Threat Intelligence

Identity Security News

Live advisories from NCSC, CISA KEV, Microsoft, Krebs, and BleepingComputer — filtered for identity relevance.

Executive Summary: Defending against China-nexus covert networks of compromised devices 23 Apr 2026
Organisations should map and baseline their edge device traffic, especially VPN and remote access connections, and adopt dynamic threat feed filtering that includes known covert ne…
Defending against China-nexus covert networks of compromised devices 23 Apr 2026
Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it
NCSC: Leave passwords in the past - passkeys are the future 23 Apr 2026
Passkeys are the more secure and user-friendly login method and should be the default authentication option for consumers.
International cyber agencies share fresh advice to defend against China-linked covert networks 23 Apr 2026
New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.
World-first NCSC-engineered device secures vulnerable display links 22 Apr 2026
SilentGlass, a plug-and-play device, actively blocks any unexpected or malicious HDMI and Display Port connections.

Content sourced from National Cyber Security Centre. IdentityFirst is not affiliated with this source.

CVE-2008-4250 — Windows 20 May 2026
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that trigg
CVE-2009-1537 — DirectX 20 May 2026
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitr
CVE-2010-0249 — Internet Explorer 20 May 2026
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted ob
CVE-2010-0806 — Internet Explorer 20 May 2026
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer
CVE-2026-41091 — Defender 20 May 2026
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
CVE-2026-45498 — Defender 20 May 2026
Microsoft Defender contains an unspecified vulnerability that allows for denial of service.

Content sourced from CISA Known Exploited Vulnerabilities Catalog. IdentityFirst is not affiliated with this source.

From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities 26 May 2026
Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. The post Fr…
Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms 22 May 2026
Microsoft has been recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving the highest scores in both the current offering and stra…
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence 22 May 2026
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Lear…
Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations 22 May 2026
How Frontier firms secure AI at scale: read how Microsoft customers embed governance, identity, and cloud security to make protection an enabler of AI growth. The post Microsoft Se…

Content sourced from Microsoft Security Blog. IdentityFirst is not affiliated with this source.

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks 25 May 2026
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influ…
Lawmakers Demand Answers as CISA Tries to Contain Data Leak 22 May 2026
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA …
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada 21 May 2026
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved million…
CISA Admin Leaked AWS GovCloud Keys on Github 18 May 2026
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly…

Content sourced from Krebs on Security. IdentityFirst is not affiliated with this source.

New Gogs zero-day flaw lets hackers get remote code execution 28 May 2026
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]
How SIEM helps MSPs reduce noise and stop threats faster 28 May 2026
MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. …
Romanian gets 5 years in prison for hacking Oregon govt network 28 May 2026
A Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of oth…
Webinar: Why network incidents take too long to resolve 28 May 2026
Many organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation and AI-assisted workf…

Content sourced from BleepingComputer. IdentityFirst is not affiliated with this source.

Kemper (269,299 accounts) 28 May 2026
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers alleged
Mytheresa (84,108 accounts) 27 May 2026
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the grou
Ameriprise (502,597 accounts) 26 May 2026
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than
7-Eleven (185,256 accounts) 24 May 2026
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters, with the data later published that month. The incident exposed 185k unique email addre
Dragonica Lunaris (126,293 accounts) 21 May 2026
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt pa

Content sourced from Have I Been Pwned. IdentityFirst is not affiliated with this source.

Turn Alerts Into Action

IdentityFirstMRI™ surfaces identity-relevant findings from your own environment — not just the news.

Read-only. No changes made to your environment.