authentication
3 posts
Article
Microsoft flags password reset exploitation
Microsoft confirms password reset exploitation. The reset endpoint is an authentication surface and must be controlled as one.
Article
Microsoft sent you a code you didn't request
An unrequested Microsoft single-use code email is evidence of external interaction with your identity surface. What it proves and what it does not.
Article
Attackers weaponized AI to bypass 2FA at scale
A reported AI-developed zero-day 2FA bypass in mass use removes the assumption that 2FA terminates the account takeover chain.