credential management

A newly revealed security flaw in Microsoft Exchange hybrid configurations has sent ripples of concern through the IT community, as organizations with combined on-premises and cloud email environments are now exposed to invisible privilege escalation attacks. The critical vulnerability...

In early 2024, a proactive collaboration between the Cybersecurity and Infrastructure Security Agency (CISA) and the United States Coast Guard (USCG) brought renewed scrutiny to the state of cyber hygiene across America’s critical infrastructure. The joint threat hunt, conducted at the behest of...

Windows operating systems are equipped with a plethora of built-in utilities that often go unnoticed by the average user. These tools can significantly enhance productivity, streamline system management, and provide advanced functionalities without the need for third-party software. Here, we...

Hello, I have a computer that is not a member of a Windows domain and I access a folder on the file server through a shortcut and username defined in Active Directory. When I check the Event Viewer, there are a lot of ID 4648 and the username is locked in Active Directory: I unlock the...

A pivotal security development has emerged from the world of enterprise identity management: a critical flaw has been identified in delegated Managed Service Accounts (dMSA) within Windows Server 2025. This vulnerability, discovered and named the “Golden dMSA” attack by Semperis security...

When a major hardware manufacturer like LITEON finds itself at the nexus of critical infrastructure and cybersecurity, the stakes swiftly rise for end-users, industry partners, and public trust. Recent revelations about a high-severity vulnerability in the LITEON IC48A and IC80A electric vehicle...

The digital security landscape is undergoing a significant transformation as passwords, long regarded as both essential and vulnerable, begin to yield to more advanced forms of authentication. Microsoft has been at the forefront of this evolution, aggressively pursuing a passwordless future...

Microsoft’s push toward a passwordless future took a significant step forward this week, as the company began testing third-party passkey integration in Windows 11 for users enrolled in its Dev and Beta Insider channels. While the concept of “passwordless” authentication isn’t new, the practical...

Windows 11 is poised to revolutionize password management by integrating passkey support, starting with a collaboration with 1Password. This partnership enables users to store and manage passkeys within their existing 1Password vaults, as well as create new passkeys directly through the password...

Enterprising threat actors have long sought creative new ways to exploit increasingly complex cloud ecosystems, but a chilling series of events recently unveiled by security researchers at ITM8 demonstrates just how swiftly multiple small oversights in Microsoft Azure can be woven into an attack...

Cloud-reliant enterprises and everyday users awoke to yet another reminder of the intricacies and fragility underlying even the world’s most trusted digital platforms. Microsoft 365, the software suite at the core of productivity for millions, recently suffered from widespread authentication...

In what has quickly become one of the most alarming enterprise security revelations of the year, Cisco’s Identity Services Engine (ISE) has been found critically vulnerable when deployed on major cloud platforms including Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud...

A critical vulnerability has been identified in Cisco's Identity Services Engine (ISE) deployments across major cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). This flaw, designated as CVE-2025-20286, carries a near-maximum Common...

A critical security flaw in Cisco’s Identity Services Engine (ISE), catalogued as CVE-2025-20286 with a near-maximum CVSS score of 9.9, is sending shockwaves throughout enterprise IT and cloud security communities alike. The vulnerability, disclosed by Cisco earlier this week and corroborated by...

In the rapidly evolving landscape of cybersecurity, the management of non-human identities (NHIs)—such as applications, scripts, and service accounts—has emerged as a critical challenge. Aembit, a leader in non-human identity and access management (IAM), has recently expanded its Workload IAM...

OpenAI’s recent move to enable “Sign in with ChatGPT” across third-party apps is poised to reshape the digital authentication landscape—a domain historically dominated by stalwarts like Apple, Google, and Microsoft. The implications of this development stretch far beyond expanded convenience...

As the cybersecurity landscape continues to evolve, organizations increasingly rely on software-as-a-service (SaaS) solutions for essential operations such as cloud-based data backup and disaster recovery. However, with this shift comes new and complex threats—highlighted by the US Cybersecurity...

The sudden exposure of key Commvault infrastructure has ignited urgent concern among SaaS providers and cybersecurity professionals alike, highlighting an increasingly complex threat landscape for cloud-based data protection platforms. The U.S. Cybersecurity and Infrastructure Security Agency...

In recent months, Commvault, a prominent data management and security firm, has been the target of sophisticated cyberattacks attributed to nation-state actors. These incidents have raised alarms within the cybersecurity community, prompting the U.S. Cybersecurity and Infrastructure Security...

The announcement of cyber threat activity targeting Commvault’s flagship SaaS cloud application, Metallic, marks a pivotal moment for cloud security and Managed Service Providers (MSPs), especially those tasked with safeguarding Microsoft 365 (M365) environments. As the wave of sophisticated...