Security news aggregator

Latest coverage for Passwords

Password security helps prevent unauthorized access, while weak or reused credentials can expose accounts, systems, and sensitive data.

32 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Passwords are secret strings used to verify identity and control access to accounts, devices, applications, and services. They remain a common authentication method, but their security depends mainly on secrecy, length, and uniqueness rather than predictable complexity rules. A password reused across services can expose multiple accounts if one service is compromised; short, common, or previously leaked passwords are more susceptible to guessing and automated credential-stuffing attacks.

Practical defenses include using a password manager to generate and store a distinct, long password for each service, blocking known compromised passwords, and enabling multi-factor authentication (MFA) where available. Organizations should protect stored passwords with slow, salted one-way hashing, restrict and monitor authentication attempts, and provide secure recovery processes. Password changes are most useful after suspected compromise or exposure, rather than as routine changes that encourage predictable variations. Security teams should also treat password databases and reset mechanisms as sensitive assets during vulnerability assessment and incident response.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 32 Filtered view

Ongoing Campaign May Be Grabbing Legacy Passwords From Fortinet FortiGate DevicesCybercriminals are selling access to 75,000 Fortinet FortiGate devices with VPN and web management interfaces, and the admin credentials appear to be legitimate and recently harvested as part of a still-live campaign, security experts warned.

Bank Info Security 1 month, 3 weeks ago

Breach Roundup: Shai-Hulud Copycat Hits npm

Also, YellowKey Gets CVE, 7-Eleven Breach, Linux Maintainers Warn on AI Bug SpamThis week, more incidents than we can list here. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge to stop loading passwords in plaintext. Tycoon 2FA offers a way around Microsoft multifactor. Convenience, taquitos and data breach: The 7-Eleven story. A MENA crackdown.

Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail SentenceThis week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karakurt negotiator jailed, North Korean IT worker scams led to prison terms and France detained a teen over a government data breach. Another Ivanti zero-day.

Bank Info Security 2 months, 2 weeks ago

Good Riddance to Passwords: Officials Urge Passkeys Instead

Digital Passkeys That Synchronize Across Devices Are Easier, Faster, More SecureForget passwords: British cybersecurity officials now recommend using digital passkeys whenever they're available, finding that passkeys offer better and faster security, with lower costs for services that provide them, compared to widely despised passwords.

Bank Info Security 29 Apr 2026, 8:30 a.m. Passwords

'Malicious Server Threat Model' Threatens 'Zero Knowledge Encryption' GuaranteesClaims by leading stand-alone password managers that their implementation of "zero knowledge encryption" means stored passwords can withstand the worst of hacker assaults are vastly overblown, say academic security researchers. They said vendors are in the process of patching the flaws they found.

Bank Info Security 9 months, 1 week ago

Hackers Exploit LFI Flaw in File-Sharing Platforms

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, TriofoxHackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

Bank Info Security 9 months, 1 week ago

Hackers Exploit LFI Flaw in File-Sharing Platforms

Attackers Read Server Files and Steal Credentials in Gladinet CentreStack, TriofoxHackers are exploiting a flaw allowing them to access without authentication document root folder files in file-sharing and remote-access software, where they obtain access tokens and passwords to unlock remote access to corporate file systems, warn researchers.

Bank Info Security 9 months, 2 weeks ago

Gone in 60 Minutes: Akira Defeats MFA for SonicWall SSL VPNs

'Opportunistic, Mass Exploitation' Campaign Surging, Say Cybersecurity ResearchersAttackers wielding Akira ransomware appear to be engaged in an "opportunistic, mass exploitation" of SonicWall SSL VPN servers, even when they're using the latest firmware and configured to require multifactor authentication one-time passwords, warn cybersecurity researchers.

Bank Info Security 10 months, 2 weeks ago

Navy Federal Credit Union Backup Exposed Online

Researcher: Internal Data Belonging to World’s Largest Lender Exposed on AWSNavy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, says cybersecurity researcher Jeremiah Fowler. Exposed data included email addresses, hashed passwords and what appeared to be internal system data.

City Refuses to Pay Ransom; Employees Report to Arena to Reset Passwords in PersonThe Minnesota city of St. Paul continues to respond to a ransomware attack, with the mayor saying it will pay no ransom. Instead, it's restoring systems from backups and verifying employees' identity at a centralized location before resetting their passwords.

Bank Info Security 11 months, 1 week ago

No, Mr. Altman, Passwords Are Not Back in Vogue

OpenAI CEO Says AI Has Beaten Voice Recognition, But Experts DisagreeOpenAI CEO Sam Altman recently claimed that artificial intelligence has "fully defeated most of the ways that people authenticate currently, other than passwords." A host of security experts disagree and point out that passwords got us into this authentication mess to begin with.

Semperis Warns of Flaw in Windows Server 2025 Delegated Managed Service AccountsA critical cryptographic flaw in Windows Server 2025's delegated Managed Service Accounts, or dMSAs, allows attackers to generate passwords for every managed service account across an Active Directory forest and create a backdoor, Semperis researchers found.

Bank Info Security 1 year, 1 month ago

Linux Crash Dump Flaws Expose Passwords, Encryption Keys

Race-Condition Bugs in Ubuntu and Red Hat Tools Could Leak Sensitive Memory DataHackers could exploit a tool that stores crashed system data in older Linux operating systems to obtain passwords and encryption keys, warn researchers. The flaw lies in the way certain Linux distributions, including Ubuntu, Red Hat, and Fedora, handle application crashes.

Trellix's John Fokker Advises CISOs to Prioritize Patching, MFA, Network VisibilityThreat actors aren't rushing to adopt AI tools to exploit vulnerabilities. "They still prefer a victim with weak passwords, bad MFA, bad patching. It is the easiest way to make money for criminals so they don't have to invest in AI," said John Fokker, head of threat intelligence at Trellix.

RSA CEO Rohit Ghai on Security Amid Evolving Threats, Tech DisruptionAI, geopolitical instability and sophisticated cyberthreats are reshaping how organizations must think about risk, resilience and identity. RSA CEO Rohit Ghai discusses identity overhaul for enterprises, moving beyond passwords and an approach to AI-based threats.

Hackers Bypass MFA to Steal Australians' Banking CredentialsMelbourne-based ANZ Bank will introduce passwordless authentication for digital banking services amid news that hackers have stolen the banking credentials of tens of thousands of Australians. Cybercriminals used infostealer malware to steal the credentials of more than 30,000 Australians.

Semperis CEO Mickey Bresman: AD’s Technical Debt Makes It a Prime Cyber TargetFrom weak service account passwords to sync gaps with cloud platforms, Active Directory’s age is showing. Semperis CEO Mickey Bresman says organizations still underestimate how central AD is to their threat landscape - and the difficulty of fixing what’s been built over decades.

Bank Info Security 1 year, 3 months ago

Report: Top Trump Officials’ Private Data Leaked

Private Details of Top Trump Officials Found Online Amid Growing Security ScandalPrivate contact details of top Trump officials, including their phone numbers, emails and even some passwords, have been leaked online through commercial databases and hacked data dumps, raising security concerns over potential foreign access to Cabinet members’ private accounts and communications.

Loading more headlines...