Figure data breach exposes nearly 1M accounts

Hackers exposed personal data from 967,200 Figure accounts in a social engineering attack, including names, addresses, emails and dates of birth.

Giesecke+Devrient acquires XTec, marking strategic expansion in the U.S. public sector identity and security market

SecurityTech company Giesecke+Devrient (G+D) has taken a decisive step in its international growth strategy with the acquisition of XTec Incorporated, a U.S.-based leader in secure authentication ...

IDEMIA Public Security and Proof Partner to Deliver Privacy-Preserving Digital Identity Solutions for Trusted Interactions Across Physical and Digital Ecosystems

IDEMIA Public Security, a global leading provider of secure digital identity and trusted biometric-based solutions, and Proof, the trusted platform for securing the digital economy with ...
Infosecurity Magazine

Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App

A new mobile espionage campaign exploiting civilian fears during the ongoing Israel-Iran conflict has been identified, with attackers distributing a trojanized version of Israel's official Red Alert ...
Dark Reading

AI Agent Overload: How to Solve the Workload Identity Crisis

Authenticating workloads is becoming more and more complex, particularly given things like AI agents and the wide range of identity permissions they need. Organizations need to be thinking ahead on ...

Big Easy Gates Examines How Smart Access Technology Is Reshaping Property Security Standards

Unlike conventional gates that rely on physical keys or manual operation, smart access gates function as integrated entry systems that connect with broader smart home or business infrastructure.
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.
Security Boulevard

Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?

Broken authorization is one of the most widely known API vulnerabilities.  It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) ...

GPGI Stock Up 70% as One Fund Adds to $24.5 Million Stake Amid Company Rebrand

GPGI manufactures metal payment cards and advanced industrial equipment for financial and manufacturing clients across multiple sectors.
SecurityWeek

Google Working Towards Quantum-Safe Chrome HTTPS Certificates

Google is working on making HTTPS certificates in Chrome quantum-safe, based on Merkle Tree Certificates (MTCs).

Payhawk’s newly verified AI agents to collect invoices and save 4 years of manual work for customers

Employees hate having to login to websites, search for invoices in hidden or remote sections, then download and upload them, which typically takes about 3 minutes per invoice. Payhawk’s AI agents ...
Security Boulevard

Web Single Sign-On: Understanding WS-Federation

Master WS-Federation for enterprise SSO. Learn how Passive Requestor Profiles bridge legacy ASP.NET, SharePoint, and ADFS ...