SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored.

Steganography Challenge
Didier published a fun steganography challenge. A solution will be offered on Saturday.
https://isc.sans.edu/diary/Steganography+Challenge/31910
Microsoft Makes Passkeys Default Authentication Method
Microsoft is now encouraging new users to use Passkeys as the default and only login method, further moving away from passwords
https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/
Microsoft Authenticator Autofill Changes
Microsoft will no longer support the use of Microsoft authenticator as a password safe. Instead, it will move users to the password prefill feature built into Microsoft Edge. This change will start in June and should be completed in August at which point you must have moved your credentials out of Microsoft Authenticator
https://support.microsoft.com/en-gb/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6
Backdoor found in popular e-commerce components
SANSEC identified several backdoored Magento e-commerce components. These backdoors were installed as far back as 2019 but only recently activated, at which point they became known. Affected vendors dispute any compromise at this point.
https://sansec.io/research/license-backdoor