Skip to main content

Tag: identity management

61 articles

Person holding smartphone with biometric authentication, in modern office setting.

Microsoft Entra ID Shifts to Passkey Authentication Default

Microsoft is shaking things up with its Entra ID service by making passkey authentication the default method starting September 2026, and users currently relying on SMS or voice authentication will be automatically transitioned to passkeys. By February 1, 2027, SMS and voice authentication will be phased out, marking a significant shift towards more secure passkey technology.

Analyst 207
People stand on a beach with a subtle network infrastructure pattern in the background.

Varonis Launches Breach at the Beach, a Hands-On Entra ID Training Experience

Get ready to dive into the world of Entra ID with Varonis' immersive Breach at the Beach training experience, where you'll learn to navigate the complex control plane that connects users, applications, and AI-powered workflows. Discover how to defend against threats that exploit non-human identities and automate breaches.

Analyst 207
Rows of computer servers and network equipment in a modern data center, with one server highlighted.

Agentic AI's Identity Crisis Leaves Security Teams Vulnerable

Agentic AI's autonomy and poorly tracked access are creating a perfect storm of identity risk, leaving security teams vulnerable to attacks. As digital actors with broad permissions, these AI agents are operating in the dark, with many organizations lacking visibility into their actions.

Analyst 207
Blurred laptop screen on office table surrounded by coworkers.

AI Agents Emerge as Unchecked Identities in Enterprise Security

The equation for enterprise security is no longer simple: with AI agents now connected to critical business services, controlling identities is no longer enough to control risk. These emerging insiders have quietly become privileged - and potentially invisible - attack paths that security and identity programs must urgently address.

Analyst 207
Blurred laptop screen on a cluttered office desk with subtle signs of disarray.

Account Takeovers Rise as Complexity Exposes Identity Vulnerabilities

As attackers increasingly target identities rather than infrastructure, account takeovers are on the rise - and with 22% of breaches involving credential abuse, it's clear that traditional username-and-password security just isn't cutting it. The explosion of identities across cloud services, SaaS apps, and remote environments has created a perfect storm of vulnerability.

Analyst 207
Employees work on laptops in a brightly-lit office space with rows of computer workstations and technology equipment.

AI Agents Expose Security Risks in 93% of Organizations

Most organizations are unwittingly rolling out AI agents with access to sensitive tasks, leaving them vulnerable to security breaches. In fact, only 32% of teams feel very confident they could recover from exposed admin credentials, highlighting a disturbing gap in control and preparedness.

Analyst 207
Smartphone with chatbot interface on screen, conveying vulnerability.

Hackers Exploit Instagram AI Chatbot to Hijack User Accounts

Hackers recently tricked Instagram's AI chatbot into handing over account controls, highlighting a critical vulnerability in AI agent authorization - a problem that's proving tougher to crack than authentication. By falsifying user locations and manipulating the chatbot, attackers were able to change account email addresses and passwords.

Analyst 207
Ordinary office setting with interconnected devices and a central computer screen displaying a blurred network map.

Identity Exposures Form Highways for Cyber Attacks

A single compromised identity can become a superhighway for cyber attacks, giving hackers access to nearly every critical workload a business relies on - as seen in a recent incident where a cached AWS access key on one Windows machine put 98% of the company's cloud environment at risk. Identity has become the ultimate attack path, carrying with it a multitude of permissions just waiting to be exploited.

Analyst 207
Dimly lit server room with rows of humming equipment, some areas shrouded in shadows.

Enterprises Unprepared for Agent AI Risks as Identity Gaps Persist

Enterprises are rolling out Agent AI at scale, but a staggering 57% of identity elements remain unseen and unmanaged, leaving them woefully unprepared for the risks that come with it. This "identity dark matter" now outweighs visible, centrally managed elements, threatening to expose businesses to devastating consequences.

Analyst 207
Empty office cubicle with laptop and smartphone on desk, surrounded by blurred office equipment and natural light from a…

AI Agents Expose Organizations to Identity Security Risks

Most organizations are unwittingly rolling out AI agents that can open the door to identity security breaches, with 93% using or planning to use them for sensitive tasks like password resets and VPN access. Despite this, many admit that these agents create new vulnerabilities.

Analyst 207
Windows office workstations with computers and monitors in daylight-lit setting, highlighting potential vulnerabilities in…

Attackers Exploit AD CS for Stealthy Privilege Escalation

Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often under-monitored.

Analyst 207
Person sitting at desk with laptop, surrounded by office equipment and network infrastructure.

Cybersecurity Experts Push for Password Paradigm Shift

On World Password Day, cybersecurity experts are sounding the alarm: it's time to rethink our reliance on passwords, as attackers continue to exploit weak visibility and poor credential management to gain access to sensitive systems. The real vulnerability isn't a single weak password, but how credentials spread across organizations, often with employees reusing and sharing access without centralized tracking.

