-
GitLab warns of high-severity 2FA bypass, denial-of-service flaws
GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform.
- January 21, 2026
- 08:57 AM
0
-
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability.
- January 02, 2026
- 11:01 AM
0
-
State of Browser Attacks: Learn from John Hammond, Troy Hunt & Matt Johansen
Join Push Security's free three-part webinar series where top security researchers break down the browser-based attacks driving today's biggest breaches - from AiTM phishing and ConsentFix to compromised credentials and session hijacking.
-
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls.
- December 29, 2025
- 06:16 AM
- 1
-
Attackers Now Bypass App-Based MFA, Hardware Biometrics Stop Them
Tycoon 2FA enables turnkey real-time MFA relays behind 64,000+ attacks this year, proving legacy MFA collapses the moment a phishing kit targets it. Learn from Token Ring how biometric, phishing-proof FIDO2 hardware blocks these relay attacks before they succeed.
- November 18, 2025
- 10:01 AM
- 0
-
Proton launches free standalone cross-platform Authenticator app
Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS.
- July 31, 2025
- 06:00 AM
- 5
-
Coinbase fixes 2FA log error making people think they were hacked
Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised.
- April 27, 2025
- 02:21 PM
- 0
-
Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts
Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights.
- April 24, 2025
- 04:24 PM
- 1
-
Bitwarden makes it harder to hack password vaults without MFA
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts.
- January 27, 2025
- 04:00 PM
- 1
-
WordPress.org to require 2FA for plugin developers by October
Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts.
- September 11, 2024
- 01:33 PM
- 0
-
Bitwarden launches new MFA Authenticator app for iOS, Android
Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices.
- May 02, 2024
- 04:20 PM
- 5
-
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection.
- March 25, 2024
- 12:56 PM
- 3
-
Payoneer accounts in Argentina hacked in 2FA bypass attacks
Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping.
- January 19, 2024
- 03:28 PM
- 0
-
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only
The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app.
- January 08, 2024
- 01:07 PM
- 4
-
GitHub warns users to enable 2FA before upcoming deadline
GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts.
- December 26, 2023
- 04:03 PM
- 3
-
New phishing attack steals your Instagram backup codes to bypass 2FA
A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account.
- December 20, 2023
- 02:35 PM
- 2
-
Steam enforces SMS verification to curb malware-ridden updates
Valve has announced implementing additional security measures for developers publishing games on Steam, including SMS-based confirmation codes. This is to deal with a recent outbreak of malicious updates pushing malware from compromised publisher accounts.
- October 15, 2023
- 11:12 AM
- 4
-
PyPI announces mandatory use of 2FA for all software publishers
The Python Package Index (PyPI) has announced that it will require every account that manages a project on the platform to have two-factor authentication (2FA) turned on by the end of the year.
- May 28, 2023
- 10:09 AM
- 0
-
Google will add End-to-End encryption to Google Authenticator
Google is bringing end-to-end encryption to Google Authenticator cloud backups after researchers warned users against synchronizing 2FA codes with their Google accounts.
- April 26, 2023
- 05:11 PM
- 4
-
Google Authenticator now backs up your 2FA codes to the cloud
The Google Authenticator app has received a critical update for Android and iOS that allows users to back up their two-factor authentication one-time passwords (OTPs) to their Google Accounts and have multi-device support.
- April 25, 2023
- 10:39 AM
- 5
-
GitHub makes 2FA mandatory next week for active developers
GitHub will start requiring active developers to enable two-factor authentication (2FA) on their accounts beginning next week, on March 13.
- March 09, 2023
- 12:00 PM
- 0
0
