Topic: access control
-
OpenFGA: The Open Source Authorization Engine
OpenFGA is an open source authorization engine inspired by Google's Zanzibar, enabling fine-grained, relationship-based access control for applications of any scale. It offers flexible integration through multiple storage backends, APIs, and official SDKs, and includes tools like a CLI, playgroun...
Read More » -
Genetec Gains Global Access Control Market Share, Omdia Reports
Genetec Inc. has become the second-largest global provider of access control software, achieving the highest organic market share growth in on-premises solutions and expanding its presence worldwide. The company is one of the fastest-growing vendors in the Access Control as a Service (ACaaS) sect...
Read More » -
OpenID Foundation's Plan to Tame Dangerous AI Agents
The rapid adoption of AI agents introduces significant security vulnerabilities, as they can bypass traditional digital security barriers, necessitating new, open identity and access management standards to prevent unauthorized access to sensitive data and processes. AI agents, enabled by technol...
Read More » -
Automation Won't Save You From Security Fundamentals
Many businesses neglect foundational security practices like consistent patching, strict access control, and diligent vendor oversight, often due to inconsistent efforts and inadequate funding. The human element is the weakest link, with employee training and awareness issues leading to vulnerabi...
Read More » -
Hypervisors: The Hidden Ransomware Risk in Virtualization
Hypervisors are a critical but often overlooked ransomware target, as a single compromise can jeopardize hundreds of virtual machines, with traditional security tools lacking visibility into this layer. Hypervisor-based ransomware attacks surged dramatically in late 2025, driven by groups like Ak...
Read More » -
AI User-Agent Crawlers: The Complete 2025 List
Controlling AI crawler access is crucial for SEO, balancing visibility in AI-powered tools with preventing server strain from excessive requests. Identifying AI crawlers is challenging due to incomplete user-agent data, requiring verification via IP addresses and server log analysis. Distinguishi...
Read More » -
AccessGrid Secures $4.4M to Transform Phones Into Digital Keys
AccessGrid raised $4.4 million in seed funding led by Harlem Capital to replace physical keys with smartphone-based digital credentials, aiming to modernize the access control industry. Founded by Auston Bunsen, the company provides APIs for uncloneable digital keys in Apple and Google Wallets, o...
Read More » -
Top 10 Data Security Companies to Watch in 2026
Atakama provides a browser security platform for managed service providers, enabling data policy enforcement and threat monitoring through browser extensions and dashboards. AvePoint offers a Data Security Posture Management solution that identifies, classifies, and protects sensitive cloud data ...
Read More » -
Keycard Launches Identity and Access Solution for AI Agents
Keycard has launched an identity and access platform specifically for AI agents, enabling organizations to manage and secure them with the same control as human users by assigning permissions and enforcing security policies. The platform addresses the limitations of traditional identity solutions...
Read More » -
Astrix AI Agents: Secure Compliance Risk Management for Enterprises
Astrix Security has launched the AI Agent Control Plane (ACP) to help enterprises safely deploy and manage AI agents by providing short-lived, scoped credentials and just-in-time access based on least privilege principles. The platform addresses rising agent-related threats, with studies showing ...
Read More » -
Conjur: Open-Source Secrets Management for Secure Apps
Conjur is an open-source secrets management solution that provides a centralized, policy-driven system to securely control access to credentials like passwords and API keys, eliminating the risks of hardcoding them in code or config files. It operates on a core philosophy of identity and policy, ...
Read More » -
Boost SaaS Security with NIST CSF & Agentic AI
The rapid adoption of SaaS and AI often outpaces security, creating risks; the NIST Cybersecurity Framework provides a structured blueprint to balance innovation with robust protection. Effective security requires strong governance and collaboration between InfoSec and SaaS teams, alongside criti...
