A token-theft workflow tied to Umbrij shows how ordinary browser developer features can be turned into quiet access to corporate Gmail and other Google services.
Non-human identities like service accounts, tokens, and secrets are often dozens of times more numerous than users, and that imbalance makes credential lifecycle management a core security problem.
Gartner’s forecast of US$234 billion in exposed SaaS spend is less about a software collapse than a shift in control, where permissions, contracts, and machine memory matter more than dashboards.
ConsentFix and ClickFix show how a fake prompt and an OAuth flow can turn Microsoft 365 identity controls into a fast-moving token theft problem.
A phishing kit tied to Microsoft 365 targeting shows how attackers can lean on legitimate cloud login flows, trusted collaboration branding, and edge-hosted delivery to turn identity into the attack surface.
Identity recovery is less about bringing servers back online and more about proving that authentication, authorization, and trust can safely resume.
A two-week burst of automated sign-in attempts shows how password spraying can strain cloud defenses even when the full extent of account impact is still unclear.
SSPM shifts cloud defense toward the place many teams least control: the configuration and delegated access of SaaS apps they use every day.
A massive credential campaign against Microsoft 365 shows how distributed password spraying can turn identity controls into the real front line of cloud defense.
A two-week wave of password spraying against Microsoft 365 shows how weak credentials and permissive sign-in controls can turn identity into the softest layer of cloud security.
The Porto di Ancona case points to a harsh lesson for critical infrastructure: cloud identity failures can disrupt operations even when industrial systems are reportedly untouched.
A huge password-spray wave against Microsoft’s command-line cloud tooling shows why authentication, not code, is often the real battleground in modern cloud attacks.
A high-volume spray campaign against Azure CLI sign-ins shows how cloud attackers often hunt for weak identity settings instead of breaking software.
A frontier model tied to Anthropic is described as finding thousands of bugs in weeks, exposing a deeper problem: remediation is still human-speed while discovery may no longer be.
NordPass is pushing its Business plans with a steep discount, and the real message is that safer credential handling remains a budget decision for many companies.
A new partner push around machine and agent identity security shows how enterprise trust is moving beyond human logins and into the cryptographic systems that keep software, devices, and AI agents in check.
AppViewX has launched its first global Partner Program, pairing machine and agent identity security with enablement and co-selling support after its Agent Identity Security rollout.
Username reservations ahead of WhatsApp’s planned 2026 rollout are designed to let people chat without handing over a phone number, a modest-looking change with outsized identity and abuse implications.
A public victim listing names Agroprime, but the available evidence does not independently confirm compromise, data theft, or operational disruption.
A move toward unique email addresses for most profiles adds friction to shared accounts and pushes Netflix further into profile-level access control.