For more than a decade, we’ve been promised that a world without passwords is just around the corner, and yet year after year, this security nirvana proves out of reach. Now, for the first time, a workable form of passwordless authentication is about to become available to the masses in the form of a standard adopted by Apple, Google, and Microsoft that allows for cross-platform and cross-service passkeys.

APRIL HAS BEEN a big month for security updates, including emergency patches for Apple’s iOS and Google Chrome to fix vulnerabilities already being used by attackers. Microsoft has released important fixes as part of its mid-April Patch Tuesday, while Android users across multiple devices need to make sure they are applying the latest update when it becomes available.

More than 100 bugs have been discovered in the systems of the US Department of Homeland Security (DHS), some of which were deemed critical. As reported by The Register, the government organization recently kicked off its “Hack DHS” program, a three-phase event with the goal of tightening up network security.

Have you been getting weird text messages lately — from yourself? Don’t worry, you’re not alone, and you’re probably not having an out-of-body experience. The latest trend in spam text messages involves mobile phone users receiving texts from what appears to be their own phone number.

Older Americans are often taught to be fearful of hackers and scammers in their midst while also being told to investigate potential threats. Better advice is to not engage.

U.S. authorities have cautioned banks about possible cyberattacks following Russia’s recent invasion of Ukraine, but experts say financial institutions also face particular risks in a more murky area of their business—the now ubiquitous artificial-intelligence models that handle everything from lending to trading.

Okta, an authentication company used by thousands of organizations around the world, says it’s investigating news of a potential breach, Reuters reports. The disclosure comes as hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta’s internal systems, including one that appears to show Okta’s Slack channels, and another with a Cloudflare interface.

After years of tantalizing hints that a passwordless future is just around the corner, you're probably still not feeling any closer to that digital unshackling. Ten years into working on the issue, though, the FIDO Alliance, an industry association that specifically works on secure authentication, thinks it has finally identified the missing piece of the puzzle.

Ubisoft experienced a “cyber security incident” last week that temporarily disrupted some games, systems, and services, the company reported Thursday. Ubisoft hasn’t said who might be responsible, but on Friday evening, the group who purportedly hacked Nvidia took credit.

American wouldn’t stand “a fighting chance” against the combined cyberwarfare capabilities of Russia and China, the former chief software officer of the United States Air Force told Fox News last week. “Not many nations would be able to push back,” Nicolas Chaillan said. “I don’t even think the United States would be able to push back if tomorrow Russia and China decide to come together against us.”

Hackers have successfully stolen internal company data and source code for Galaxy devices from Samsung, the South Korean tech giant confirmed today. News of the breach was first reported earlier this month, with a hacking outfit named Lapsus$ claiming responsibility. The group, which recently hacked Nvidia, shared screenshots purportedly showing roughly 200GB of stolen data, including source code used by Samsung for encryption and biometric unlocking functions on Galaxy hardware.

U.S. leaders must rethink the current cyberdefense system and rally around a centralized regulator. 

Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia's graphics cards to mine cryptocurrencies faster or face the imminent release of the company's crown-jewel source code.

Last month, we warned you about a major security flaw affecting Apple’s Safari browser. This flaw potentially allowed hackers on one website to steal your personal information from other open sites, which is, you know, bad. After months of delay, Apple finally patched this gaping security breach, just in time for another to poke through the cracks.

China’s cyberspace regulator said it will implement new rules from February 15 that require platform companies with data for more than one million users to undergo a security review before listing their shares overseas.

LastPass members have reported multiple attempted logins using correct master passwords from various locations, but the company says that the recent attacks are a result of shared passwords gleaned from breaches of other services.

Attackers who remain unidentified exploited a vulnerability in the Log4J library to compromise HP 9000 servers powered by AMD EPYC processors and mine the Raptoreum CPU cryptocurrency on these resources between December 9 and December 17. Consequently, the Raptoreum network’s hashrate doubled until the equipment was taken offline.

Pegasus spyware maker NSO Group is reportedly running out of cash following actions by both the US government and Apple. This has led the company to explore options to put itself up for sale. Two US funds have expressed an interest, claiming that they would change the company’s mission from offensive to defensive, though skepticism has been expressed about this...

A VULNERABILITY IN the open source Apache logging library Log4j sent system administrators and security professionals scrambling over the weekend. Known as Log4Shell, the flaw is exposing some of the world's most popular applications and services to attack, and the outlook hasn't improved since the vulnerability came to light on Thursday. If anything, it's now excruciatingly clear that Log4Shell will continue to wreak havoc across the internet for years to come.

Apple says it will notify users whose iPhones and devices have been compromised by state-sponsored hacking efforts, according to a support document. The tech giant published its plans to inform the hacking victims last week after Apple sued the Israeli company NSO Group, claiming it broke U.S. law by selling spyware to hack into iPhones.