Collecting Cyber-News from over 60 sources

Tag: identity

What happens when your identity provider becomes the kill chain

May 20, 2026 7:00 AM

Tags: identity

In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/idp-kill-chain-video/
The Invisible Workforce: Why Your Household Apps Now Have Their Own Digital IDs

May 19, 2026 8:00 PM

Tags: ai, api, cloud, identity, software

Most people understand what it means to protect a human identity because the dangers of someone impersonating you online or stealing and cloning your card are immediately obvious. Today, organisations rely on thousands of non-human identities that belong to software applications, cloud workloads, APIs, bots, and now AI agents as well, which can affect almost…
Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report

May 19, 2026 6:00 PM

Tags: ai, cyber, identity

New York, United States, May 19th, 2026, CyberNewswire New research shows identity dark matter continues to expand and erode enterprise identity, resulting in a fragile foundation for agent AI readiness and adoption Orchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise…
Analysis: Amid Claude Mythos FUD, Don’t Forget About Identity

May 19, 2026 5:00 PM

Tags: ai, flaw, identity, software, update, vulnerability

While updating your patching practices will be essential amid powerful AI vulnerability discovery technologies such as Anthropic’s Claude Mythos, preventing attackers from fully utilizing software flaws will require identity hardening as well. First seen on crn.com Jump to article: www.crn.com/news/security/2026/analysis-amid-claude-mythos-fud-don-t-forget-about-identity
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation

May 19, 2026 5:00 PM

Tags: flaw, identity, microsoft, vulnerability

Microsoft’s total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and identity abuse. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-microsoft-vulnerabilities-doubled-from-exposure-to-escalation/
Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report

May 19, 2026 4:00 PM

Tags: identity

New York, United States, 19th May 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/two-thirds-of-nonhuman-accounts-are-unseen-and-unmanaged-according-to-orchid-securitys-identity-gap-report/
Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365

May 19, 2026 10:00 AM

Tags: attack, breach, cloud, cyberattack, data, identity, infrastructure, intelligence, microsoft, service, theft, threat

Microsoft Threat Intelligence has disclosed details of a cyberattack carried out by a threat actor tracked as Storm-2949, which escalated from a targeted identity compromise into a large-scale breach of cloud infrastructure and sensitive enterprise systems. The campaign focused heavily on data theft from Microsoft 365 services, Azure-hosted production environments, and cloud storage resources, demonstrating how compromised identities can…
Cyber attackers bypass traditional defences as ‘user-driven’ attacks surge, Bridewell warns

May 18, 2026 5:00 PM

Tags: attack, cyber, exploit, identity, intelligence, malware, threat, tool

Cyber attackers are increasingly sidestepping traditional security tools by exploiting users themselves, according to Bridewell’s newly released Cyber Threat Intelligence Report 2026. The report highlights a significant shift in attacker behaviour, with threat actors moving away from malware-heavy campaigns towards identity-driven and socially engineered attacks that operate within trusted systems, often leaving little trace for…
AI coding is fueling a secrets-sprawl crisis few CISOs are containing

May 18, 2026 12:00 PM

Tags: access, ai, api, automation, awareness, business, ceo, ciso, control, credentials, data-breach, detection, governance, identity, leak, privacy, programming, risk, service, software, supply-chain, threat, tool, training, unauthorized

Addressing the broader issue: As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up.”We focus on both, but the risk profile is very different, what’s identified in Jira or Slack is far…
AI coding is fueling a secrets-sprawl crisis few CISOs are containing

May 18, 2026 12:00 PM

Tags: access, ai, api, automation, awareness, business, ceo, ciso, control, credentials, data-breach, detection, governance, identity, leak, privacy, programming, risk, service, software, supply-chain, threat, tool, training, unauthorized

Addressing the broader issue: As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up.”We focus on both, but the risk profile is very different, what’s identified in Jira or Slack is far…
The Next Cybersecurity Challenge May Be Verifying AI Agents

May 16, 2026 12:00 AM

Tags: ai, control, cybersecurity, identity

AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential. First seen on hackread.com Jump to article: hackread.com/next-cybersecurity-challenge-verifying-ai-agents/
Autonomous systems are finally working. Security is next

May 15, 2026 1:00 PM

Tags: access, ai, cloud, credentials, data, defense, exploit, identity, infrastructure, injection, risk

Security still runs at human speed: Despite advances in infrastructure, cloud and AI, the underlying workflow of security operations has not fundamentally changed. At its core, security still operates as a human-driven process: Alerts are generated, analysts investigate, context is assembled manually and decisions are made under pressure. This model was sufficient when environments were…
EU’s Cyber Resiliency Act will put IT leaders to the test

May 15, 2026 12:00 PM

Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerability

Product safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
EU’s Cyber Resiliency Act will put IT leaders to the test

May 15, 2026 12:00 PM

Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerability

Product safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
White House cyber official: identity security matters more than ever in the age of AI

May 14, 2026 11:00 PM

Tags: ai, cyber, cybersecurity, identity, threat, tool

While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday. First seen on cyberscoop.com Jump to article: cyberscoop.com/white-house-federal-identity-security-ai-risks/
King’s Speech paves the way for digital ID

May 14, 2026 7:00 PM

Tags: access, framework, identity, service

The speech outlined plans for a Digital Access to Services Bill, establishing a legal framework for the use of digital identity, which has received mixed responses First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643097/Kings-Speech-paves-the-way-for-digital-ID
Palo Alto Networks bets on identity security for autonomous AI with Idira launch

