Privileged access management

XM Cyber Inc. announced an expansion of its platform with new capabilities designed to help enterprises enforce least-privilege access across Active Directory, Microsoft Entra, and multicloud environments.

Flaw in Entra ID AI agent role enabled privilege escalation and takeover.

The vulnerability, discovered by Silverfort researchers, resided in the Agent ID Administrator role.

The Pack2TheRoot vulnerability resides within the PackageKit daemon, a package management abstraction layer used across multiple Linux distributions.

Security Brief Australia reports that security leaders marking Identity Management Day are sounding an urgent alarm over the explosive growth of non-human and AI-driven identities, warning that enterprises are rapidly scaling autonomous agent deployments while the governance frameworks needed to constrain their privileged access remain dangerously immature.

The BlueHammer vulnerability is a local privilege escalation (LPE) flaw that combines a time-of-check to time-of-use (TOCTOU) vulnerability with path confusion.

As World Cloud Security Day highlights cloud-related risks, executives from Docusign, BeyondTrust, and Saviynt argue that identity, data sovereignty, and basic access controls are now central to cloud security, according to Security Brief Australia.

The engineer, Daniel Rhyne, used administrator credentials to access the company's network and schedule tasks to delete admin accounts and change passwords.