Read More » -
Genetec Adds Audio to Security Centre SaaS
Genetec Inc. has integrated cloud-native audio communications into its Security Centre SaaS platform, enhancing real-time voice capabilities alongside existing video surveillance, access control, and intrusion monitoring in a unified system. This integration allows security teams to verify identi...
Read More » -
Agentic AI: A CISO's Identity Crisis and Accountability
Agentic AI introduces a new, complex identity class that shatters traditional security assumptions, combining autonomous, decentralized operation with human-like intent and machine-scale persistence. These AI agents create severe security risks by multiplying existing identity vulnerabilities, su...
Read More » -
Triofox Hack: Critical File-Sharing Flaw Exploited
A critical security vulnerability (CVE-2025-12480) in Gladinet's Triofox platform allows attackers to execute malicious code by exploiting improper access control and manipulating the antivirus feature, affecting versions prior to 16.7.10368.56560. The exploitation campaign, tracked as UNC6485, b...
Read More » -
Your AI Agents Are Zero Trust's Biggest Blind Spot
The autonomy of AI agents introduces security vulnerabilities in Zero Trust architectures by bypassing continuous verification requirements through inherited or poorly managed credentials. Organizations must adopt the NIST AI Risk Management Framework with a focus on identity governance, ensuring...
Read More » -
Secure Your Shipyard: Modern OT Security for Major Projects
The fluid, project-based nature of shipbuilding, with its rotating contractors and temporary systems, creates a constantly shifting threat surface that defies traditional static perimeter security models. Securing legacy operational technology (OT) that cannot be patched requires a focus on passi...
Read More » -
Zero Trust for AI: Extending "Never Trust, Always Verify"
Businesses are rapidly adopting AI assistants to boost productivity, but this introduces new security vulnerabilities that traditional models cannot handle, requiring the extension of Zero Trust principles to these autonomous agents. AI agents operate with dynamic, evolving access needs and often...
Read More » -
AI Adoption Fuels Surge in Critical Security Flaws
A significant surge in hardware, API, and network vulnerabilities is creating unprecedented risks, driven by IoT proliferation and resulting in an 88% increase in hardware flaws and a doubling of network vulnerabilities. The rapid integration of AI into software development is expanding the attac...
Read More » -
Uncover Hidden DevOps Data Risks and How to Fix Them
DevOps practices accelerate innovation but introduce significant data vulnerabilities, with Git platforms often holding mission-critical information that faces risks of exposure, loss, or corruption. The Shared Responsibility Model in cloud services places security duties on customers to enforce ...
Read More » -
Boost Gateway Security: Go Beyond Basic Setup
Optimizing gateway security is crucial for protecting digital assets and improving operational efficiency by enabling robust threat mitigation and streamlined workflows. Network segmentation and access control policies are essential for isolating network zones and enforcing granular access based ...
Read More » -
Control Agentic AI with Intent-Based Permissions
Identity and access management must evolve from action-based permissions to intent-based permissions to handle autonomous AI agents, which require understanding the purpose behind actions, not just the actions themselves. Action-based permissions are limited for AI because they only control what ...
Read More » -
Microsoft Entra ID Flaw: The Critical Security Risk You Can't Ignore
Security researcher Dirk-jan Mollema discovered two critical vulnerabilities in Microsoft Entra ID that could allow attackers to gain global administrator privileges across nearly all customer tenants. The flaws, involving legacy components like the Access Control Service and Azure Active Directo...
Read More » -
Automate Identity Governance with Veza Access AuthZ
Veza's Access AuthZ automates identity governance by streamlining access granting and revocation across enterprise systems, targeting the "last mile" of identity management with scalability and compatibility for legacy and custom platforms. The solution addresses inefficiencies in IGA deployments...
Read More » -
40 Open-Source Security Tools & The Rise of Invisible IT
The cybersecurity landscape is being reshaped by open-source tools and AI-driven threats, with open-source security applications offering critical capabilities without licensing fees and AI integration altering both defense and attack strategies. AI agents and large language models (LLMs) introdu...
