RedTiger Malware Steals Data, Discord Tokens and Even Webcam Images

A new Python-based infostealer called RedTiger is targeting Discord gamers to steal authentication tokens, passwords, and payment information. Learn how the malware works, its evasion tactics, and essential security steps like enabling MFA...

Is Your Google Workspace as Secure as You Think it is?

The New Reality for Lean Security Teams If you're the first security or IT hire at a fast-growing startup, you've likely inherited a mandate that's both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment...

PT-2025-44005

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software has a weak password policy. This affects Azure BLU-IC2 and BLU-IC4. The issue concerns insufficient password strength requirements. Recommendations Enforc...

Think passwordless is too complicated? Let's clear that up

By Janet Ho, Cisco Duo Why passwords are still a problem We've relied on passwords for years to protect our online accounts, but they've also become one of the easiest ways attackers get in. Many people reuse or simplify passwords, or even write them down because it's hard to remember so many. Th...

Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

GHSA-25WF-7X6C-WMPF Moodle does not properly enforce MFA

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

UBUNTU-CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication via improper validation for MFA enforcement. An attacker can gain unauthorized access to user accounts by bypassing multi-factor authentication using valid credentials...

EUVD-2025-35669

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

CVE-2025-62398 Moodle: possible to bypass mfa

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

CVE-2025-62398

CVE-2025-62398 describes a serious authentication flaw in Moodle-related components where attackers with valid credentials can bypass MFA under certain conditions. The provided connected documents reference Moodle across Fedora and Linux distributions and describe the issue in general terms (MFA ...

PT-2025-43446

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts. Recommendations At the...

Frontier Airlines website publicly available email address validation

RISK EVALUATION The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks. 2. RECOMMENDED PRACTICES Use a...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the presence of a serious authentication flaw that could lead to a...

Moodle MFA Bypass Vulnerability (MSA-25-0047)

Moodle is prone to a multi-factor-authentication MFA bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Multi-Factor Authentication in Spring Security 7

In 2013, it was proposed to add multi-factor authentication into Spring Security. That was the year that “selfie” was added to the English dictionary and “What Does the Fox Say?” was a viral YouTube hit. Needless to say, one of the biggest features in Spring Security 7 is a long time coming, and ...

CVE-2025-62398

A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts...

System Password Security: Attack and Defense Mechanisms

System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute corresponding operations. In recent years, frequent passwor...