The Double-Edged Sword of Non-Human Identities

Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows ...
InfoWorld

Azure outage disrupts VMs and identity services for over 10 hours

A misconfiguration in Microsoft-managed storage accounts triggered cascading failures across virtual machine operations, managed identities, and developer workflows.
Security Boulevard

Enabling and Securing Basic Authentication: A Comprehensive Guide

Learn how to enable and secure basic authentication for enterprise systems. Guide covers tls encryption, credential hygiene, and sso migration for ctos.
Agence France-Presse

Veracode Releases Platform Enhancements as Software Supply Chain Attacks Surge

The latest enhancements to our platform empower organizations to stop third-party risk from ever entering their software code, providing them with a prevention-first approach.” Package Firewall, ...

Beyond the Hype: A Practical Guide to Building a Multi-Cloud Strategy

A multi-cloud strategy involves spreading your application workload across multiple cloud providers, rather than relying solely on a single one. It's about keeping your options open. With a ...
CSO Online

GitLab 2FA login protection bypass lets attackers take over accounts

The platform warns users of on-premises versions to upgrade to the latest versions; SaaS and web versions have been patched.
Redmondmag.com

Microsoft to Deprecate SQL Server SSRS, PBIRS and SSAS Management Packs for SCOM

Change signals a shift away from legacy monitoring packs toward modern observability and Azure-based monitoring tools.
The Hacker News

Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System

IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application. The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out ...
CSOonline

Agentic AI already hinting at cybersecurity’s pending identity crisis

An estimated 95% of enterprises have not deployed identity protections for their autonomous agents — not a great start for what some security experts describe as an authentication concern without ...
IEEE

A Decentralized Threshold Credential Management With Fine-Grained Authentication for VANETs

Abstract: In Vehicular Ad-hoc Networks (VANETs), vehicles must authenticate their identities before accessing services. However, existing authentication schemes based on anonymous credentials still ...
Bleeping Computer

New ConsentFix attack hijacks Microsoft accounts via Azure CLI

A new variation of the ClickFix attack dubbed 'ConsentFix' abuses the Azure CLI OAuth app to hijack Microsoft accounts without the need for a password or to bypass multi-factor authentication (MFA) ...
InfoQ

Azure API Management Premium v2 GA: Simplified Private Networking and VNet Injection

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...