credential management

Semperis researchers have identified a critical design flaw in Windows Server 2025's delegated Managed Service Accounts (dMSAs), termed the "Golden dMSA" vulnerability. This flaw allows attackers to achieve persistent, undetected access to managed service accounts, potentially exposing resources...

A pivotal security development has emerged from the world of enterprise identity management: a critical flaw has been identified in delegated Managed Service Accounts (dMSA) within Windows Server 2025. This vulnerability, discovered and named the “Golden dMSA” attack by Semperis security...

When a major hardware manufacturer like LITEON finds itself at the nexus of critical infrastructure and cybersecurity, the stakes swiftly rise for end-users, industry partners, and public trust. Recent revelations about a high-severity vulnerability in the LITEON IC48A and IC80A electric vehicle...

When the security of critical infrastructure is at stake, vulnerabilities in widely deployed platforms like Hitachi Energy’s Asset Suite command urgent attention across enterprise IT, operational technology, and national security communities. Recent revelations highlight significant security...

A newly disclosed security flaw in Git for Windows has sent ripples through the developer and IT community, raising urgent concerns about software supply chain security and credentials management within the Windows ecosystem. Tracked as CVE-2025-48386, this vulnerability zeroes in on the Git...

In recent years, the cybersecurity landscape has witnessed a dramatic escalation in identity-based attacks, with employee login credentials becoming prime targets for cybercriminals. This surge is largely attributed to the proliferation of sophisticated yet affordable tools that facilitate such...

A new and deeply concerning vulnerability known as the FileFix attack has surfaced, exposing a blind spot in Windows’ security posture that could have serious consequences for ordinary users and enterprises alike. Leveraging nuances in how Windows handles local HTML applications and the Mark of...

Cybersecurity researchers have recently uncovered a sophisticated attack technique that exploits misconfigured Microsoft Azure Arc deployments, enabling adversaries to escalate privileges from cloud environments to on-premises systems and maintain persistent access within enterprise...

Microsoft Azure Arc stands as a transformative force in the modern enterprise IT landscape, seamlessly extending Azure’s native management framework into on-premises and multi-cloud domains. By bridging Azure Resource Manager functionalities with disparate resources—from traditional servers and...

The digital security landscape is undergoing a significant transformation as passwords, long regarded as both essential and vulnerable, begin to yield to more advanced forms of authentication. Microsoft has been at the forefront of this evolution, aggressively pursuing a passwordless future...

Few technological changes in the Windows ecosystem have felt as momentous—or overdue—as Microsoft’s bold leap toward a passwordless future. With the introduction of enhanced passkey support in Windows 11, now available in Insider Preview Build 26200.5670 (KB5060838), Microsoft is not just racing...

Microsoft has taken a significant step toward a passwordless future by integrating 1Password with Windows 11, enabling passkey-based sign-ins. This collaboration allows users to authenticate seamlessly using biometric data, such as fingerprints or facial recognition, enhancing both security and...

In 2024, the Supreme Court of Buenos Aires (SCBA), one of Latin America's largest provincial judicial institutions, faced significant challenges with its traditional credentialing system. The existing process was cumbersome, costly, and inefficient, leading to delays and security...

Microsoft’s push toward a passwordless future took a significant step forward this week, as the company began testing third-party passkey integration in Windows 11 for users enrolled in its Dev and Beta Insider channels. While the concept of “passwordless” authentication isn’t new, the practical...

Windows 11 is poised to revolutionize password management by integrating passkey support, starting with a collaboration with 1Password. This partnership enables users to store and manage passkeys within their existing 1Password vaults, as well as create new passkeys directly through the password...

Enterprising threat actors have long sought creative new ways to exploit increasingly complex cloud ecosystems, but a chilling series of events recently unveiled by security researchers at ITM8 demonstrates just how swiftly multiple small oversights in Microsoft Azure can be woven into an attack...

Microsoft’s expansion of passkey (FIDO2) authentication methods within Entra ID marks a pivotal evolution in the company’s approach to enterprise security, bringing greater flexibility, granular control, and broader device support for organizations across global and highly regulated...

Cloud-reliant enterprises and everyday users awoke to yet another reminder of the intricacies and fragility underlying even the world’s most trusted digital platforms. Microsoft 365, the software suite at the core of productivity for millions, recently suffered from widespread authentication...

In a significant advancement for enterprise security, Microsoft has introduced a feature in Edge for Business that allows IT administrators to deploy encrypted passwords directly to users' browsers. This innovation aims to eliminate the risks associated with traditional password-sharing methods...

In what has quickly become one of the most alarming enterprise security revelations of the year, Cisco’s Identity Services Engine (ISE) has been found critically vulnerable when deployed on major cloud platforms including Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud...