Looks like somebody broke into #atari's #Sendgrid account and used it to send a bunch of phishing emails.
No explanation given for how; perhaps @zackwhittaker can wheedle it out of them.
Since it says here that they've "secured" the account, my guess is a bad password (or infostealer) + no #2FA. The most obvious explanation is usually the correct one.
Though I suppose a cracked Lastpass vault is also a possibility.
#infosec #breach

Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.

TL;DR
👾 A new attack called "Pixnapping" can read visual data from other apps on Android devices.
🔑 It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
⚠️ The scary part: the malicious app required for the attack needs zero special permissions to be granted.
🧠 While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.

https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Android #Cybersecurity #SideChannelAttack #2FA #security #privacy #cloud #infosec

Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.

TL;DR
👾 A new attack called "Pixnapping" can read visual data from other apps on Android devices.
🔑 It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
⚠️ The scary part: the malicious app required for the attack needs zero special permissions to be granted.
🧠 While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.

https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Android #Cybersecurity #SideChannelAttack #2FA #security #privacy #cloud #infosec

Hackers can steal 2FA codes and private messages from Android phones

> Android devices are vulnerable to a new attack that can covertly steal 2FA codes, location timelines, and other private data in less than 30 seconds.

> The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet.

> The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/ #Android #Cybersecurity #InfoSec #2FA #Privacy #Pixnapping #GooglePixel #Samsung #MobileSecurity #DataBreach #ZeroDay #TechNews #Hacking

Hackers can steal 2FA codes and private messages from Android phones

> Android devices are vulnerable to a new attack that can covertly steal 2FA codes, location timelines, and other private data in less than 30 seconds.

> The new attack, named Pixnapping by the team of academic researchers who devised it, requires a victim to first install a malicious app on an Android phone or tablet.

> The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen. Pixnapping has been demonstrated on Google Pixel phones and the Samsung Galaxy S25 phone and likely could be modified to work on other models with additional work. Google released mitigations last month, but the researchers said a modified version of the attack works even when the update is installed.
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/ #Android #Cybersecurity #InfoSec #2FA #Privacy #Pixnapping #GooglePixel #Samsung #MobileSecurity #DataBreach #ZeroDay #TechNews #Hacking

Hey @bitwarden you are being misleading and it's making us sad.

Your website currently has a misleading link (and its affecting us being able to recommend ur tools).

Your dedicated Authentor app on the "Bitwarden Authenticator' page, has a Download it today button at the top of the page > That SHOULD take folks to the Authenticator download links (like at the bottom of the page), but instead it takes people to download the FULL Bitwarden Password Manager software.

Currently we're having to recommend folks use an alternative service as this is coming across as sneaky and dirty tactics. Really hoping it was unintentional. Regardless, pls fix so that this link takes ppl to download the tool they are expecting.

We were hoping to recommend ur service at our upcoming Digital Lounges, but we only endorse the most ethical open providers and stuff like this is the stuff the community notices.

#BItwarden #AuthenticatorApp #MFA #2FA #Authentication #Misleading #MisleadingCopy #Marketing #BigTech #FOSS

Warum Zwei-Faktor-Authentifizierung wichtig ist... 😁 #2fa

Warum Zwei-Faktor-Authentifizierung wichtig ist... 😁 #2fa

Yet another security problem plaguing #SonicWall customers.

The #Akira #ransomware gang have found a way to override the multifactor authentication in #SonicWall SSL VPN appliances. These scrotes appear to be able to move laterally from the VPN boxes to deploy ransomware.

It’s worrying that they’ve broken SonicWall’s #2FA. In #SBBlogwatch, we hear customers’ anger.

https://securityboulevard.com/2025/09/sonicwall-akira-ransomware-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Yet another security problem plaguing #SonicWall customers.

The #Akira #ransomware gang have found a way to override the multifactor authentication in #SonicWall SSL VPN appliances. These scrotes appear to be able to move laterally from the VPN boxes to deploy ransomware.

It’s worrying that they’ve broken SonicWall’s #2FA. In #SBBlogwatch, we hear customers’ anger.

https://securityboulevard.com/2025/09/sonicwall-akira-ransomware-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

🆕 blog! “Some minor bugs in Proton's new Authenticator app”

I maintain a a test-suite for TOTP codes. It contains a bunch of codes which adhere to the specification, some of which stretch it to breaking point, and some that are completely invalid. These codes are a good starting point for checking whether a 2FA / MFA app works correctly.

Proton …

👀 Read more: https://shkspr.mobi/blog/2025/08/some-minor-bugs-in-protons-new-authenticator-app/
⸻
#2fa#CyberSecurity#MFA#Proton #totp

🆕 blog! “Some minor bugs in Proton's new Authenticator app”

I maintain a a test-suite for TOTP codes. It contains a bunch of codes which adhere to the specification, some of which stretch it to breaking point, and some that are completely invalid. These codes are a good starting point for checking whether a 2FA / MFA app works correctly.

Proton …

👀 Read more: https://shkspr.mobi/blog/2025/08/some-minor-bugs-in-protons-new-authenticator-app/
⸻
#2fa#CyberSecurity#MFA#Proton #totp

C'est quoi la meilleure app open source pour le #totp selon vous ?

#2fa

Proton adds an open-source TOTP app to its product line. The open-source world is blessed with great TOTP apps already, but the more the merrier!

https://proton.me/blog/authenticator-app

#infosec #proton #totp #2fa#openSource

Proton adds an open-source TOTP app to its product line. The open-source world is blessed with great TOTP apps already, but the more the merrier!

https://proton.me/blog/authenticator-app

#infosec #proton #totp #2fa#openSource

The UX of 2FA could be improved considerably, and security along with it, by using a circles of trust model.

Take the example of a code forge, hosting the canonical version of some crucial piece of kit like the Linux kernel, OpenSSL, or GnuPG. You would want a maintainer to be 100% authenticated before they can commit changes to these repositories. Basic security culture.

But ...

(1/2)

#2FA #authentication

Our new blog post shows you how it works and details set-up instructions for this extra security feature: https://neighbourhood.ie/blog/2025/06/25/why-use-two-factor-authentication-2fa-in-couchdb

Our new blog post shows you how it works and details set-up instructions for this extra security feature: https://neighbourhood.ie/blog/2025/06/25/why-use-two-factor-authentication-2fa-in-couchdb

What is your favorite app for
Multifactor Authentication, and why do you like it most? 2️⃣✌️👀

#Security#MFA#2FA#Authenticator

Thought it is high time to finally set #2FA on my #DeviantArt account... Turned out it's premium feature for paid accounts