Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

X urges users with passkeys or YubiKeys to re-enroll 2FA by Nov 10, 2025, or risk account lockout. Re-enroll, switch 2FA, or disable it. Social media platform X is urging users who use passkeys or hardware security keys like YubiKeys for two-factor authentication (2FA) to re-enroll their keys by November 10, 2025, to keep account […]

X

X urges users with passkeys or YubiKeys to re-enroll 2FA by Nov 10, 2025, or risk account lockout. Re-enroll, switch 2FA, or disable it.

Social media platform X is urging users who use passkeys or hardware security keys like YubiKeys for two-factor authentication (2FA) to re-enroll their keys by November 10, 2025, to keep account access. After that date, accounts without re-enrollment will be locked until users re-enroll, switch to another 2FA method, or disable 2FA, though X strongly recommends keeping 2FA enabled for security.

Users don’t need to take any action if they use other 2FA methods, such as authenticator apps.

The company clarified that the re-enrollment of security keys and passkeys is due to the migration from twitter.com to x.com, not a security incident. Keys tied to twitter.com will stop working after November 10.

In October 2022, SpaceX and Elon Musk bought Twitter and rebranded it as X in July 2023. The request to re-enroll the users’ key to continue accessing the social media platform is due to the new owners’ decision to retire the twitter.com domain.

Users must re-enroll, switch to another 2FA method, or disable 2FA (not recommended) to regain access. The process requires visiting x.com/settings, disabling old keys, re-enrolling, and confirming with a password.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Twitter)