Identity

Mastering Identity Security: Your Resource for IAM, Governance, Access, and More.

The case for biometric assured identity

Kevin Surace April 17, 2026

Here’s why biometrics represents the best path to solving identity-based attacks.

Today's Top Identity Headlines

Identity News

(Credit: Araki Illustrations – stock.adobe.com)

Identity

New Mini Shai-Hulud attack targets npm ecosystem

Steve ZurierMay 20, 2026

Mini Shai-Hulud campaign hits 323 npm packages, GitHub Actions and VS Code tools.

Identity

House calls on Instructure to brief Congress on Canvas hack

Steve ZurierMay 13, 2026

ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.

Identity

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

Steve ZurierMay 12, 2026

Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.

Identity

2026 Identity Security: Governing AI agents, NHIs and MCP access

SailPoint GitHub repo hit by third-party cyberattack

Steve ZurierMay 11, 2026

SailPoint says GitHub repo breach exposed no customer data or production systems.

Identity

Most security pros say managing identity has become a major challenge

Steve ZurierMay 6, 2026

Nearly 9 in 10 security leaders struggle with identity sprawl as AI and NHIs expose governance gaps.

Identity

CloudZ RAT plugin targets Windows Phone Link for possible OTP theft

Laura FrenchMay 6, 2026

The Pheno plugin monitors active Phone Link connections to eavesdrop on texts and notifications.

Identity

Horizons of Identity report highlights challenges, opportunities for modern identity programs

Wendy WuOctober 15, 2025

Identity evolves from security control to business enabler, driving automation and agility.

Identity

Microsoft patches Entra ID bug that let AI agents escalate privileges

Steve ZurierApril 28, 2026

Flaw in Entra ID AI agent role enabled privilege escalation and takeover.

Application security

‘AiFrame’ browser attacks continue with fake authenticator, converter extensions

Laura FrenchApril 24, 2026

The malicious extensions inject iframes to display phishing content and extract other data.

Get weekly updates

The most current cybersecurity news involving identity & access.

Identity

The case for biometric assured identity

Today's Top Identity Headlines

1Password and OpenAI collaborate on secure credential access for AI coding agents

Microsoft to phase out SMS authentication for account recovery

Stolen UK data, including bank cards and IDs, is cheap on the dark web, NordVPN reports

Trump administration’s voter data collection efforts face legal challenges

Identity: Explained and Explored

7 identity security best practices for the Agentic AI era

How identity became the new security battleground

The AiTM problem nobody’s architecture actually solves

How Agentic AI made org charts obsolete

Securing every door: Scalable strategies to manage machine and AI agent risks

Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control

Identity security: In the critical path for agent deployment

Blind spots at scale: The hidden risks of identity visibility gaps and shadow AI

Capability-centric governance redefines access control for legacy systems

Back to the beginning: A new model for secure SaaS access

Identity News

New Mini Shai-Hulud attack targets npm ecosystem

House calls on Instructure to brief Congress on Canvas hack

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

2026 Identity Security: Governing AI agents, NHIs and MCP access

SailPoint GitHub repo hit by third-party cyberattack

Most security pros say managing identity has become a major challenge

CloudZ RAT plugin targets Windows Phone Link for possible OTP theft

Horizons of Identity report highlights challenges, opportunities for modern identity programs

Microsoft patches Entra ID bug that let AI agents escalate privileges

‘AiFrame’ browser attacks continue with fake authenticator, converter extensions

Get weekly updates

Identity Events

IAM for MSSPs: Real-World Deployments

Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control

The industrialization of identity compromise

Rethinking identity security for a borderless attack surface

Beyond MFA: Securing the human element with identity threat detection

Identity and access

Identity

The case for biometric assured identity

Today's Top Identity Headlines

1Password and OpenAI collaborate on secure credential access for AI coding agents

Microsoft to phase out SMS authentication for account recovery

Stolen UK data, including bank cards and IDs, is cheap on the dark web, NordVPN reports

Trump administration’s voter data collection efforts face legal challenges

Identity: Explained and Explored

Identity News

New Mini Shai-Hulud attack targets npm ecosystem

House calls on Instructure to brief Congress on Canvas hack

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

2026 Identity Security: Governing AI agents, NHIs and MCP access

SailPoint GitHub repo hit by third-party cyberattack

Most security pros say managing identity has become a major challenge

CloudZ RAT plugin targets Windows Phone Link for possible OTP theft

Horizons of Identity report highlights challenges, opportunities for modern identity programs

Microsoft patches Entra ID bug that let AI agents escalate privileges

‘AiFrame’ browser attacks continue with fake authenticator, converter extensions

Get weekly updates

Identity Events

IAM for MSSPs: Real-World Deployments

Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control

The industrialization of identity compromise

Rethinking identity security for a borderless attack surface

Beyond MFA: Securing the human element with identity threat detection