Browsing Tag
Identity Security
4 posts
Identity and access management security, authentication, authorization, credentials, and enterprise identity risk.
SimpleHelp Exploit Turns Remote Support Into a Credential Theft Pipeline
Attackers are exploiting CVE-2026-48558 in SimpleHelp to turn remote support access into a malware delivery path. Teams should patch, hunt for forged technician sessions, and rotate credentials exposed on managed endpoints.
Klue Breach Shows How SaaS OAuth Tokens Became a Salesforce Risk
Klue’s June security incident let attackers use a legacy integration credential to obtain OAuth tokens and pull Salesforce CRM data from connected customer environments. The breach is a practical warning for teams that treat SaaS integrations as trusted background plumbing instead of monitored, scoped access paths.
Cisco ISE Flaws Put Network Access Control on a Patch Clock
Cisco patched two Identity Services Engine flaws that can expose hashed credentials and let an authenticated attacker run commands on the underlying operating system. The urgency is highest for teams running ISE 3.4, ISE 3.5, or ISE-PIC, especially because one Cisco ISE 3.5 fix is not due in the normal patch stream until August.
NewCore’s $66M Launch Puts AI Agents Inside the Identity Stack
NewCore emerged from stealth with $66 million and an identity-security platform built for AI agents. The launch shows why enterprises need agent identities, revocation paths, and access controls before autonomous tools touch production systems.