Read More » -
FinWise Breach: Why Encryption Is Your Final Defense
The 2024 FinWise data breach was caused by a former employee who exploited retained login credentials, accessing sensitive data for 689,000 customers undetected for over a year. The breach exposed inadequate security measures, including possible encryption failures and lack of monitoring for irre...
Read More » -
Enhance Security with Netskope UZTNA's Dynamic Policy Controls
Netskope's Universal ZTNA platform now integrates Private Access and Device Intelligence, offering deeper threat inspection and enabling businesses to replace outdated technologies like VPNs and NACs. The solution extends protection to IoT and OT devices with built-in device intelligence and embe...
Read More » -
Streaming Security in the LLM Era: Expert Best Practices
The security landscape for streaming media has been fundamentally reshaped by the widespread availability of AI tools, enabling attackers to launch sophisticated, low-cost assaults that threaten revenue and brand integrity, necessitating a proactive, integrated defense strategy. Critical vulnerab...
Read More » -
Secure Your Microsoft Exchange Servers: CISA & NSA Guidance
A joint advisory from cybersecurity agencies recommends a proactive, multi-layered security strategy for Microsoft Exchange servers, including decommissioning outdated on-premises systems after migrating to Microsoft 365 to prevent critical vulnerabilities. Key security measures include hardening...
Read More » -
FinWise Bank Reports Insider Data Breach
FinWise Bank experienced a data breach by a former employee, which occurred on May 31, 2024, and went undetected for over a year until June 18, 2025, affecting around 689,000 customers. The breach exposed sensitive data, including full names, from both FinWise and its partner American First Finan...
Read More » -
Smart Cybersecurity on a Tight Budget
Effective cybersecurity on a limited budget requires a strategic shift to maximize existing resources, focusing on specific risks and embedding security into workflows without hindering innovation, especially in open research environments. Success involves enabling safe collaboration through "gua...
Read More » -
Unseen Security Threat: The Danger of Shadow Spreadsheets
Shadow spreadsheets, created by employees to work around software limitations, create significant security risks by exposing sensitive data outside managed IT controls through overshared links. This practice leads to dangerous oversharing and data sprawl, destroying data integrity and creating an...
Read More » -
Manage AI Agents Like Employees with Microsoft Agent 365
Microsoft has launched Agent 365, a platform enabling businesses to manage AI agents with the same oversight and control as human employees, marking a shift toward autonomous AI systems. The platform provides a secure framework for deploying AI agents, featuring real-time dashboards and integrati...
Read More » -
AI Agents on Your Team: The Unseen Security Risks
AI agents are evolving into autonomous systems that perform complex tasks like incident resolution and system management, introducing significant security challenges alongside efficiency gains. These autonomous agents differ from traditional tools by reasoning, adapting strategies, and accessing ...
Read More » -
Unpatched Fortra GoAnywhere Flaw Risks Full System Takeover
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT platform allows full system takeover via a deserialization flaw in the License servlet, requiring immediate patching. Exploitation necessitates access to the admin console, echoing a 2023 incident where exposed consoles led to w...
Read More » -
Survive a Ransomware Attack on Active Directory: An Executive Guide
Active Directory is critical for enterprise identity management, and rushing recovery after a ransomware attack can worsen damage by reintroducing malware or compromised settings. Attackers typically use legitimate credentials to infiltrate, then escalate privileges by exploiting weaknesses like ...
Read More » -
State Actor Behind SonicWall Cloud Backup Hack
A state-sponsored threat actor breached SonicWall's cloud backup service using brute-force techniques, accessing all stored backup files through an API call in a sophisticated nation-state level operation. SonicWall confirmed that core products, internal systems, and customer infrastructures were...
Read More » -
3 Must-Haves to Survive a Cyberattack
Swift and effective response to a cyberattack depends on having clarity, control, and a reliable lifeline already in place. Clarity involves real-time detection and understanding of the incident's scope, enabling informed decisions to isolate and manage threats. Control means the ability to conta...
