433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (656) 236-3022

Google adds FIDO2 keys and phone passkeys to Windows login via GCPW

Google has started rolling out FIDO2-compliant physical security key support as a second factor for authentication in Google Credential Provider for Windows (GCPW) to all Google Workspace customers. GCPW is a free tool that lets users sign in to Windows computers with their Google Workspace account instead of, or alongside, a Windows username and password. The update allows organizations to strengthen account security by enabling administrators to enforce 2-step verification (2SV) with hardware security keys … More → The post Google adds FIDO2 keys and phone passkeys to Windows login via GCPW appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7DY

No one knows how many old shims can still bypass UEFI Secure Boot

The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and assorted boot tools can run with Secure Boot on. Eleven of those signed shims turned out to be old enough to undo the protection they were meant to support. ESET researchers found the vulnerable versions, all at 0.9 or below, and Microsoft revoked them in its June … More → The post No one knows how many old shims can still bypass UEFI Secure Boot appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7DG

UK charges five persons linked to fraud platform behind more than a million scam calls

Five people have been charged in the UK following a National Crime Agency (NCA) investigation into Russian Coms, a caller ID spoofing service used by fraudsters. Ayoub Sehailia, 28, Zakkaria Sehailia, 30, Usman Din, 30, Denis Ozmus, 29, and Fadila Salem, 53, all of London, are charged with offences that include conspiracy to supply articles for use in fraud, transferring and converting criminal property, and, for Zakkaria Sehailia, failing to comply with a notice to … More → The post UK charges five persons linked to fraud platform behind more than a million scam calls appeared first on Help Net Security.
http://news.poseidon-us.com/TTWyWH

Microsoft Entra ID authentication overhaul to start in September 2026

Microsoft will begin rolling out passkeys as the default authentication experience for Microsoft Entra ID in the public cloud on September 1, 2026. Organizations with SMS or voice authentication enabled will automatically be enabled for passkeys. The next time users complete MFA, they will be prompted to register a passkey. Starting February 1, 2027, users who rely on SMS or voice for MFA will be required to register a passkey before they can sign in. … More → The post Microsoft Entra ID authentication overhaul to start in September 2026 appeared first on Help Net Security.
http://news.poseidon-us.com/TTWyVb

New tutorials on underground hacking forums have roughly doubled

Underground hacking forums are producing more original tutorials again, with growing attention on financial fraud, particularly the theft and fraudulent use of payment card data, known as carding, and cash-out techniques. New tutorials per month versus reposts (Source: Radware) Fraud tutorials gain momentum Radware analyzed 8,870 tutorial posts published across 24 deep- and dark-web forums between December 2022 and April 2026. After removing reposts, the dataset contained 3,034 unique hacking and fraud guides. “New tutorial … More → The post New tutorials on underground hacking forums have roughly doubled appeared first on Help Net Security.
http://news.poseidon-us.com/TTWtlX

The best defense against AI attacks turns out to be a skeptical human

Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% of practitioners in 2026, up from half the field a year earlier. The 2026 SANS AI Survey, drawn from 536 IT and security professionals, describes what that commitment costs to keep. Reliability trailed adoption over the year. Sixty-three percent of practitioners report significant shortcomings when AI detects or responds … More → The post The best defense against AI attacks turns out to be a skeptical human appeared first on Help Net Security.
http://news.poseidon-us.com/TTWnVg

Fake smart home residents could stand in for real ones in security research

Smart home security research runs on a scarce ingredient: recordings of how real people use the gadgets in their homes. Getting that data means wiring up someone’s house and watching for months, which is slow, costly, and about as invasive as it sounds. So the datasets stay small and cover a thin slice of how people live. The smart home testbed used by the researchers A group from Leipzig University and ipoque, a Rohde & … More → The post Fake smart home residents could stand in for real ones in security research appeared first on Help Net Security.
http://news.poseidon-us.com/TTWnVX

Your vendor’s vendor might be the real breach risk

In this Help Net Security video, Chris Boehm, Field CTO, Zero Networks, breaks down how a vendor breach can become your breach. He explains that attackers now target the subcontractors behind your trusted vendors. A compromised credential at a company you have never heard of can open access into your systems, because your vendor’s vendor holds keys you never vetted. Boehm compares a stolen access token to a badge: whoever holds it gets waved through, … More → The post Your vendor’s vendor might be the real breach risk appeared first on Help Net Security.
http://news.poseidon-us.com/TTWnVJ