Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

reach security

Misconfigured Security Controls Open the Door for Storm-2949

May 20, 2026 By Garrett Hamilton In Reach Security
The Microsoft Defender Security Research Team and Microsoft Threat Intelligence documented a campaign in which Storm-2949 abused Microsoft Entra ID accounts to exfiltrate data from Microsoft 365 and Azure environments. The attack shows how cloud intrusions increasingly unfold through identity systems, administrative features, and legitimate platform capabilities rather than obvious malware or traditional endpoint compromise.
Read Post

Close Defensive Gaps Before AI Attacks Exploit Them

May 5, 2026 By John Dominguez In Reach Security
The speed of AI-powered attacks is mind-numbing. CrowdStrike found that average eCrime breakout time fell to 29 minutes, with the fastest recorded breakout at 27 seconds. Armadin showed an LLM-driven NTLM relay attack completing in under three minutes, then roughly 1.5 minutes with BloodHound MCP context.
Read Post
reach security

The Configuration Drift Behind the Teams Helpdesk Breach

Apr 27, 2026 By Garrett Hamilton In Reach Security
On April 22, 2026, Google's Threat Intelligence Group and Mandiant disclosed a campaign by a threat actor they're tracking as UNC6692. The group breached enterprise networks by impersonating IT helpdesk staff over Microsoft Teams, ultimately exfiltrating Active Directory databases and achieving full domain compromise. What's notable about UNC6692 is what they didn't do. They didn't use a zero-day. They didn't exploit a software vulnerability.
Read Post
New Research Finds Configuration Drift is Driving Cybersecurity Incidents Across 97% of Organizations

New Research Finds Configuration Drift is Driving Cybersecurity Incidents Across 97% of Organizations

Apr 15, 2026 By Reach Security In Reach Security
The study, commissioned by Reach Security, reveals widespread misconfigurations, slow remediation cycles, and manual approaches to drift management, highlighting the urgent need for preemptive approaches that continuously validate security controls.
Read Post
reach security

10 Hidden Cybersecurity Misconfigurations

Apr 3, 2026 By John Dominguez In Reach Security
In 2025, organizations spent billions on security, deploying EDR/XDR, SASE, firewalls, identity platforms, email security, web security, and more. And yet, breaches persist. The reason often is not a zero-day, an advanced persistent threat, or a cutting-edge exploit. It is far more mundane. Misconfigurations across identity, endpoint, network, and email/web security controls remain among the top root causes of incidents.
Read Post
reach security

What is Configuration Drift? 5 Best Practices for Your Team's Security Posture

Mar 30, 2026 By CP Morey In Reach Security
Security configurations are not static. They evolve over time due to software updates, policy changes, emergency patches, and human intervention. While these changes are often necessary, they can lead to configuration drift, a gradual misalignment between an organization’s security controls and its intended security policies.
Read Post
reach security

A Comprehensive Guide to Continuous Threat Exposure Management (CTEM)

Mar 12, 2026 By John Dominguez In Reach Security
Continuous Threat Exposure Management is a continuous security framework for identifying, assessing, validating, and reducing the exposures that matter most to an organization. Rather than treating every exposure, alert, or control issue as equally urgent, CTEM helps organizations focus on the exposures that are actually reachable, relevant to likely attack paths, and meaningful in a business context.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.