IEEE

Radio-Frequency Fingerprint-Tag-Based Device Authentication for Massive Random Access

Abstract: IoT devices possess a radio-frequency fingerprint (RFF) due to inherent variations in manufacturing, making it device-specific and difficult to alter. This unique RFF, derived from RF ...
InfoQ

Working with Code Assistants: the Skeleton Architecture

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
IEEE

A Verifiably Secure and Lightweight Device-to-Device (D2D) Authentication Protocol for the Resource-Constrained IoT Networks

Abstract: Due to the growth of Internet of Things (IoT) devices on networks with limited resources, developing a safe and effective authentication method for Device-to-Device (D2D) communication has ...
CSOonline

Trivial Telnet authentication bypass exposes devices to complete takeover

The 11-year-old vulnerability likely impacts many devices that are no longer supported — and presents easy exploit even for those that are. Computers with Telnet open are in immediate danger of being ...
CSOonline

Hackers exploit Microsoft OAuth device codes to hijack enterprise accounts

Cybercriminals and state-sponsored hackers are increasingly exploiting Microsoft’s legitimate OAuth 2.0 device authorization process to hijack enterprise accounts, bypassing multifactor authentication ...
Windows Report

Beware! Hackers Are Exploiting OAuth Device Code to Scam Microsoft 365 Users

Hackers are abusing a legitimate Microsoft authentication feature to break into enterprise Microsoft 365 accounts, even when multifactor authentication is enabled. Security researchers warn that ...
bitnewsbot

Russia-Linked Group Uses Device Code Phishing to Steal M365 Credentials

Since September 2025, a suspected Russia-aligned group known as UNK_AcademicFlare has executed a phishing campaign targeting Microsoft 365 credentials. The campaign mainly impacts entities in ...
The Hacker News

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover ...
Bleeping Computer

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. This type of attack does not require any authentication ...
Wall Street Journal

Sam Altman’s Sprint to Correct OpenAI’s Direction and Fend Off Google

When OpenAI CEO Sam Altman made the dramatic call for a “code red” last week to beat back a rising threat from Google, he put a notable priority at the top of his list of fixes. The world’s most ...
Ars Technica

Admins and defenders gird themselves against maximum-severity server vuln

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...
GitHub

Sign in to Keycloak with another device using QR codes.

This extension for Keycloak provides an execution enabling users to complete authentication with another device. With QR code authentication, users can authenticate without typing passwords or sharing ...