Read More » -
Securing Global Supply Chains: A Cybersecurity Guide
The security focus for global supply chains has shifted from physical to digital, as modern logistics relies on managing vast data flows between partners, making cybersecurity essential for operational resilience. Robust cybersecurity requires encrypting data, managing third-party risks, and adop...
Read More » -
OpenClaw: The Latest on the Trending AI Agent
OpenClaw is a new open-source AI agent that automates complex desktop tasks by taking instructions through messaging apps like WhatsApp and Telegram. Security experts warn the tool poses significant risks, as configuration errors have exposed sensitive user data like private messages and API keys...
Read More » -
Louvre Launches €57 Million Security Upgrade Tender
The Louvre is launching a €57 million security overhaul after an €88 million crown jewels theft in October, which was described as a brutal and shocking event. The comprehensive plan includes a new digital safety management system, a centralized monitoring platform, and upgraded surveillance and ...
Read More » Safeguard Australian Data Centres from 2026 Cyber Threats
Australia's data centre sector is projected to grow substantially, with up to 175 new facilities needed by 2030 to meet rising demand from cloud services and AI. Data centres are critical infrastructure requiring robust physical and cybersecurity measures to prevent costly downtime and breaches f...
Read More »-
Discord data breach exposes user support tickets to hackers
A security breach at Discord exposed sensitive user data after hackers infiltrated a third-party customer support provider, impacting users who had submitted support tickets. The attackers obtained personal details like names, email addresses, message content, and even official ID images, demandi...
Read More » -
Okta's Identity Security Fabric: Securing the AI-Driven Enterprise
Securing AI systems is a critical enterprise priority, with Okta introducing an identity security fabric to manage non-human identities and combat AI-driven fraud through tamper-proof credentials. A significant security gap exists as rapid AI adoption has outpaced governance, leaving organization...
Read More » -
Unlock IT & OT Observability with Open-Source Zabbix
Zabbix is an open-source monitoring platform that provides unified visibility across IT and OT environments, enabling early detection of security incidents through performance anomalies. The platform offers flexible data collection, scalable architecture, and extensive alert customization with au...
Read More » -
North Korea's IT Workers Expand Targets Beyond Tech and Crypto
North Korea's covert IT worker program has expanded beyond targeting American tech and cryptocurrency firms to now include a wide range of global industries such as finance, healthcare, and public administration, posing a significant international security threat. Over 130 DPRK-linked operatives ...
Read More » -
October 2025 Threat Report: Barracuda SOC Insights
Akira ransomware is exploiting unpatched SonicWall VPN vulnerabilities (CVE-2024-40766), bypassing multi-factor authentication through stolen credentials and encrypting data rapidly. Attackers are increasingly using Python scripts to automate and disguise malicious activities, such as deploying p...
Read More » -
Solar Power Boom Sparks Cybersecurity Threat
The rapid expansion of solar energy infrastructure introduces significant cybersecurity vulnerabilities, with inverters, monitoring platforms, and grid-connected devices becoming critical targets for malicious actors aiming to disrupt power supply and undermine renewable energy confidence. Real-w...
Read More » -
35 Must-Have Open-Source Security Tools for Red Teams & SOCs
The article highlights 35 essential open-source security tools for various domains like cloud security, threat hunting, and vulnerability management, aiding red teams and SOC analysts. Key tools include Autorize for authorization testing, BadDNS for DNS security, and Beelzebub for...
Read More » -
NSA's Zero Trust Adoption: First Steps Unveiled
The NSA has released new Zero Trust Implementation Guidelines, starting with a Primer and Discovery Phase, to provide a structured, phased approach for organizations adopting zero trust security. A core focus of the initial Discovery Phase is gaining comprehensive visibility into an organization'...
Read More »