This year’s #w3cTPAC in #Kobe 🇯🇵 brought together 700+ participants for 85 community-driven breakout sessions. Several key themes emerged such as #AI, #accessibility, #identity, #credentials, #wallets, #privacy and #security. Each GitHub issue details a session, with links to agendas, slides, and recordings.

Read more: https://www.w3.org/blog/2025/tpac-2025-breakouts-recap/

Based on feedback, next year’s breakout sessions will be distributed across additional days. Don’t miss out! Join us online or in person in October 2026!

Hơn 10.000 hình ảnh trên Docker Hub bị rò rỉ thông tin xác thực (#credentials, #auth_keys), trong đó 4.000 khóa truy cập AI (OpenAI, HuggingFace...) và 42% hình ảnh rò rỉ ít nhất 5 giá trị nhạy cảm. ⚠️

#security #DockerHub #DataLeak #AIKeys #MạngLưới #ThôngTinBảoMật

https://www.reddit.com/r/selfhosted/comments/1pjwnbg/over_10000_docker_hub_images_found_leaking/

Finally came around to set up an automatic, encrypted backup on my Linux. When searching online you'll often find that the best option is to store your credentials unencrypted in a plaintext file.

Don't listen to these posts, you can store credentials encrypted in systemd:

https://systemd.io/CREDENTIALS/

#linux #systemd #credentials #encryption

Một người dùng homelab đã "sốc" khi đếm được 68 thông tin đăng nhập khác nhau (Docker, API keys, tài khoản người dùng). Để tránh "thức dậy lúc 3h sáng sửa lỗi", họ đã hợp nhất tất cả thành 1 mật khẩu chính với OIDC và chứng chỉ JIT. Bạn có bao nhiêu loại thông tin đăng nhập trong hệ thống của mình?

#Homelab #Security #Credentials #PasswordManagement #Selfhosted #BảoMật #MậtKhẩu #HomelabVN

https://www.reddit.com/r/selfhosted/comments/1pb5n0r/i_just_counted_68_different_credentials_across_my/

MFA alone isn’t enough if attackers can exploit fatigue prompts or weak fallback options.

In this 1-minute video, Sherri Davidoff and Matt Durrin break down the most common gaps and what defenders must reassess. A strong security program starts with understanding how your MFA behaves under pressure. https://www.youtube.com/watch?v=x290l-EAo8Q

#Cybersecurity #MFA #MultifactorAuthentication #2FA #Authentication #AccessControl #Credentials #SecurityBestPractices

#Systemd #credentials system is relatively interesting thing. I lack some support for storing private keys in a format good for applications. Can it do #pkcs11 URI provider or #FIDO2 token authentication? It seems current implementation focuses on shared secrets - passwords. If we have integrated support with TPM2 chip, I think we should aim for #webauthn instead.

Some of the people who have reached out interested in implementing @badgefed apparently want a way to see the badges as certificates, so here it is

#activitypub #fediverse #openbadges #credentials

The Role of Mismanaged Credentials and Incorrect Configurations in Cyberattacks on Cloud Environments

I agree, implementing zero-trust access and automated credential rotation is essential for minimizing risks. As highlighted by the report, weak credentials and misconfigurations remain significant vulnerabilities. Regular audits, phishing-resistant MFA, and continuous configuration hardening can cer...

[View original comment]

The Role of Mismanaged Credentials and Incorrect Configurations in Cyberattacks on Cloud Environments

Organizations should adopt zero-trust access, automated credential rotation, and continuous configuration hardening, plus regular audits and phishing-resistant MFA. @aibot can benchmark defenses and gauge real-world e...

[View original comment]

Cybercriminals Targeting Payroll Sites

Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’... https://www.schneier.com/blog/archives/2025/11/cybercriminals-targeting-payroll-sites.html

#socialengineering #Uncategorized #credentials #banking #scams

With the goal of better understanding cloud account takeover (ATO) attacks, our threat researchers developed a tool that automates the creation of malicious internal applications within a compromised cloud environment.

This blog post provides an in-depth technical analysis of that tool and its implications for enterprise security.

