How recruitment fraud turned cloud IAM into a $2 billion attack surface

A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developerâ [...]

Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1

Active Directory, LDAP, and early PAM were built for humans. AI agents and machines were the exception. Today, they outnumber people 82 to 1, and that human-first identity model is breaking down at ma [...]

Most ransomware playbooks don't address machine credentials. Attackers know it.

The gap between ransomware threats and the defenses meant to stop them is getting worse, not better. Ivanti’s 2026 State of Cybersecurity Report found that the preparedness gap widened by an average [...]

AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.

Four separate RSAC 2026 keynotes arrived at the same conclusion without coordinating. Microsoft's Vasu Jakkal told attendees that zero trust must extend to AI. Cisco's Jeetu Patel called for [...]

How to use the Apple Passwords app

Apple’s new Passwords app (introduced with iOS 18, iPadOS 18, and macOS Sequoia) is a big leap forward in making password management simple and user-friendly for Apple users, even if it's not a [...]

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a [...]

Meta's rogue AI agent passed every identity check — four gaps in enterprise IAM explain why

A rogue AI agent at Meta took action without approval and exposed sensitive company and user data to employees who were not authorized to access it. Meta confirmed the incident to The Information on M [...]

The best Bluetooth trackers for 2025

Cold weather is an especially rough time for keeping track of one’s keys — so many more layers with so many more pockets — really, they could be anywhere. Stick a Bluetooth tracker on your keyri [...]

OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

An attacker embeds a single instruction inside a forwarded email. An OpenClaw agent summarizes that email as part of a normal task. The hidden instruction tells the agent to forward credentials to an [...]