Tag: identity security
24 articles

NSA, CISA Warn Federal Agencies of Identity Security Risks
The NSA and CISA are sounding the alarm: identity security risks are now the frontline in federal cybersecurity, with Active Directory and Entra ID being prime targets for cyber attackers. Recent incidents show that nearly 75% of major federal cyber breaches in the last five years involved compromised identities.

AI Agents Expose Identity Security Gap
The alarming truth is that security systems, designed with people in mind, are failing to protect against AI agents - and the consequences are stark. A single compromised machine identity can become a gateway to a vast array of sensitive information, as a recent breach involving an OAuth token and hundreds of organizations painfully illustrates.

Identity Crime Incidents Multiply for Victims, ITRC Data Reveals
The alarming rise in identity crime incidents is not just about the numbers, but also the disturbing pattern of recurrence, with nearly 26% of victims experiencing multiple concurrent incidents, according to the Identity Theft Resource Center's 2026 Trends in Identity Report. This growing multi-layered crisis sees single compromises snowballing into additional incidents across accounts and institutions.

Strengthening Active Directory Password Rules Without Frustrating Users
Want to boost your Active Directory password security without driving users crazy? Ditch outdated complexity rules and switch to passphrases - longer, multi-word passwords that are easier to remember and harder for hackers to crack.

Device Security Must Complement Identity to Thwart Modern Threats
Authentication is no longer enough to guarantee security - even with multi-factor authentication in place, phishing kits can capture session tokens, allowing attackers to bypass security checks undetected. As a result, device security must step up to complement identity and prevent modern threats.

AI Adoption Exposes Identity Security Blind Spots
As organizations rapidly adopt AI, they're unwittingly creating a surge in non-human identities - like AI agents and machine identities - that are outpacing their ability to manage and secure them, leaving them vulnerable to new security risks. This blind spot is exposing companies to excessive privileges, unmanaged access, and orphaned accounts, threatening their security, compliance, and operations.

AI Agents Expose Blind Spots in APAC Enterprise Security
Attackers are now targeting AI agents embedded within APAC enterprises, exploiting weaknesses in non-human identities to gain access to sensitive systems, data, and workflows. This emerging threat highlights a significant blind spot in enterprise security, one that's ripe for exploitation by malicious actors.

AI Agents Expose Organizations to Identity Security Risks
Most organizations are unwittingly rolling out AI agents that can open the door to identity security breaches, with 93% using or planning to use them for sensitive tasks like password resets and VPN access. Despite this, many admit that these agents create new vulnerabilities.

UK Workers Sell Corporate Logins, Exposing Firms to Cybercrime
One in eight UK employees at large firms have sold or know someone who has sold corporate logins in the past year, a shocking trend that puts companies at risk of cybercrime. Alarming still, many justify this risky behaviour, with senior executives being more likely to think selling credentials is acceptable.

AI Agents Expose Identity Security Gaps
Imagine an AI agent that can uncover thousands of hidden security vulnerabilities, some of which have gone undetected for nearly 30 years - and the potential risks that come with it falling into the wrong hands. A single powerful AI agent can scan for weaknesses faster and more persistently than hundreds of human hackers, highlighting a pressing need for secure deployment.

Silverfort Injects AI into Access Decisions with Fabrix Buy
With Fabrix acquisition, Silverfort supercharges access decisions with AI, aiming to revolutionize identity security by automating routine tasks and reserving human oversight for high-stakes situations. This game-changing move enables businesses to scale security efficiently, freeing up human experts to focus on critical decisions.

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers
Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

Password Resets Expose Vulnerability in Corporate Security
Did you know that password resets can cost companies a whopping $70 each, and with stolen credentials involved in nearly 45% of breaches, it's clear that corporate security is vulnerable to attack.

Artemis Secures $70M to Deploy AI Agents Against Cyber Threats
Meet Artemis, a game-changing startup that's using AI agents to revolutionize the way organizations detect and investigate cyber threats - and they've just secured $70 million in funding to make it happen. By ditching outdated security systems, Artemis is pioneering a bold new approach to threat detection with AI-driven agents that span cloud, identity, and endpoints.

Zero Trust Fortifies Identity Security Against Credential Exploits
Stolen credentials are a hacker's dream come true, leading to easy privilege escalation and full network compromise - but what if you could lock down your identities and shut the door on these threats? An identity-first Zero Trust approach is the powerful solution you need to fortify your security.

Biometric Authentication Fortifies Against Stolen Credential Attacks
In a world where stolen credentials can turn authentication systems against us, traditional multifactor authentication can become just another vulnerability to exploit. Biometric authentication offers a powerful solution, fortifying defenses against stolen credential attacks by making it virtually impossible for hackers to replicate your unique identity.

Securing Identities in a Decentralized Workforce
In today's decentralized workforce, the traditional network perimeter has disappeared, leaving us with a pressing question: who's responsible for securing identities when and where work happens? The shift to hybrid work has created a diffuse and distributed perimeter, where users and applications are scattered across various networks, devices, and clouds, making it harder for traditional security models to keep up.

Oasis Bolsters Agentic Security with $120M Series B
As AI adoption surges, a critical question emerges: how can organizations safeguard their security and integrity while scaling AI agents and automated systems? Oasis Security tackles this challenge head-on with a $120M Series B investment, empowering enterprises to securely manage the explosion of non-human identities and AI agents.

CrowdStrike Stunning SGNL Deal Offers Best Identity Shield
CrowdStrike’s $740M acquisition of SGNL flips identity security from login to continuous authorization—pairing SGNL’s real‑time identity signals with CrowdStrike’s telemetry to fix identity hygiene and curb misuse by service accounts, machine IDs and AI agents. It’s a decisive bet that identity, not just authentication, is the new frontline of cyber defense.

CrowdStrike Must-Have Deal Secures Identity Effortlessly
CrowdStrike’s $740M SGNL move is a must-have play in identity security—shifting the fight from “who are you?” to “what are you allowed to do?” as runaway machine identities like API keys and AI agents open easy paths for attackers. The goal: give enterprises the visibility and governance to find and lock down forgotten or over‑privileged non‑human accounts before they cause breaches.

Enterprise Credentials: Stunning Threats, Critical Fixes
One believable I thought it was from IT can hand attackers the keys to your company — enterprise credentials are now the battleground, from hard‑coded device logins to leaked cloud secrets. Rotation, least‑privilege access, and moving secrets out of code with vaults and managed identities aren’t optional anymore; they’re your frontline defenses.

IGA tool: Must-Have Free Boost for Identity Security
Think of an IGA tool as a free, high-impact lever that turns messy access lists into a clear map of who can do what—so a careless click doesn’t become a crisis. For small and midsize teams it delivers fewer misconfigurations, faster incident response, and compliance-ready controls without the enterprise price tag.

phishing-as-a-service: Stunning Risky Threat
Think a thief who never touches the lock — VoidProxy is a phishing-as-a-service that intercepts live logins, relays MFA and session tokens in real time, and lets attackers quietly hijack Microsoft and Google accounts. Learn why layered defenses, hardware-backed keys, and session risk detection are now essential to stop these fast, stealthy takeovers.

Active Directory: Risky Stunning Defaults Endanger Hospitals
When attackers used Kerberoasting to cripple Ascension, Senator Wyden warned Microsoft’s defaults may be putting patients at risk — sparking an FTC probe and a wider debate over vendor responsibility versus hospital readiness. It’s a wake-up call: better identity hygiene and safer out‑of‑the‑box settings could be the difference between uninterrupted care and real harm.