🔗 https://www.proofpoint.com/us/blog/threat-insight/beyond-credentials-weaponizing-oauth-applications-persistent-cloud-access

#cloud #ATO #credentials #OAuth #cyberrisk #accounttakeover

Are decredentialed jobs a route to upward mobility? https://d.repec.org/n?u=RePEc:osf:socarx:4kgj9_v1&r=&r=bec
"… for some jobs, a degree requirement may be a rough and ready #screening tool, filtering out many qualified candidates, or even a result of occupational closure.
When workers move into jobs that have recently dropped degree requirements they receive an earnings premium of around $6000 per year relative to similar workers moving into never-credentialled jobs. This is despite the fact that when employers decredential they deskill the job and reduce pay by around 20%.
Non-college workers hired into these roles are more socio-economically disadvantaged than the college-educated workers they replace
… results show that the movement toward decredentialing holds promise for boosting earnings mobility for workers.
Despite these benefits, most employers that drop explicit college requirements continue to hire college graduate applicants into those positions.
… suggestive evidence that employers struggle to integrate new non-college hires and that they face backlash from existing employees."
#LaborMarkets #wages #vocationalTraining #credentials

Chinese Gang Used ArcGIS As A Backdoor For A Year – And No One Noticed
[State sponsored] Crims turned trusted [#ESRI] mapping software into a hideout - no traditional malware required
--
https://www.theregister.com/2025/10/14/chinese_hackers_arcgis_backdoor/ <-- shared media article
--
https://www.scworld.com/brief/novel-flax-typhoon-campaign-exploited-arcgis-for-extended-persistence <-- shared technical media article
--
https://reliaquest.com/blog/threat-spotlight-inside-flax-typhoons-arcgis-compromise <-- shared security technical article
--
https://securityaffairs.com/183398/apt/flax-typhoon-apt-exploited-arcgis-server-for-over-a-year-as-a-backdoor.html <-- shared security technical article
--
“A Chinese state-backed cybergang known as Flax Typhoon spent more than a year burrowing inside an ArcGIS server, quietly turning the trusted mapping software into a covert backdoor..."
#GIS #spatial #mapping #security #malware #exploit #ArcGIS #server #China #statesponsored #FlaxTyphoon #espionage #SOE #objectextension #hidden #payload #backups #risk #hazard #restapi #credentials #flaw #malicious #persistence

#Microsoft warns of new “Payroll Pirate” #scam stealing employees’ direct deposits

Microsoft is warning of an active scam that diverts employees' #paycheck payments to attacker-controlled accounts after first taking over their profiles on #Workday or other cloud-based #HR services

#PayrollPirate , gains access to victims’ HR portals by sending them #phishing emails that trick the recipients into providing their #credentials for logging in to the cloud account
#security

https://arstechnica.com/security/2025/10/payroll-pirate-phishing-scam-that-takes-over-workday-accounts-steals-paychecks/

1Password and Browserbase partner to secure credential access for AI agents

https://web.brid.gy/r/https://nerds.xyz/2025/10/1password-browserbase-secure-agentic-autofill/

Did you know you can view your TOTP MFA Credentials with just one click? 👀
➡️ For Windows users, go to view → TOTP MFA Credentials
➡️ For macOS users, you can add it with view → Customize Toolbar…

#itops #remotemanagement #technology #software #productivity #rdp #quicktip #credentials

@cloudflare how about you close up shot, #RogueISP?

• Cuz AFAICS you are the prime hoster of #malware, #ransomware and filth on the internet by a long shot and your #ableist #captchas are just garbage!

Not to mention I won't forgive nor forget your collection of #credentials you're #phishing with your #SSL-#MITM and you having hosted #KiwiFarms as well #Daesh #Propaganda whilst #bootlicking #Russia.

• You ain't "the good guys", you are *worse than #CyberBunker, #DDoSguard & #RBN together!

Kindly just cease any business.

Thanks!

https://blog.gslin.org/archives/2025/09/25/12638/awscli-%e5%b0%8d-aws-config-%e8%88%87-aws-credentials-%e5%a5%87%e6%80%aa%e7%9a%84%e8%a8%ad%e8%a8%88/

awscli 對 ~/.aws/config 與 ~/.aws/credentials 奇怪的設計

#amazon #aws #awscli #cloud #config #credentials #profile #service

Self-Replicating Worm Affected Several Hundred #NPM Packages, Including CrowdStrike's -Slashdot

The Shai-Hulud #malware campaign impacted across multiple maintainers, reports #KoiSecurity , including popular libraries like @ctrl/tinycolor & some packages maintained by #CrowdStrike.

Malicious versions embed a #trojanized script (bundle.js) designed to steal developer #credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows

https://it.slashdot.org/story/25/09/20/0542237/self-replicating-worm-affected-several-hundred-npm-packages-including-crowdstrikes?utm_source=rss1.0mainlinkanon&utm_medium=feed