SC Media
20 articles
Key Questions to Ask When Evaluating an Identity and Access Management Vendor
How to Build an AI Governance Framework for Identity
SAML: How It Works, Common Misconfigurations, and Security Implications
Why IAM Matters: Benefits, Challenges, and Common Pitfalls
How to Evaluate and Select Identity and Access Management Tools
Identity-based attacks: how they work and how to defend against them
Non-Human Identities Are Outgrowing Your Governance Model
Zapier security flaws could have exposed millions of user accounts
The flaws, disclosed by Token Security, did not require malware or insider access, only a free Zapier account.
U.S. military personnel targeted using commercial location data
The U.S.
CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog
The vulnerabilities include compromised versions of Daemon Tools Lite (CVE-2026-8398), TanStack npm packages (CVE-2026-45321), and the Nx Console extension (...
GCHQ announces AI-powered cyber shield to protect UK infrastructure
GCHQ director Anne Keast-Butler revealed plans for a new national cyber defense capability that will integrate advanced AI into machine-speed cyber defense s...
Google engineer charged with insider trading using confidential data
Michele Spagnuolo, 36, a Google security engineer since 2014, is accused of leveraging internal access to Google's "Year in Search" data to make profitable t...
New threat actor JINX-0164 targets crypto firms with macOS malware
The campaign, active since mid-2025, uses recruitment-themed social engineering to lure developers into downloading a Python-based infostealer and remote acc...
North Korean hackers Kimsuky target South Korea with new malware variants
Kimsuky, also known as Velvet Chollima, utilized spoofed security software installation pages and fake Webex meeting invitations to deliver malware.
Nearly 20 billion files exposed in misconfigured cloud buckets
The exposed files encompass a wide range, with 685,047 credential and key files, such as .env files and private keys, and nearly 1 million database dumps, in...
FIFA domain registrations surge ahead of 2026 World Cup, signaling fraud risks
CSC analysts identified over 65,590 domains with "FIFA" registered between January 2022 and April 2026, none of which were registered by FIFA itself.
Prison communication service Pay Tel exposed hundreds of thousands of driver's licenses
Cybersecurity firm UpGuard discovered an unprotected Microsoft Azure server managed by Pay Tel containing at least 300,000 driver's license scans and other g...
Orchid Security extends identity control plane for AI agents
The identity security startup introduced three new components: Agentic Enrichment, which maps AI agents to their origins and permissions; Agentic Observabili...
New FROST attack exploits browser features for website and app tracking
The FROST attack leverages the Origin Private File System (OPFS), a browser feature, to measure Solid-State Drive (SSD) access speeds.