Analyst 207
A lone workstation glows brightly in a dimly lit server room with rows of computer servers in the background.

Identity Management Wrestles with AI-Driven Risks

The rapid evolution of Artificial Intelligence is a double-edged sword for IT leaders, bringing unprecedented opportunities for efficiency, but also sophisticated threats and complex identity management challenges. As organizations adopt autonomous digital workers, they must navigate the tension between harnessing AI's power and mitigating its risks to trust and identity.

Analyst 207
Windows computer on a desk with a laptop screen showing an authentication prompt and a nearby smartphone, in a bright…

Microsoft Bolsters Entra with Passkey Support on Windows

Say goodbye to passwords! Microsoft is bolstering Entra with passkey support on Windows, allowing users to authenticate with a face scan, fingerprint, or PIN for added security and convenience.

Analyst 207
Laptop screen shows Slack channel with plain-text password pinned amidst cluttered workspace.

Weak Passwords Expose Firms to Data Loss Risk

One careless decision - using the same easily-guessable password across multiple environments - left a client vulnerable to disaster, despite a hefty investment in security tools. A simple password like "admin123" pinned in a shared Slack channel created a single point of failure that put the entire system at risk.

Analyst 207
A lone figure stands before a shattered mirror, with a broken smartphone nearby and humming machines in the background.

Enterprises Face Identity Crisis as Machine Access Surges

As AI agents increasingly reshape enterprise operations and defenses, a new reality sets in: machine identities are surging, outnumbering human users and introducing unprecedented risks that are autonomous, fast-moving, and difficult to control. This seismic shift demands attention, as organizations scale AI and transform their attack surfaces and decision flows.

Analyst 207
A crowded server room with glowing orbs representing non-human identities swirling around humming machines, and a single…

AI Agents Fuel 76% Surge in Non-Human Identities

The machines are catching up - a staggering 76% surge in non-human identities, driven by AI agents acting on our behalf, is raising critical questions about governance and control. As these machine-driven identities multiply, gaps in oversight are emerging, threatening to upend traditional operational and policy domains.

Analyst 207
Shattered mirror reflects blurred silhouette amidst puzzle pieces, cityscape, and cracked mobile devices.

Identity Fragmentation Exposes Growing Enterprise Security Risks

As organizations scale, identities are scattering across apps, teams, and systems, creating a blind spot in centralized view and giving rise to what The Hacker News calls Identity Dark Matter. This fragmented state of modern enterprise identity is pushing IAM to the breaking point, exposing growing security risks that demand attention.

Analyst 207
Linx Security Bolsters Identity Governance with $50M Funding

Linx Security Bolsters Identity Governance with $50M Funding

Linx Security just secured $50 million to revolutionize identity governance with an AI-native approach, closing gaps that leave organizations vulnerable to attack. With this funding, they'll scale their cutting-edge platform to automate identity management and safeguard enterprises.

Analyst 207
NIST Unveils Critical Identity Verification Standard for Federal Workers

NIST Unveils Critical Identity Verification Standard for Federal Workers

The National Institute of Standards and Technology (NIST) has just unveiled a groundbreaking identity verification standard to safeguard the identities of federal workers and contractors, addressing the growing threat of identity theft and cybersecurity breaches. This critical new standard is a major step forward in protecting sensitive information and preventing unauthorized access.

Analyst 207
AI security Must-Have: Best Defense Tactics

AI security Must-Have: Best Defense Tactics

PwC finds organizations are now prioritizing AI security over cloud and network defenses, reallocating budgets to protect models, training data and inference pipelines from novel attacks. That shift means stronger governance, adversarial testing and monitoring are needed to make AI a strategic asset rather than a new liability.

Analyst 207
Salesforce platforms: Must-Have Critical Security Guide

Salesforce platforms: Must-Have Critical Security Guide

The FBI just flagged active campaigns targeting Salesforce platforms—if you rely on Salesforce for customer data, now’s the time to harden access, rotate tokens, and audit integrations. Take a few simple steps today to prevent data theft, detect suspicious exports, and reduce your risk before attackers strike.

Analyst 207
data breaches in schools: Urgent Exclusive Warning

data breaches in schools: Urgent Exclusive Warning

A new ICO warning shows student hacks are increasingly exposing sensitive school data and could be training tomorrow’s cybercriminals. Schools urgently need practical security upgrades, ethics lessons and better funding to protect pupils and restore parental trust.

Analyst 207
Active Directory: Risky Stunning Defaults Endanger Hospitals

Active Directory: Risky Stunning Defaults Endanger Hospitals

When attackers used Kerberoasting to cripple Ascension, Senator Wyden warned Microsoft’s defaults may be putting patients at risk — sparking an FTC probe and a wider debate over vendor responsibility versus hospital readiness. It’s a wake-up call: better identity hygiene and safer out‑of‑the‑box settings could be the difference between uninterrupted care and real harm.

Analyst 207