Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

New research out of AhnLab documents the Cephalus ransomware group has been aggressively exploiting stolen Remote Desktop Protocol (RDP) credentials to break into networks and execute rapid, destructive encryption campaigns. The pattern is straightforward and brutal: credentials get you in, and once inside the attackers move fast to blind and break recovery.

Breaking down the trade-offs between API integration and proxy gateways for modern access management The way organizations manage access has fundamentally shifted. In the past, infrastructure was mostly static—centralized data centers, long-lived servers, and predictable traffic patterns. You could rely on VPNs, firewalls, and a fixed set of roles in your identity provider. Access paths were clear, and change was infrequent. But that’s no longer the case.

How context‑aware, short‑lived roles eliminate privilege sprawl and accelerate secure engineering without overburdening admins Access management for remote resources has come a long way from VPNs and bastion hosts. The rise of cloud platforms, microservices and remote workforces has driven a shift toward Cloud-native security controls that integrate directly with AWS, Azure, GCP and Kubernetes.

New details are emerging about a wave of intrusions into Amazon Web Services environments. Attackers are reportedly weaponizing AWS IAM, using it to validate stolen credentials and turn identity controls into a springboard for in-cloud abuse. According to new research from Fortinent, attackers are leveraging the open source TruffleHog tool to automate testing of stolen AWS credentials in what they are calling the TruffleNet infrastructure.

AI is rewriting the rules of privileged access, but the rise of AI agents is creating a governance crisis. Threats like credential stuffing and privilege escalation are now accelerated by autonomous systems moving faster than humans can react. 82% of companies deploy autonomous AI agents, but 23% of IT teams admit those bots have already been tricked into revealing credentials—and fewer than half have guardrails in place. In modern infrastructure, machine identities now outnumber humans 80:1.

Identity is now the most common entry point for attackers. In cloud-native environments, thousands of microservices, containers, and agents request credentials every day, and each one represents a potential weakness. The imbalance between human and non-human identities (NHIs) is growing, but many organizations still devote the bulk of their identity and access governance (IGA) efforts to the former.

New details are emerging in recent weeks on how the Crimson Collective threat group has been conducting a large-scale campaign targeting Amazon Web Services cloud environments. Recent reports highlight how easily the attackers progressed once they obtained valid credentials. The Crimson Collective claims to have exfiltrated ~570 GB across ~28,000 internal GitLab projects; Red Hat has confirmed access to a Consulting GitLab instance but hasn’t verified the full scope of those claims.

Imagine autonomous agents negotiating and acting on your behalf—no manual hand-offs, just an efficient, policy‑driven communication. That’s the promise of Google’s Agent2Agent (A2A) Protocol, unveiled at Google Cloud Next in April 2025. Developed with input from over 50 partners, A2A is now open-sourced under the Apache 2.0 license and governed by the Linux Foundation.

Today’s man-in-the-middle (MitM) attacks go far beyond coffee-shop Wi-Fi: they target browsers, APIs, device enrollments, and DNS infrastructure. Using automated proxykits and supply-chain flaws, attackers hijack session cookies, tokens, and device credentials—turning one interception into persistent, high-value access. Concerningly, these are not edge cases.

Security and engineering teams today face a tough balance: protecting sensitive resources while keeping developers productive. As organizations shift from on-prem to the cloud, access management becomes one of the biggest challenges. With more identities—human and non-human—gaining access to more resources across hybrid environments, the risks rise.