Tag: twofactorauthentication
5 articles

Npm Malware: Shocking Invisible Dependencies Are Dangerous
Think your npm packages are safe? Recent attacks that slipped malicious code into 126 npm packages — roughly 86,000 downloads — show how invisible dependency changes can cascade into thousands of projects, so token hygiene, 2FA and publish provenance matter more than ever.

npm registry Must-Have Fixes Make It Safer
A recent wave of phishing and malware-laced npm packages has pushed GitHub to tighten registry security—introducing mandatory 2FA for popular maintainers, trusted publishing rules, and sweeping takedowns—to stop attackers from slipping malicious updates into countless JavaScript projects. These changes aim to make the ecosystem safer without losing the openness that powers modern development.

Salty2FA: Exclusive Dangerous Phishing Threat
A new phishing kit called Salty2FA is turning multi-factor authentication into an exploitable step, automating interception of codes, cookies, and push prompts to bypass SMS and app-based 2FA. Organizations should treat 2FA as an architecture—move to phishing-resistant methods like FIDO2, tighten session controls, and ramp up detection before attackers rent this tool and hit your users.

SIM-swap attacks: Must-Have Urgent Defenses
A major breach exposing SIM identifiers makes SIM‑swap attacks a real and urgent risk — but you can protect yourself now by switching from SMS to app- or hardware-based MFA, adding a carrier PIN or passphrase, and watching your accounts for suspicious activity.

DOM-based extension clickjacking: Stunning Risky Threat
Think your browser’s password-manager icon is a safe guardian? New research shows a clever DOM-based clickjacking trick can coerce popular extensions into spilling passwords, 2FA codes and card details— a wake-up call for users, developers and browser vendors to tighten UI isolation and patch quickly.