The Hacker News

Session Cookie Theft: You Showed Your ID at the Door. But Someone Else Has Your Room Key

Stolen session cookies bypass MFA because tokens remain valid for hours or days, enabling silent account takeovers without ...

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...
IEEE

ImageGuard: Advanced User Authentication via Dynamic Graphical Password Manipulation and Secured Image Sequences

Abstract: User authentication is a critical aspect of cybersecurity, traditionally relying on alphanumeric passwords. However, these passwords are prone to various attacks, including brute force, ...
Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.
IEEE

AugSSO: Secure Threshold Single-Sign-On Authentication With Popular Password Collection

Abstract: Single-sign-on authentication is widely deployed in mobile systems, which allows an identity server to authenticate a mobile user and issue her/him with a token, such that the user can ...