Identity Security | Breaking Cybersecurity News | The Hacker News

For years, our industry has treated "blocking" as the gold standard. If the email didn't land, if the malware didn't execute, if the alert fired in the SIEM, we called it a win. That mindset made sense in a world where most attacks came through a handful of familiar doors. But AI has changed the game. We're not dealing with hobbyists sending out clumsy phishing attacks anymore. Modern adversaries are running multi‑channel, AI‑assisted businesses at machine speed. And if all you're doing is blocking at the edge, you're not really defending. You're just delaying. Generative AI has made it trivial to spin up highly personalized, multi‑step social engineering campaigns that operate simultaneously across email, collaboration apps, mobile, social media, and paid media. The result is a social engineering attack chain : a sequence of stages designed to manufacture trust, erode judgment, and bypass brittle controls. You don't beat that by tuning another filter. You have to disrupt the at...

Modern attacks are not primarily defeating infrastructure. They are inheriting trust. Identity Did Not Become Important. It Became Infrastructure. Security teams still talk about identity as though it is one security discipline among many, sitting beside endpoint protection, cloud security, network defense, and vulnerability management. That framing no longer reflects how modern enterprises actually operate. Modern business environments run on identity, delegated trust, cloud roles, automation pipelines, APIs, machine permissions, and continuously exchanged credentials. Users authenticate into SaaS platforms that the organization does not own. Workloads assume permissions that nobody provisions manually. Services trust other services built across years of acquisitions, migrations, technical debt, and operational compromise. The enterprise is no longer running on infrastructure alone. It is running on identity. Attackers recognized this shift before many defenders did. That i...

The disclosure of CVE-2026-25177, a high-severity privilege escalation flaw in Microsoft Active Directory Domain Services, is a timely reminder that identity infrastructure remains one of the most consequential attack surfaces in the modern enterprise. Rated HIGH with a CVSS score of 8.8, this vulnerability allows an authenticated domain user to escalate privileges and move laterally across the network without elevated starting permissions or any user interaction. The mechanics are instructive. If a compromised account holds native Active Directory (AD) permission to modify Service Principal Names (SPNs), an attacker can create a duplicate SPN for a targeted service. When clients request Kerberos authentication, the domain controller may issue a ticket encrypted with the wrong key, causing a denial of service or forcing a fallback to the weaker NTLM protocol. No access to the targeted server is required beyond that initial SPN-write permission. In an environment where Active Directo...

For most managed service providers (MSPs), ransomware recovery is not a problem that affects one client at a time. It is a multitenant, high-pressure scenario where recovery failures impact multiple clients at once. Testing ransomware recovery is not just a technical exercise but a business-critical requirement. The green check of a successful backup job does not guarantee successful ransomware recovery. Attackers today do more than encrypt files. They compromise identity systems, alter configurations, and create persistence mechanisms that survive system restoration. So, a "clean" backup can still reintroduce dormant malware or broken dependencies into your environment. Recovery success depends on whether systems are usable, trusted and operational after restore, not whether data simply exists. Modern ransomware protection and recovery strategies require correlation between security events and backup data. Without that, MSPs are forced into guesswork across multiple cl...

Identity sprawl, agentic AI risk, and the path to NHI governance maturity When security leaders talk about identity risk, the conversation almost always centers on humans: Privileged users, compromised accounts, insider threats. But for most enterprises, the greater risk has already shifted. And it has nothing to do with your employees. Non-human identities (NHIs) — service accounts, API keys, OAuth tokens, SSH keys, RPA bots, cloud workload credentials and AI agents — are the fastest-growing, least-governed attack surface in the modern enterprise. And the industry is beginning to reckon with what that means. $4.88M Global average cost of a data breach — IBM Cost of a Data Breach 2024 The scope of the problem The numbers are striking. Research from Rubrik Zero Labs puts the NHI-to-human identity ratio at 45:1 in the modern enterprise. For cloud-native and DevOps environments, Entro Labs H1 2025 research puts that figure at 144:1.  These identities are not passive: They au...

As identity-based attacks continue to rise, the most damaging breaches increasingly begin with valid credentials rather than vulnerability exploits. That's why identity resilience will define the maturity of your cybersecurity in 2026.  A unified identity defense layer, combining privileged access management (PAM) with identity threat detection and response (ITDR), is emerging as the foundation of that resilience. This article explores why integrating these capabilities into your security strategy is no longer optional and how, together, they form the backbone of modern organizational security. The shift to identity-centric security Traditional PAM solutions that allow you to safely authenticate users are no longer enough to protect your business against modern threats. Instead of breaking through technical barriers, threat actors are now using compromised credentials to sign in as legitimate users. According to IBM's X-Force 2025 Threat Intelligence Index, identity-driven intr...

In most security operations centers, CVSS quietly dictates remediation priorities. Dashboards are sorted by severity. "Critical" vulnerabilities float to the top. Quarterly summaries celebrate how many 9.0+ findings were closed. On paper, it looks rational. In practice, it's often wrong. CVSS was designed to standardize how vulnerabilities are scored. Its origins and main purpose have been to measure technical severity, including exploit complexity, required privileges, impact on confidentiality, integrity, and availability. It provides a shared language. But where it has perpetually struggled is measuring context within, like whether the asset is internet-facing, how critical it is to the business, and whether attackers are actively exploiting the vulnerability. And context is where real risk lives. How Abstract Scores Turn Vulnerability Management Into "Severity Theater" A vulnerability scored 9.8 in a non-production environment with no external access may demand immediate atten...

The world of identity security is in constant motion. What was once a straightforward matter of usernames and passwords has evolved into a complex ecosystem of biometrics, hardware tokens, and zero-trust architectures. As we look toward 2026, the pace of change is only accelerating. The lines between our digital and physical identities are blurring, and the threat landscape is becoming more sophisticated. Chief Information Security Officers spend their days on the front lines of this evolution. Staying ahead isn't just about reacting to threats; it's about anticipating them to reduce risk. Based on the trends I'm seeing today, here are 9 identity security predictions for where we'll be in 2026. 1. AI will become the primary identity governance tool. Manual access reviews and role-based access control (RBAC) models are already showing their age. By 2026, AI-driven identity governance and administration (IGA) will be standard. These systems will continuously analyze u...

AI-powered browsers are changing how we use the web, but they're also creating some serious new security risks. Tools like Perplexity's Comet and Opera's Neon can summarize pages and automate tasks for you. The problem is that researchers have found these agentic copilots can be hijacked by malicious prompts hidden in ordinary webpages, essentially turning your browser against you. In August 2025, Brave's security team disclosed an indirect prompt injection against Perplexity's Comet using hidden instructions in a Reddit spoiler tag, leading Comet to extract an email address and a one-time passcode. No memory corruption, no code execution exploit. The browser simply followed instructions it couldn't distinguish from legitimate user intent. In this post, we'll look at how these attacks work, why they slip past traditional defenses, and what security teams can do to keep data safe from compromised AI agents. AI Browsers: Powerful, But a New Target AI-ena...