Threat Intelligence

Identity Security News

Live advisories from NCSC, CISA KEV, Microsoft, Krebs, and BleepingComputer — filtered for identity relevance.

NCSC issues warning over hacktivist groups disrupting UK organisations and online services 19 Jan 2026
Russian‑aligned hacktivist groups continue to target UK organisations with disruptive cyber attacks
Pro-Russia hacktivist activity continues to target UK organisations 19 Jan 2026
The NCSC encourages local government and critical infrastructure operators to harden their ‘denial of service’ (DoS) defences
Mistaking AI vulnerability could lead to large-scale breaches, NCSC warns 10 Dec 2025
NCSC raises alert on “dangerous” misunderstanding of emergent class of vulnerability in generative artificial intelligence (AI) applications.
Almost 1 billion attempts to access malicious sites blocked by new government cyber tool 3 Dec 2025
Online criminals foiled by National Cyber Security Centre’s Share and Defend service in partnership with industry.
Bargain hunters urged to stay alert to cyber scams ahead of holiday shopping season 17 Nov 2025
The latest Stop! Think Fraud campaign provides practical advice to help individuals stay secure online

Content sourced from National Cyber Security Centre. IdentityFirst is not affiliated with this source.

CVE-2008-0015 — Windows 17 Feb 2026
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. Wh
CVE-2026-2441 — Chromium 17 Feb 2026
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability co
CVE-2024-43468 — Configuration Manager 12 Feb 2026
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the t
CVE-2025-40536 — Web Help Desk 12 Feb 2026
SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
CVE-2026-21513 — Windows 10 Feb 2026
Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21525 — Windows 10 Feb 2026
Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

Content sourced from CISA Known Exploited Vulnerabilities Catalog. IdentityFirst is not affiliated with this source.

New e-book: Establishing a proactive defense with Microsoft Security Exposure Management 19 Feb 2026
Read the new maturity-based guide that helps organizations move from fragmented, reactive security practices to a unified exposure management approach that enables proactive defens…
Running OpenClaw safely: identity, isolation, and runtime risk 19 Feb 2026
Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, where skills and external instructions converge in the sa…
Unify now or pay later: New research exposes the operational cost of a fragmented SOC 17 Feb 2026
New research from Microsoft and Omdia reveals how fragmented tools, manual workflows, and alert overload are pushing SOCs to a breaking point. The post Unify now or pay later: New …
Top 10 actions to build agents securely with Microsoft Copilot Studio 12 Feb 2026
Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls ca…

Content sourced from Microsoft Security Blog. IdentityFirst is not affiliated with this source.

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA 20 Feb 2026
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security…
Kimwolf Botnet Swamps Anonymity Network I2P 11 Feb 2026
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communica…
Patch Tuesday, February 2026 Edition 10 Feb 2026
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabili…
Please Don’t Feed the Scattered Lapsus ShinyHunters 2 Feb 2026
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threaten…

Content sourced from Krebs on Security. IdentityFirst is not affiliated with this source.

Android mental health apps with 14.7M installs filled with security flaws 23 Feb 2026
Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information. [...]
Spain arrests suspected hacktivists for DDoSing govt sites 23 Feb 2026
Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and vario…
Microsoft says bug in classic Outlook hides the mouse pointer 23 Feb 2026
Microsoft is investigating a known issue that causes the mouse pointer to disappear in the classic Outlook desktop email client for some users. [...]
Ad tech firm Optimizely confirms data breach after vishing attack 23 Feb 2026
New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing a…

Content sourced from BleepingComputer. IdentityFirst is not affiliated with this source.

CarGurus (12,461,887 accounts) 22 Feb 2026
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was pu
CarMax (431,371 accounts) 20 Feb 2026
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses
Figure (967,178 accounts) 18 Feb 2026
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email
Canada Goose (581,877 accounts) 17 Feb 2026
In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresse
University of Pennsylvania (623,750 accounts) 16 Feb 2026
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers

Content sourced from Have I Been Pwned. IdentityFirst is not affiliated with this source.

Turn Alerts Into Action

IdentityMRI™ surfaces identity-relevant findings from your own environment — not just the news.

Read-only. No changes made to your environment.