identity

Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

• identity
• phishing
• ransomware

Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

Laura French April 3, 2026

The campaign leverages a newly-discovered phishing kit called VENOM.

Read More Read more about Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA

Global Microsoft device code phishing facilitated by novel EvilTokens kit

• identity
• phishing
• threat-intelligence

Global Microsoft device code phishing facilitated by novel EvilTokens kit

SC Staff April 2, 2026

BleepingComputer reports that organizations around the world, particularly in the U.S., Canada, France, Australia, India, Switzerland, and...

Read More Read more about Global Microsoft device code phishing facilitated by novel EvilTokens kit

Beyond the vault: Rethinking privileged access security

• identity
• privileged-access-management
• rsac
• security-architecture

Beyond the vault: Rethinking privileged access security

Paul Wagenseil April 2, 2026

It's time to leave the credential vault and move on from privileged access management.

Read More Read more about Beyond the vault: Rethinking privileged access security

Apple expands updates to iOS 18 devices affected by DarkSword exploit

• identity
• malware
• patchconfiguration-management
• vulnerability-management

Apple expands updates to iOS 18 devices affected by DarkSword exploit

Steve Zurier April 2, 2026

Experts say Apple’s move shows it understood that older iOS and iPadOS devices were vulnerable and being...

Read More Read more about Apple expands updates to iOS 18 devices affected by DarkSword exploit

Thousands of API credentials exposed on public websites

• api-security
• data-security
• identity

Thousands of API credentials exposed on public websites

SC Staff April 2, 2026

The study, detailed in a preprint paper by Standford University, University of California, Davis, and TU Delft...

Read More Read more about Thousands of API credentials exposed on public websites

Rethinking identity security for a borderless attack surface

• aiml
• identity

Rethinking identity security for a borderless attack surface

Paul Wagenseil April 2, 2026

Identity is the heart of modern security. Here's how to reshape your identity environment accordingly.

Read More Read more about Rethinking identity security for a borderless attack surface

Cyberattacks powered by stolen credentials on the rise

• identity
• ransomware

Cyberattacks powered by stolen credentials on the rise

SC Staff April 1, 2026

Cybersecurity incidents are increasingly centered on identity abuse, where stolen login credentials serve as the primary entry...

Read More Read more about Cyberattacks powered by stolen credentials on the rise

Bogus LinkedIn message alerts enable credential siphoning

• identity
• phishing

Bogus LinkedIn message alerts enable credential siphoning

SC Staff April 1, 2026

Malicious actors have been distributing fraudulent LinkedIn alert messages for potential job opportunities to facilitate credential exfiltration...

Read More Read more about Bogus LinkedIn message alerts enable credential siphoning

Widespread Microsoft 365 account compromise sought by Iran-linked hackers

• identity
• threat-intelligence

Widespread Microsoft 365 account compromise sought by Iran-linked hackers

SC Staff April 1, 2026

Widespread Microsoft 365 account compromise sought by Iran-linked hackers More than 300 organizations in Israel, over 25...

Read More Read more about Widespread Microsoft 365 account compromise sought by Iran-linked hackers

Axios npm supply chain attack: Malicious updates add remote access trojan

• application-security
• devsecops
• identity
• malware
• supply-chain
• threat-intelligence

Axios npm supply chain attack: Malicious updates add remote access trojan

Laura French March 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

Read More Read more about Axios npm supply chain attack: Malicious updates add remote access trojan