Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Large engineering organizations all run into the same challenge: as teams grow, clouds multiply, and environments diversify, access governance becomes noisy, risky, and difficult to delegate safely. Apono’s new Spaces Management feature gives enterprises a clean, scalable way to segment access governance across departments without spinning up multiple tenants or losing centralized control.

Earlier this year, twin brothers Muneeb and Sohaib Akhter, both government contractors, were fired from their employer. Minutes later, they began a weeklong insider attack that compromised or destroyed data belonging to more than 45 federal agencies.

Managing access can become tedious and clunky. Someone always ends up with too much power, someone else is locked out when something’s on fire, and no one remembers who approved what in the first place. It’s the slow creep of “we’ll fix it later.” However, that “later” is catching up.

Every automated workflow, microservice, and CI/CD integration needs credentials to run, but those credentials often live far longer and reach far wider than anyone intends. The result is a growing attack surface hidden in plain sight. Concerningly, 26% of organizations believe more than half of their service accounts are over-privileged. This is a staggering figure when you consider that machine identities now vastly outnumber human users by 80:1.

Some incidents make security teams wince, not because of a complex exploit, but because they were entirely preventable. This one starts with a contractor getting fired. In May 2021, Maxwell Schultz, a contract IT worker from Ohio, was terminated. Instead of moving on, he re-entered his former employer’s network by impersonating another contractor and using their credentials.

In today’s AI-driven world, machine identities are multiplying faster than humans can manage them. Every API key and automation script is a digital identity, often with standing access privileges that attackers can exploit through leaked credentials or misconfigured policies. Recent research shows that non-human identities (NHIs) now outnumber human users by more than 80:1 across enterprise cloud environments.

If you were online yesterday, you probably noticed that a surprising amount of the internet simply wasn’t there. Uber, X, Canva, ChatGPT, and dozens of others all began returning internal server errors. For a few hours, it looked like the web had taken the afternoon off. As usual, the immediate assumption was that someone must be attacking the internet. Even Cloudflare initially suspected a large-scale DDoS event. When many unrelated services break at once, it often signals malicious activity.

We’re excited to announce the launch of our MCP server for Apono administrators — giving security and DevOps teams the ability to surface complex access data instantly, without the endless API queries, spreadsheets, or manual digging that slows everyone down. Admins are the guardians of access. But when they need answers like “Which users are included in this access flow?” or “Who has access to production?”, getting that data today can take hours.

NEW YORK – November 18, 2025 – Apono, the cloud identity-security company pioneering Zero Standing Privilege (ZSP) access management, today announced a $34 million Series B led by U.S. Venture Partners (USVP), with participation from Swisscom Ventures, Vertex Ventures, 33N Ventures, and existing investors. The round brings Apono’s total funding to more than $54 million. Over the past year, Apono established product-market fit with a fourfold increase in client count.

New research out of AhnLab documents the Cephalus ransomware group has been aggressively exploiting stolen Remote Desktop Protocol (RDP) credentials to break into networks and execute rapid, destructive encryption campaigns. The pattern is straightforward and brutal: credentials get you in, and once inside the attackers move fast to blind and break recovery.