#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Digital Identity | Breaking Cybersecurity News | The Hacker News

Category — Digital Identity
AuthNContext and AMR, We Remember What MFA You Provided Last Summer!

AuthNContext and AMR, We Remember What MFA You Provided Last Summer!

Jul 14, 2026
Why Authentication Context Matters Most people think logging in is a small act. Type your password, type your code, tap a screen, scan a face, and move on. But to the systems on the other side, the method behind that moment can matter just as much as the fact that it happened at all. That is where two strangely named but surprisingly important identity concepts enter the story: OIDC's AMR and SAML 2.0's AuthnContext. They sound like the kind of acronyms that only standards committees could love, yet both were created to answer a deeply human question in digital form: How sure a system has to be before it trusts someone? The backstory starts with the internet growing up. Early online services often treated authentication as a light switch: either the user was in, or the user was out. But as online systems began handling payroll, health records, taxes, academic data, contracts, and financial approvals, that simple model started to crack. A login backed by a reused password is not ...
Why Fragmented Identity Pipelines Fail Against Digital Injections

Why Fragmented Identity Pipelines Fail Against Digital Injections

Jun 01, 2026
Most identity verification failures do not originate from flawless synthetic IDs or visually undetectable deepfakes. Instead, they stem from structural exposures and information loss between the point of data capture and the final automated decision. As remote identity systems evolve, trust becomes an architectural property. If a backend cannot verify the hardware provenance of an image or video, the rest of the security pipeline operates on degraded input. By the time a synthetic face reaches a visual liveness model, the most critical context may already be gone. This post examines why fragmented identity APIs drop vital signals, how identity supply chains dilute accountability, and why these gaps allow digital injection attacks to succeed. The Hidden Risk in Identity Supply Chains Modern identity verification often relies on a complex supply chain that distributes camera capture, document parsing, liveness checks, and risk scoring across multiple vendors. Rather than opera...
Deepfake Job Hires: When Your Next Breach Starts With an Interview

Deepfake Job Hires: When Your Next Breach Starts With an Interview

Jan 05, 2026
The employee who doesn't exist Not long ago, the idea of a fake employee sounded far-fetched. Resume fraud? Sure. Outsourced interviews? Occasionally. But a completely synthetic person (face, voice, work history, and identity) getting hired, onboarded, and trusted inside a company used to feel like science fiction. That era is over. Gartner predicts that by 2028, one in four candidate profiles worldwide could be fake . The firm also reports that 6% of job candidates admit to interview fraud, including impersonation or having someone else interview for them. Hiring teams are already seeing face-swapping and synthetic identities appear in real interview workflows. Taken together, the pattern is clear: companies are increasingly interviewing, and in some cases hiring, people who don't exist. These "employees" can pass screening, ace remote interviews, and start work with legitimate credentials. Then, once inside, they steal data, map internal systems, divert funds, or quietly set the...
Purdue University’s Real-World Deepfake Detection Benchmark Raises the Bar for Enterprise Models

Purdue University's Real-World Deepfake Detection Benchmark Raises the Bar for Enterprise Models

Dec 22, 2025
Deepfakes aren't just viral clips or political media anymore — they're appearing in enterprise workflows where a camera feed is treated as proof: onboarding, account recovery, remote hiring, privileged access, and partner verification. That shift forces security teams to ask not just, "Does this look fake?" but, "Can we verify in real time that the capture is authentic and the channel isn't compromised — without disrupting the workflow?" A new benchmark from Purdue University addresses that question. Instead of testing detectors on clean, lab-style samples, Purdue evaluated tools on real incident content pulled from social platforms — the kind of compressed, low-resolution, post-processed material that tends to break models tuned to ideal conditions. What Purdue tested — and why it matters Purdue built its benchmark around the Political Deepfakes Incident Database (PDID), which focuses on deepfake incidents circulating on X/Twitter, YouTube, TikTok, and Instagram. Real-world distri...
Cybersecurity Resources