All CosmicBytez Labs articles tagged #Identity Security, across news, security advisories, how-to guides, and projects.
Sophos 2026: 79% of ransomware attacks start with stolen identities. MFA was present in 97% of credential-based cases yet failed to stop every one of them.
This week: Progress ShareFile and SonicWall hit with chained zero-days, the US sanctions its first VPN provider, ShinyHunters walks into Salesforce through the front door, and a 1.6M-install browser extension was hiding a dormant data collector the whole time.
Varonis has launched Breach at the Beach, a free hands-on Capture the Flag competition designed to teach defenders how attackers abuse Microsoft Entra ID through realistic attack scenarios — from privilege escalation to lateral movement across identity systems.
Cisco has acquired Astrix Security and WideField to build out non-human identity (NHI) protection capabilities, betting that securing AI agents, service...
SailPoint's acquisition of Israeli startup Entro adds non-human identity and secrets management to its IGA platform, addressing a critical gap as machine...
Strong AD passwords don't have to mean frustrated users — passphrases, breached-password checks, and self-service resets balance security and usability.
Resetting compromised passwords is a natural first response to a breach, but it's not enough. Cached credentials, Kerberos ticket grants, and persistent...
A new iteration of the ConsentFix attack toolkit has surfaced on cybercriminal forums, adding automation and scaling capabilities to OAuth consent...
The Vercel breach, traced to a compromised third-party AI tool with OAuth access, illustrates how Shadow AI adoption and unchecked OAuth integrations are...
Stolen credentials remain the dominant initial access vector in 2026 — no zero-days, no malware, just valid logins that blend in with normal activity...
Credential-based attacks now dominate the threat landscape, and traditional detection models are failing. Here are the fundamental shifts cybersecurity...
Infostealers are harvesting credentials and session cookies at scale, quietly bypassing MFA and traditional defenses. Here's why organizations need...
A new report reveals how industrialized credential theft has become the common thread connecting ransomware campaigns, SaaS platform breaches, and...
New CISA directive requires all federal civilian agencies to implement comprehensive zero trust security architecture by September 2027, setting a...