identity security

In 2024, the Supreme Court of Buenos Aires (SCBA), one of Latin America's largest provincial judicial institutions, faced significant challenges with its traditional credentialing system. The existing process was cumbersome, costly, and inefficient, leading to delays and security...

Microsoft’s cloud ecosystem continues to underpin enterprise digital transformation—yet the discovery and persistence of the nOAuth vulnerability within Entra-integrated applications shines a harsh light on lingering risks at the intersection of identity management, software-as-a-service, and...

A critical authentication flaw within Microsoft’s Entra ID ecosystem continues to threaten tens of thousands of enterprise applications worldwide, illustrating a profound challenge for the current state of SaaS security two years after its discovery. The vulnerability, dubbed “nOAuth,” first...

Microsoft Defender for Identity is taking a significant leap forward in security operations efficiency by introducing domain-based scoping for Active Directory (AD), a much-awaited feature now rolling out in public preview. As environments grow in size and complexity, security teams grapple with...

Microsoft is set to enhance the security framework of its Microsoft 365 suite by phasing out outdated file access methods starting in mid-July 2025. This initiative will disable legacy authentication protocols such as Relying Party Suite (RPS) and FrontPage Remote Procedure Call (FPRPC) across...

In the shadowy landscape of cybersecurity, most organizations wrestle with threats as old as the internet itself: brute-forced passwords, relentless phishing campaigns, and credential stuffing attacks. Yet, among these familiar dangers, a more insidious risk quietly stalks even the most...

A new and deeply concerning evolution in cyberattack methodology is putting Microsoft Entra ID (formerly known as Azure Active Directory) users and organizations at unprecedented risk. This surge in account takeover (ATO) campaigns exploits TeamFiltration—a legitimate penetration testing tool...

Microsoft account users are once again facing a formidable cybersecurity threat—this time in the form of an aggressive password spraying campaign targeting Entra ID accounts at an unprecedented scale. According to multiple verified industry sources, a threat group known as SneakyStrike, also...

In today’s enterprise security landscape, identity has become the new battleground. As cloud adoption accelerates and hybrid workforces proliferate, attackers—ranging from nation-state actors to cybercriminal organizations—are no longer exclusively targeting endpoints or applications. Instead...

A new chapter in the ongoing battle for cloud security unfolded recently, as researchers disclosed a brazen and remarkably methodical campaign that has compromised over 80,000 user accounts spanning hundreds of organizations. The abuse of penetration testing tools—originally intended as shields...

In a significant development for enterprise security, Semperis has announced enhancements to its Directory Services Protector (DSP) platform, aimed at mitigating a critical vulnerability in Windows Server 2025's Active Directory. This vulnerability, dubbed "BadSuccessor," was identified by...

In a significant development for Windows Server 2025 security, Semperis has introduced advanced detection capabilities within its Directory Services Protector platform to counteract the "BadSuccessor" privilege escalation technique. This initiative, in collaboration with Akamai, addresses...

In the dynamic and continually evolving world of enterprise cybersecurity, the introduction of new technologies that promise both innovation and efficiency often brings with it fresh vectors for attack. The latest development in Windows Server 2025—specifically the new feature known as delegated...

In a significant development for Windows Server 2025 security, Semperis has unveiled enhanced detection capabilities within its Directory Services Protector (DSP) platform. This initiative, in collaboration with Akamai, aims to counteract the "BadSuccessor" privilege escalation technique that...

In a significant move to bolster cybersecurity defenses, Semperis and Akamai have joined forces to address a critical vulnerability in Active Directory (AD) within Windows Server 2025. This collaboration underscores the escalating threats targeting AD environments and the necessity for robust...

In what has quickly become one of the most alarming enterprise security revelations of the year, Cisco’s Identity Services Engine (ISE) has been found critically vulnerable when deployed on major cloud platforms including Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud...

Microsoft’s ongoing mission to unify and fortify identity security across its cloud ecosystem has taken a decisive leap forward with the introduction of new Identity Secure Score recommendations in Microsoft Entra. Announced recently and already generating conversation throughout the Windows and...

Protecting your digital identity has never been more important—or more challenging. With personal data breaches, spam deluges, and rampant ad tracking now part of everyday digital life, even tech-savvy users often find themselves searching for new layers of privacy and control. Over the years...

In the rapidly evolving digital landscape, Microsoft 365 has become a cornerstone for organizational productivity, offering a suite of tools that facilitate communication, collaboration, and data management. However, its widespread adoption has also made it a prime target for cyber threats...

In the ever-changing landscape of cybersecurity, enterprises face an adaptable and relentless adversary: the identity-focused attacker. As organizations increasingly move to the cloud, adopt modern authentication, and enforce multifactor authentication (MFA), the techniques used by...