May 14, 2026 12:01 PM

Tags: ai, attack, business, ceo, ciso, cloud, credentials, cybersecurity, governance, identity, injection, intelligence, least-privilege, mfa, network, RedTeam, risk, soc, threat, tool, vulnerability

CISOs navigate AI risks: For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale.Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and…
Most Organizations Now Use AI Agents for Sensitive Security Tasks

May 14, 2026 12:01 PM

Tags: ai, attack, identity, infrastructure

Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/most-organizations-ai-agents/
Identity takes center stage as a leading factor in enterprise cyberattacks

May 12, 2026 6:19 PM

Tags: attack, cyberattack, identity, ransomware

A new report shows two-thirds of ransomware attacks began with an identity-related breach. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/identity-enterprise-cyberattacks-ai-ransomware/819977/
Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts

May 12, 2026 3:19 PM

Tags: attack, breach, corporate, cyber, data, data-breach, identity, threat

Global real estate powerhouse Cushman & Wakefield is the latest casualty in an escalating war of corporate extortion. Following a tense >>pay or leak<< standoff, the notorious ShinyHunters threat syndicate has carried out its threat, dumping hundreds of thousands of corporate records online. This massive exposure highlights the growing danger of identity-based attacks targeting massive…
Developer workstations are the new beachhead

May 12, 2026 1:18 PM

Tags: access, application-security, attack, authentication, cloud, container, control, credentials, edr, endpoint, exploit, github, group, Hardware, identity, incident response, infrastructure, malware, mfa, monitoring, network, software, supply-chain, threat, update

The economics that drive the convergence: A typical developer workstation holds SSH keys, cloud provider credentials, container registry tokens, Git authentication tokens and CI/CD pipeline secrets. Many developers have administrative access to internal package registries and deployment infrastructure. Their machines often sit outside the hardened perimeter that security teams build around production systems.From an attacker’s…
How Organizations Are Strengthening Defenses Against Scattered Spider

May 12, 2026 1:18 PM

Tags: defense, finance, healthcare, identity, insurance, service

An On Demand video from ID Dataweb. Scattered Spider continues to evolve, and organizations across financial services, healthcare, insurance, telecommunications, and other sectors are strengthening defenses against increasingly sophisticated identity-driven threats. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/how-organizations-are-strengthening-defenses-against-scattered-spider-a-31660
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
Why patching SLAs should be the floor, not the strategy

May 12, 2026 12:19 PM

Tags: attack, authentication, business, cisa, ciso, compliance, control, cve, cvss, cyber, exploit, flaw, grc, identity, kev, metric, risk, service, strategy, tool, update, vulnerability, vulnerability-management

SLAs measure discipline, not risk: Here’s the mental model I’ve been pushing with my peers. Think of patching SLAs the way you think of fire drills. Fire drills are necessary. They prove that, on a predictable cadence, your organization can execute a known procedure. No one in charge of a building full of people would…
Identity security firm SailPoint discloses GitHub repository breach

May 11, 2026 9:19 PM

Tags: access, breach, control, cybersecurity, data, github, governance, identity

SailPoint disclosed a GitHub repository breach on April 20. The company contained the incident and said no customer data was affected. SailPoint is a cybersecurity company that provides identity security and identity governance solutions for enterprises. Its products help organizations manage and control user access to systems, applications, and sensitive data. SailPoint revealed a cybersecurity…
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

May 11, 2026 6:18 PM

Tags: ai, cyber, cybersecurity, identity, infrastructure

Dubai, UAE, May 11th, 2026, CyberNewswire Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification, slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two milestones that together position the company as foundational infrastructure for […]…
Identity is the new perimeter as rapid NHI proliferation threatens visibility and control

May 11, 2026 5:20 PM

Tags: control, identity, technology

NHIs are linked to diverse assets across the enterprise technology ecosystem, creating a highly fragmented architecture and making it challenging for security teams to maintain visibility and control. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/identity-is-the-new-perimeter-as-rapid-nhi-proliferation-threatens-visibili/819411/
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

May 11, 2026 5:20 PM

Tags: ai, attack, ceo, cyber, cybersecurity, exploit, framework, github, Hardware, identity, infrastructure, Internet, penetration-testing, RedTeam, risk, threat, tool, vulnerability, zero-day

Identity, who the AI agent is.Scope, what it is authorized to do.Attestation, whether it or its instructions have been tampered with.Delegation, who delegated authority.Revocation, whether that authority has been revoked.”Every AI agent on the internet today is a stranger. You don’t know who it is, what it’s authorized to do, or whether it’s been tampered…
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution

May 11, 2026 5:20 PM

Tags: ai, attack, authentication, breach, cloud, control, credentials, data, data-breach, defense, exploit, framework, governance, identity, infrastructure, Internet, LLM, malicious, monitoring, network, risk, service, supply-chain, threat, tool, vulnerability, zero-trust

The epistemological chasm: What renders MCP vulnerabilities particularly vexatious is the fundamental asymmetry they exploit between machine cognition and human oversight.Tool poisoning attacks insert malevolent instructions into tool metadata that LLMs process with complete fidelity but that remain utterly invisible to human operators. The machine perceives everything; its ostensible supervisors perceive nothing. We have unwittingly…