Google fixing Android lock screen bug that lets Gemini send SMS without a PIN
A specific multi-touch gesture bypasses an authentication prompt, allowing anyone to send messages
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A specific multi-touch gesture bypasses an authentication prompt, allowing anyone to send messages
Report Reveals Growing Trend of Fraudsters Intercepting SMS-Based VerificationFinancial institutions have historically relied on one-time passcodes as a primary authentication control for their accountholders. But OTP verification is less reliable as fraudsters increasingly exploit SMS-based verification weaknesses to carry out account takeover and payment fraud schemes.
Banking Sector Faces Challenges in Meeting March 2026 Compliance DeadlineThe Central Bank of UAE has issued a directive asking financial institutions to eliminate weak authentication methods including SMS and email OTPs. Banks are also expected to implement real-time fraud monitoring and suspend sessions when malicious activity is detected.
FIDO-Based Authentication to Replace SMS-Based Verification, Says UK NCSCThe U.K. government is set to replace SMS-based verification systems for digital services with passkeys later this year in a bid to shore-up cyber defenses. The authentication initiative is being developed by the U.K. National Cybersecurity Center using FIDO standards.
AICD's Figueroa on Business-Focused Communication for Authentication ProgressModern phishing tactics now leverage voice, SMS and AI-powered impersonation, yet many Asia-Pacific organizations continue relying on vulnerable single-factor authentication, said Marco Figueroa, senior manager of cyber security, risk and compliance at the Australian Institute of Company Directors.
Everyone knew texted OTPs were a dud back in 2016 Google has confirmed it will phase out the use of SMS text messages for multi-factor authentication in favor of more secure technologies.…
SMS OTPs are overused, so bring on the tokens and biometrics India's central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments.…
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).
Cisco Duo's security team warns that hackers stole some customers' VoIP and SMS logs for multi-factor authentication (MFA) messages in a cyberattack on their telephony provider. [...]
All Organizations That Use X Should Review Their Two-Factor Authentication SettingsGoogle Cloud's Mandiant says its account at X, formerly Twitter, was hijacked and used to link to cryptocurrency phishing pages after an attacker guessed the account password, apparently after Twitter last year deactivated the account's SMS-based two-factor authentication, leaving it unprotected.
Making the option available only to paid subscribers — while also claiming SMS authentication is broken — doesn't make sense, some say. Is it a cash grab?
Twitter has announced that it will no longer support SMS two-factor authentication unless you pay for a Twitter Blue subscription. However, there are more secure options for multi-factor authentication, which we describe below. [...]
Twitter has announced that it's limiting the use of SMS-based two-factor authentication (2FA) to its Blue subscribers
With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.