The Fragmented State of Modern Enterprise Identity
Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.
The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and
Q4 2025 data, monitoring dark web leak sites and criminal forums throughout October–December 2025.
Numbers: - 2,373 confirmed victims - 125 active ransomware groups - 134 countries, 27 industries
Group highlights: - Qilin peaked at 481 attacks in Q4, up from 113 in Q1 - Cl0p skipped encryption entirely in most campaigns — pure data theft + extortion via Oracle EBS and Cleo zero-days - 46.3% of activity attributed to smaller/unnamed groups — RaaS commoditization is real
CVEs exploited this quarter (with group attribution):
Notable: DragonForce announced a white-label "cartel" model through underground forums. Operations linked to Scattered Spider suggest staged attack chains — initial access and ransomware deployment split between separate actors.
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities.
The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike,&
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems.
"The threat actor's packages were designed to impersonate legitimate developer tooling [...], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated
With the news of Hundreds of orgs being compromised daily, I saw a really cool red team tool that trains for this exact scenario. Have you guys used this new white hat tool? Thinking about ditching KB4 and even using this for our red teams for access.
Two practice web addresses appear to have been compromised
Multiple domains belonging to Scottish healthcare providers have been hijacked and are now pushing links to adult content and illegal sports streams, according to a researcher.…
President Brad Smith tells an interviewer that Microsoft is reconsidering datacenter design in light of Iran war
Microsoft is reevaluating how it designs and builds datacenters in conflict-prone regions after Iran began targeting Middle Eastern bit barns in retaliation for US military operations.…
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday.
"These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial
Hasn't released it to the public, because it would break the internet - in a bad way
For years, the infosec community’s biggest existential worry has been quantum computers blowing away all classical encryption and revealing the world’s secrets. Now they have a new Big Bad: an AI model that can generate zero-day vulnerabilities.…
Login
