Crestvale Newsroom

ServiceNow bug exposed customer instance data online

6 min · 11. kesä 2026
jakson ServiceNow bug exposed customer instance data online kansikuva

Kuvaus

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A ServiceNow vulnerability exposed how quickly SaaS platforms can become part of your attack surface, while new federal guidance is shrinking vulnerability response windows to just three days. This episode breaks down what the ServiceNow incident means in practice, why CISA's seventy two hour remediation expectation is a major shift, and how AI agents are quietly expanding identity risk inside most organizations. The common thread is speed and visibility. Teams are being forced to make faster decisions with less margin for error, while managing identities and data they often cannot fully see. We also cover Cyera's major funding round and what it signals about data security becoming the control layer for AI, along with key updates from Microsoft, Fortinet, and others. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Kommentit

0

Ole ensimmäinen kommentoija

Rekisteröidy nyt ja liity Crestvale Newsroom-yhteisöön!

Aloita maksutta

14 vrk ilmainen kokeilu

Kokeilun jälkeen 7,99 € / kuukausi. · Peru milloin tahansa.

  • Podimon podcastit
  • 20 kuunteluaikaa / kuukausi
  • Lataa offline-käyttöön

Kaikki jaksot

176 jaksot

jakson DigiCert breach linked to code-signing theft kansikuva

DigiCert breach linked to code-signing theft

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] A breach tied to DigiCert has put code signing certificates in attacker hands, turning a core trust signal into a potential attack vector. At the same time, ransomware is now disrupting real world operations, and vendor risk is showing up in places many teams assume are safe. This episode breaks down why trust in signed software can no longer be assumed, how ransomware is shifting toward direct revenue disruption, and why identity and secrets platforms need deeper scrutiny. The common thread is control. Who has it, how it is verified, and where it quietly fails. We also cover CrowdStrike's move to absorb XM Cyber's technology, a ransomware driven production shutdown at Fairlife, and new concerns around Passwork's origins. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

18. heinä 20265 min
jakson Microsoft: AI agents need first-class identities kansikuva

Microsoft: AI agents need first-class identities

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] AI agents are no longer just assistants. They are becoming active participants inside systems, with the ability to take actions across tools and services. That shift is forcing a rethink of identity, access, and control. For security and IT leaders, this changes the threat model. Agents introduce new forms of privilege escalation, cross-system risk, and audit gaps that traditional identity frameworks were not built to handle. At the same time, regulatory pressure and real-world breaches are reinforcing that weak identity controls remain the easiest path for attackers. This episode also covers the CMMC audit pause and why liability remains, new developments tied to Scattered Spider, and Google's move into AI-driven app execution. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Eilen6 min
jakson CISA: SharePoint exploits active, patching lags kansikuva

CISA: SharePoint exploits active, patching lags

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Active SharePoint exploitation with delayed patches is exposing a growing gap between vulnerability discovery and real world remediation. At the same time, identity is expanding beyond humans, and patching volume is accelerating beyond what most teams can handle. This episode breaks down why these shifts matter now. If attackers are exploiting before fixes arrive, your defenses have to operate in that window. And as machine and agent identities grow, traditional access control models are starting to fail. The result is a security environment that is faster, more complex, and less forgiving of delay. We also cover new funding around identity control planes, a record-breaking patch cycle from Microsoft, and a major milestone in post-quantum cryptography standardization. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

16. heinä 20265 min
jakson PBAC turns authorization into AI agent control kansikuva

PBAC turns authorization into AI agent control

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Authorization is moving from a background function to the control plane for AI systems. As agents take on more actions inside production environments, real time policy enforcement is becoming the difference between safe scale and silent data exposure. For security and IT leaders, this shift forces a rethink of how access is defined and enforced. Identity alone is no longer enough. You need fast, centralized authorization that can evaluate context across humans, services, and AI agents without slowing systems down. We also cover router compromises tied to weak configurations, lessons from CISA's GitHub secrets leak, and why Cribl is betting on detection engineering as the next battleground. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

15. heinä 20265 min
jakson Fake OAuth client IDs hide Entra recon kansikuva

Fake OAuth client IDs hide Entra recon

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Attackers are finding ways to probe identity systems without triggering alerts, and that changes how exposure builds inside modern environments. The latest activity in Microsoft Entra shows how credential validation and user enumeration can happen quietly, without the signals most teams rely on. For security and IT leaders, this shifts the focus from login events to pre-auth activity and missing context in logs. It also reinforces how identity, infrastructure, and internal systems like messaging brokers are tightly connected. When one layer fails, it creates new paths for access and escalation. We also cover a RabbitMQ flaw that exposed OAuth secrets, a forced shutdown of ShareFile on-prem components, and new joint cyber sanctions from the UK and EU targeting operator-level actors. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

14. heinä 20266 min