Topic: credential management
-
Rethink Zero Trust for Modern Workloads
Static credentials pose a major cloud security risk by creating long-lived vulnerabilities, but a new model replaces them with short-lived, cryptographically verifiable tokens to enhance trust. This approach leverages Workload Identity Federation and OpenID Connect, allowing workloads to authenti...
Read More » -
Your Digital Afterlife: What Happens to Your Online Accounts?
Planning for the management of digital assets after death or incapacity is crucial but often overlooked, facing challenges like technological hurdles, inconsistent laws, and systemic gaps that leave legacies vulnerable. The OpenID Foundation is addressing this through initiatives like the Death a...
Read More » -
Your AI Agents Are Zero Trust's Biggest Blind Spot
The autonomy of AI agents introduces security vulnerabilities in Zero Trust architectures by bypassing continuous verification requirements through inherited or poorly managed credentials. Organizations must adopt the NIST AI Risk Management Framework with a focus on identity governance, ensuring...
Read More » -
1Password's Fix for AI Browser Agent Security Flaws
1Password introduced Secure Agentic Autofill to protect user credentials during AI-driven web tasks by requiring explicit user approval before sharing login details. The feature ensures AI agents never directly access or store passwords by using a secure, encrypted connection and human verificati...
Read More » -
Moltbot Rebrands, But Security Issues Persist
Moltbot is a popular open-source AI assistant that automates tasks but requires extensive access to private user accounts and credentials, raising significant security concerns. The tool faces critical vulnerabilities, including common user misconfigurations and a risky trust-based skills library...
Read More » -
The Looming Threat of Malicious AI Agents
Businesses are rapidly adopting AI agents but lack proper security measures, particularly in identity management, creating risks as these non-human workers operate without adequate tracking of their credentials and actions. The core security challenge is that AI agents require access to sensitive...
Read More » -
State Actor Behind SonicWall Cloud Backup Hack
A state-sponsored threat actor breached SonicWall's cloud backup service using brute-force techniques, accessing all stored backup files through an API call in a sophisticated nation-state level operation. SonicWall confirmed that core products, internal systems, and customer infrastructures were...
Read More » -
Exploit in Default Cursor Setting Runs Malicious Code on Dev Machines
A security flaw in Cursor AI code editor allows attackers to execute malicious code silently due to the Workspace Trust feature being disabled by default. Exploitation can lead to credential theft, file manipulation, and data exfiltration, especially risky given developers' elevated system privil...
Read More » -
Unlock Cyber Safety: Your 2025 Awareness Guide
Cybersecurity Awareness Month highlights the need to move beyond basic security practices as machine identities and AI-driven threats create unmanaged attack surfaces that organizations are unprepared for. Experts advise treating machine identities with the same seriousness as human accounts, emb...
Read More » -
Microsoft Edge Adds Secure Business Password Management
Microsoft Edge has launched a secure password-sharing feature for businesses, allowing encrypted credential distribution to teams via Microsoft Edge for Business, available to Microsoft 365 Business Premium, E3, and E5 subscribers. The feature enables IT admins to push encrypted passwords directl...
Read More »