Crestvale Newsroom
Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Passkeys are not being broken. They are being bypassed at enrollment. Attackers are using fake Microsoft Entra setup flows to trick users into binding attacker-controlled credentials, turning a security upgrade into an access grant. For security and IT leaders, this shifts the focus from authentication strength to identity lifecycle control. Enrollment, recovery, and device binding are now high-risk operations. At the same time, a CISA-linked secrets leak shows how basic controls still fail without enforcement, and Progress advising customers to shut down ShareFile controllers highlights the real-world impact of unmanaged infrastructure risk. Add in ransomware using a Microsoft-signed driver to disable defenses, and the pattern is clear: attackers are moving to the trust layers you assume are safe. Also covered: a major credential-driven breach, insider risk in incident response, WordPress plugin compromise, Citrix exploitation markets, and growing regulatory concern around AI-driven cyber risk. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]
169 afleveringen
Reacties
0Wees de eerste die een reactie plaatst
Meld je nu aan en word lid van de Crestvale Newsroom community!