Identity Security News
Live advisories from NCSC, CISA KEV, Microsoft, Krebs, and BleepingComputer — filtered for identity relevance.
Official Advisories
Government and federal vulnerability intelligence.
NCSC Alerts
NCSC- The AI shift in cyber risk: why leaders must act now
-
Alert: NCSC issues advice following global targeting of Fortinet firewalls and VPN gateways
Organisations using Fortinet services are being urged to take action following a campaign affecting firewalls and VPN gateways.
-
NCSC CEO: Hostile states linked to three-quarters of cyber attacks affecting UK's critical systems
Dr Richard Horne highlighted the scale of cyber threats against the UK’s critical infrastructure at RUSI’s Annual Security Lecture.
-
NCSC: Leave passwords in the past - passkeys are the future
Passkeys are the more secure and user-friendly login method and should be the default authentication option for consumers.
-
International cyber agencies share fresh advice to defend against China-linked covert networks
New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.
Content sourced from National Cyber Security Centre. IdentityFirst is not affiliated with this source.
CISA Known Exploited Vulnerabilities
CISA KEV-
CVE-2026-45659 — SharePoint Server
Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.
-
CVE-2026-10520 — Sentry
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code
-
CVE-2026-11645 — Chromium V8
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerabil
-
CVE-2026-28318 — Serv-U
SolarWinds Serv-U contains an uncontrolled resource consumption vulnerability that allows specially crafted POST requests using the Content-Encoding: deflate header to crash the Se
-
CVE-2026-0257 — PAN-OS
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
-
CVE-2008-4250 — Windows
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that trigg
Content sourced from CISA Known Exploited Vulnerabilities Catalog. IdentityFirst is not affiliated with this source.
Security Research & Analysis
Vendor intelligence and investigative reporting.
Microsoft Security
Microsoft-
Securing our future: July 2026 progress report on Microsoft’s Secure Future Initiative
Microsoft’s latest Secure Future Initiative report outlines progress on secure foundations, AI-powered defense, and future-ready cybersecurity. The post Securing our future: July 2…
-
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporat…
-
Protecting Microsoft at AI speed: How SFI proactively hardens our cloud
At Microsoft we encompass these security requirements, along with threat knowledge, and operational frameworks in our Secure Future Initiative (SFI), to guide what a well-defended …
-
5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management
Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. The post 5 i…
Content sourced from Microsoft Security Blog. IdentityFirst is not affiliated with this source.
Krebs on Security
Krebs-
Felons, Fraudsters Flog Offensive Cybersecurity Startup
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convict…
-
FBI Seizes NetNut Proxy Platform, Popa Botnet
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service ope…
-
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for t…
-
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeov…
Content sourced from Krebs on Security. IdentityFirst is not affiliated with this source.
Threat News & Breach Intelligence
Breaking incidents and publicly disclosed breaches.
BleepingComputer
BleepingComputer-
Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time
Anthropic has just extended access to Claude Fable 5 for paid subscribers until July 19, giving you another week to keep using the most powerful model. [...]
-
RedHook Android malware now uses Wireless ADB for shell access
A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a comput…
-
Australia warns of global campaign targeting vulnerable CMS platforms
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins. [...]
-
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot,…
Content sourced from BleepingComputer. IdentityFirst is not affiliated with this source.
Recent Breaches (HIBP)
HIBP-
Glendale Community College (793,925 accounts)
In June 2026, Glendale Community College was the target of a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from Glendale was later published online and inc
-
Moody Bible Institute (2,303,416 accounts)
In June 2026, Moody Bible Institute was targeted by a ShinyHunters "pay or leak" extortion campaign. Over 2.3M unique email addresses and other personal data were later published p
-
Sysco (2,691,852 accounts)
In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addr
-
American Tower (216,601 accounts)
In June 2026, telecommunications tower infrastructure company American Tower was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published dat
-
Madison Square Garden Sports (9,796,738 accounts)
In June 2026, the sports and entertainment company Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign. The group later published the all
Content sourced from Have I Been Pwned. IdentityFirst is not affiliated with this source.
Turn Alerts Into Action
IdentityFirstMRI™ surfaces identity-relevant findings from your own environment — not just the news.
Read-only. No changes made to your environment.