Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware downloads.

MegaMatcher ID 2025.2 introduces ISO-compliant Level 2 face liveness detection and enhanced capture controls for secure ...

Starkiller phishing suite uses live reverse proxying to bypass MFA, while attackers abuse OAuth device codes to hijack Microsoft 365 accounts.

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.

SIM binding requires messaging apps to verify that the original KYC-verified SIM card remains physically present and active in the user's primary smartphone.

Starting March 1, messaging platforms such as WhatsApp, Telegram and other apps that rely on mobile number-based login must comply with a new SIM-binding rule issued by India’s Department of ...

Although AI has introduced a new threat in the world of payments fraud, it has also emerged as the analytical backbone of next-generation fraud mitigation systems.

Learn how WS-Trust powers external authentication in hybrid identity environments. Explore the Security Token Service (STS) ...

The Ministry of Finance has issued a notification allowing TransUnion CIBIL Limited to use Aadhaar authentication for establishing user identity for accessing credit information reports.

Vibe-coding platform Lovable has been accused of hosting apps riddled with vulnerabilities after saying users are responsible for addressing security issues flagged before publishing. Taimur Khan, a ...

While the mobile application continues to function for many people, the web based interface has become unreliable for a significant number of users, ...