#identity
31 stories taggedidentity.
WhatsApp Starts Username Reservations, Finally Decoupling Identity From Phone Numbers
The optional handle system lets users be reachable without exposing an E.164 number — a meaningful identifier change for a 3-billion-user directory.
Robinhood Rebuilt Its Access-Approval Pipeline — Here's What Actually Changed
The fintech firm's engineering-security team overhauled how developers request and receive system access. The goal: speed without sacrificing control.
Frontier AI Is a Pressure Test, Not a New Threat Model
The arrival of capable AI models like Mythos changes attacker economics. It doesn't change which controls actually matter — and most organizations are still failing the old ones.
GDPR Turns Ten: A Decade of Fines, Frustration, and Unfinished Business
Six billion euros in penalties later, Europe's data regulation has reshaped corporate behavior — and created a compliance burden that companies say is quietly strangling AI development on the continent.
Philip Martin Takes the CISO Chair at Uber
The former Coinbase security chief steps into one of tech's more scrutinised security roles, bringing a résumé that spans crypto, defence contracting, and cloud infrastructure.
The Service Desk Is the New Phishing Inbox
Help desks keep getting talked out of MFA resets. The fix is less about training and more about treating identity verification like an auth protocol.
Third DraftKings Credential-Stuffing Conspirator Sentenced to 18 Months
Nathan Austad gets a year and a half in federal prison, plus $1.8 million in forfeiture and restitution, closing out the last of the DraftKings account-takeover prosecutions.
Two Scattered Spider Members Plead Guilty as London Trial Opens
Thalha Jubair and Owen Flowers admitted roles in the TfL intrusion and a sprawling SIM-swap and SMS-phishing operation that turned harvested SSO credentials into nine-figure ransom payouts.
White House Sets Hard Clock on Post-Quantum Migration for Federal Systems
An executive order mandates that high-value federal assets shift to post-quantum cryptography by 2030–2031. For identity infrastructure, that deadline is closer than it looks.
ShinyHunters Doesn't Need Malware. That's the Point.
The group's latest breaches are a reminder that stolen credentials and patience beat zero-days most days of the week.
Cisco Acquires WideField Security to Wire Identity Intelligence Into Splunk's Agentic SOC
The deal adds credential, session, and blast-radius visibility to Splunk's autonomous detection pipeline — filling a gap that pure log-correlation has always struggled with.
The Agents Nobody Owns: AI Identities Are Quietly Becoming Your Worst Insider Risk
Orphaned AI agents and standing privileges are accumulating across enterprise environments. Most security teams can't tell you who authorized them — or revoke them quickly when they go wrong.
Zero Trust Turns 15 and Still Can't Get Out of Its Own Way
The 'never trust, always verify' model isn't failing because the idea is wrong. It's failing because organizations keep treating a security philosophy like a SKU.
First-Day Passwords Are Still IAM's Soft Underbelly
Temporary onboarding credentials keep showing up in breach forensics. The problem isn't laziness — it's that most IT teams never actually defined what 'temporary' means.
Anthropic Pulls Claude Fable 5 and Mythos 5 After Federal Suspension Order
A late-Friday directive citing national security forced Anthropic to cut off its top-tier models — for everyone, not just foreign nationals.