exploits based on publicly available proof-of-concept code. The security ...
Forbes

Millions Of Google, WhatsApp, Facebook 2FA Security Codes Leak Online

Security experts advise against using SMS messages for two-factor authentication codes due to their vulnerability to interception or compromise. Recently, a security researcher discovered an unsecured ...

MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.
Tidbits

Reacting to Unsolicited Two-Factor Authentication Codes

I have long encouraged the use of two-factor authentication (2FA) or two-step verification (2SV) with online accounts whenever possible (for more about the difference, see “Two-Factor Authentication, ...
Hosted on MSN

Your Guide to Activating iCloud Two-Factor Authentication for Extra Security

Update Sign-In & Security settings on iPhone, Mac, or the Apple Account page This article explains how to turn on iCloud two-factor authentication to protect your Apple ID/Apple Account from theft, ...
Bleeping Computer

BeyondTrust warns of pre-auth RCE in Remote Support software

BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code ...
Forbes

PayPal Security—2FA Codes To Be Replaced By Single-Step Login

Update, Mar. 1, 2025: This story, originally published Feb. 28, now includes details of a new PayPal “no code checkout” scam. Hot on the heels of Google confirming that it is replacing the use of SMS ...