The Hacker News

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

ThreatsDay roundup covering stealthy attacks, phishing trends, exploit chains, and rising security risks across the threat landscape.
Bleeping Computer

GitLab warns of high-severity 2FA bypass, denial-of-service flaws

GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. Tracked as CVE-2026-0723, this vulnerability stems ...
SecurityWeek

Why Identity Security Must Move Beyond MFA

Multi-factor authentication (MFA) has become a cornerstone of modern cybersecurity. According to Okta’s Secure Sign-In Trends Report 2025 around 70 percent of users in enterprise environments are ...
CyberGuy

Top multi-factor authentication apps to protect your accounts

Reusing passwords puts multiple accounts at risk if just one is breached. Multi-factor authentication adds a second layer of protection beyond your password. Security keys and authenticator apps are ...
Bleeping Computer

Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks

Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable ...
techtimes

Is Two-Factor Authentication Overrated? Here's Why it's Not Enough Anymore

Two-Factor Authentication (2FA) has long been a cornerstone of online security. For years, it offered an extra layer beyond passwords, giving users confidence that their accounts were protected. But ...
The Hacker News

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet on Wednesday said it observed "recent abuse" of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 ...
Mercury News

Help! My two-factor authentication on Amazon stopped working

Q: I’ve been an Amazon customer for 20 years, but after changing my phone number, I’m locked out of my account because two-factor authentication (2FA) still uses my old number. Related Articles This ...
PC World

Two-factor security? Nah, let’s do 30-factor instead

I recommend two-factor authentication all the time. Adding a second checkpoint during sign-in truly increases the difficulty of breaking into your accounts. But that protective measure can feel like a ...
PC World

2FA vs Passkeys: Which security solution actually keeps you safer?

Everyone knows what a password is. But we can’t say the same for two-factor authentication or passkeys, which is a shame because these two security features dramatically boost the safety of your ...
TechCrunch

PSA: Reregister your hardware 2FA key for X before November 10 to avoid getting locked out

Social network X said over the weekend that it plans to retire its twitter.com URL for authentication. This means users who have enabled two-factor authentication using a hardware key like YubiKey ...
The Pueblo Chieftain

What is two-factor authentication, and why should you use it?

You’ve probably noticed a requirement to enter a temporary passcode sent through email or text message after giving your password to log into one of your online ...