Today’s Topics:
- Microsoft Pushes Passkeys as Default for New Accounts, Paving the Way for a Passwordless Future
- Disk-Wiping Linux Malware Hidden in Malicious Go Modules Highlights Growing Supply Chain Risk
- How can Netizen help?
Microsoft Pushes Passkeys as Default for New Accounts, Paving the Way for a Passwordless Future
Microsoft is now setting passkeys as the default sign-in method for all newly created consumer accounts, part of a broader industry push to eliminate passwords altogether. According to a joint announcement by Microsoft executives Joy Chik and Vasu Jakkal, the change means that new users will never need to create or manage a traditional password, instead relying on phishing-resistant authentication methods like biometrics and device-based verification.
The update streamlines the sign-up and login process, automatically selecting the most secure available method for each user. For instance, if both a password and a one-time code are present, the system will default to the code, prompting users to upgrade to a passkey afterward.
This shift aligns Microsoft with Apple, Google, Amazon, and other major tech firms that are accelerating adoption of passwordless authentication through the use of passkeys. Passkeys are supported by the FIDO (Fast Identity Online) Alliance and leverage public/private key cryptography to verify a user’s identity. When a user registers with a service, their device creates a secure key pair—one private key stored locally, and one public key shared with the service. Authentication requires the user to confirm their identity using biometrics or a device PIN, which then signs a cryptographic challenge with the private key.
Passkeys remove the need to remember or store passwords, reducing the attack surface for phishing, credential stuffing, and brute-force attacks. As a result, they’re increasingly viewed as a critical defense against account compromise.
As of late 2024, more than 15 billion user accounts globally support passkey authentication, and Microsoft’s decision to make it the default marks a significant step toward standardizing this method. The company first introduced passkey support in Windows 11 in September 2023, followed by enhancements to Windows Hello. Google similarly began rolling out passkeys as the default login method that same year.
In addition to improving security for consumer accounts, the FIDO Alliance recently announced a Payments Working Group to explore how passkeys can be applied in payment authentication systems—furthering the goal of widespread passwordless security in both consumer and enterprise environments.
Existing Microsoft account holders can switch to passkeys by removing their password in their account settings, making full adoption a user-controlled option. With this update, Microsoft makes clear that the future of secure login doesn’t involve passwords at all.
Disk-Wiping Linux Malware Hidden in Malicious Go Modules Highlights Growing Supply Chain Risk
Researchers have uncovered three malicious Go modules that deliver a destructive disk-wiping payload to Linux systems, underscoring the severe threat posed by software supply chain attacks. Disguised as legitimate packages, these modules contain heavily obfuscated code that fetches a remote shell script designed to overwrite the system’s primary disk (/dev/sda) with zeroes—permanently disabling the machine.
The compromised Go modules are:
github[.]com/truthfulpharm/prototransformgithub[.]com/blankloggia/go-mcpgithub[.]com/steelpoor/tlsproxy
According to Socket researcher Kush Pandya, once executed, the packages confirm the host OS is Linux and then download the payload using wget. The script executes without warning, rendering the system unbootable and erasing all data beyond recovery.
“This malicious script leaves targeted Linux servers or developer environments entirely crippled,” Pandya said. “It highlights the extreme danger posed by modern supply-chain attacks that can turn seemingly trusted code into devastating threats.”
The Go module discovery comes amid a broader trend: researchers from Socket, Sonatype, and Fortinet have also found dozens of malicious packages in the npm and PyPI ecosystems targeting cryptocurrency users and developers.
Malicious npm packages targeting crypto wallets:
crypto-encrypt-tsreact-native-scrollpageviewtestbankingbundleservbuttonfactoryserv-paypaltommyboytestingcompliancereadserv-paypaloauth3-paypalpaymentapiplatformservice-paypaluserbridge-paypaluserrelationship-paypal
These packages aim to steal mnemonic seed phrases and private keys used for cryptocurrency wallets, exfiltrating data to attacker-controlled infrastructure.
Malicious PyPI packages abusing Gmail and WebSockets:
cfc-bsb(2,913 downloads)coffin2022(6,571 downloads)coffin-codes-2022(18,126 downloads)coffin-codes-net(6,144 downloads)coffin-codes-net2(6,238 downloads)coffin-codes-pro(9,012 downloads)coffin-grave(6,544 downloads)
These packages used hard-coded Gmail credentials to quietly send stolen data via SMTP and open remote access channels over WebSockets. This allowed attackers to bypass network detection by leveraging trusted domains such as smtp.gmail.com.
Olivia Brown, another researcher at Socket, warned that even long-standing packages can be repurposed for malicious use. “Do not trust a package solely because it has existed for more than a few years without being taken down.”
To defend against these supply chain attacks, security teams and developers should:
- Audit all open-source dependencies frequently.
- Verify package authorship, repository links, and update history.
- Monitor network traffic for unusual outbound connections, including unexpected SMTP or WebSocket activity.
- Apply strict access controls to protect sensitive environment variables and private keys.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
