Thursday , July 2 2026

Black wing intelligence (video)
Windows hello fingerprint auth bypassed on Microsoft, Dell, Lenovo laptops

Security researchers were able to bypass authentication on three popular laptops by testing the fingerprint sensors used for Windows Hello. The research was done by Blackwing Intelligence and Microsoft’s MORSE.

Target devices include a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with a Synaptics sensor, and a Microsoft Surface Pro X with an ELAN sensor. The embedded fingerprint sensors and the host were targeted with software and hardware attacks.

India asks WhatsApp not to roll out ‘username’ feature over fraud concerns

The Indian government issued a notice WhatsApp planned to roll out its new 'username' feature. They are worried about fake...
Read More
India asks WhatsApp not to roll out ‘username’ feature over fraud concerns

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising...
Read More
Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical issues that could allow attackers...
Read More
Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Apple fixes more than 30 iOS, macOS, and Safari flaws

Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more than thirty issues, including four...
Read More
Apple fixes more than 30 iOS, macOS, and Safari flaws

Attackers exploit critical flaw in Oracle E-Business

Attackers are now using a flaw (called CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial app, according to the security...
Read More
Attackers exploit critical flaw in Oracle E-Business

WhatsApp to allow usernames instead of phone numbers

WhatsApp is about to release a big update that may change how people communicate on the app. Soon, users can...
Read More
WhatsApp to allow usernames instead of phone numbers

Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

The Linux Foundation said on Thursday that they are starting a new project to fix flaws in open source software...
Read More
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

Data breach affects 14.2 million email logins across six ISPs

KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of its email systems that five...
Read More
Data breach affects 14.2 million email logins across six ISPs

Asian Two AI startups launch Mythos-like Model

Two Asian AI companies have released new models this week that compete with Anthropic’s recently limited Mythos and Fable models,...
Read More
Asian Two AI startups launch Mythos-like Model

Polymarket Hack Reportedly Results in $3 Million Theft

Polymarket is a platform for prediction markets using cryptocurrency. It lets users bet on what might happen in real-life events...
Read More
Polymarket Hack Reportedly Results in $3 Million Theft

AlSO READ:

By 2025, Domestic cloud market expected $46.3 million; MD “DataHub Asia”

The sensors that were tested are Match-on-Chip, meaning the chip has a microprocessor and memory, and the fingerprint data always stays within the sensor. To bypass authentication, one would need to physically attack the chip itself.

To carry out the attack, the attacker needs to physically get hold of the device. This means they would have to either steal the device or use the evil maid method.

The researchers showed how to carry out attacks by connecting a hacking device to a laptop using USB or by connecting a specially crafted rig to the fingerprint sensor.

For Dell and Lenovo laptops, the Windows Hello fingerprint authentication was bypassed by manipulating valid user fingerprint ID numbers and enrolling the attacker’s fingerprint by imitating a legitimate user’s ID.

To hack the Surface device, the attacker must disconnect the Type Cover, which is the keyboard and fingerprint sensor, and connect a USB device that tricks the fingerprint sensor into thinking it’s an authorized user logging in.

Blackwing published a blog post on Tuesday about their findings. Microsoft also released a video of the Blackwing researchers presenting their findings at the BlueHat conference in October.

Check Also

Apple

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can …