Cloud Security
The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled.
Hi, what are you looking for?
Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials.
The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled.
Researchers at enterprise browser security firm SquareX showed how an attacker can impersonate a user and bypass passkey security.
1Kosmos has raised $57 million in Series B funding, which brings the total raised by the company to $72 million.
As attackers target help desks and identity systems, traditional security perimeters are proving insufficient against agile, socially-engineered threats.
Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion.
Why context, behavioral baselines, and multi-source visibility are the new pillars of identity security in a world where credentials alone no longer cut it.
Strategic acquisitions marks Palo Alto Networks' formal entry into the identity security space and accelerates its platform strategy.
‘Machine identities’, often used interchangeably with ‘non-human identities’ (NHIs), have been increasing rapidly since the start of digital transformation.
New research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023.
The future of secure digital engagement depends on continuous identity verification and proofing that can scale with risk.
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords.
Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.
Identity security automation platform Cerby has raised $40 million in Series B funding to scale operations.
Akamai documents a privilege escalation flaw in Windows Server 2025 after Redmond declines to ship an immediate patch.
Microsoft is prioritizing passwordless sign-in and sign-up methods, and is making new accounts passwordless by default.
San Francisco identity security play Veza closes a Series D fund round led by New Enterprise Associates (NEA).
Push Security has raised $30 million in Series B funding to scale its browser-based identity security platform.
Identity protection startup AuthMind has announced raising $19.3 million in a seed funding round led by Cheyenne Ventures.
CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack.
Major companies have agreed to gradually reduce the lifetime of TLS certificates over the next few years.