A password can be reset. A fingerprint can't.

The MGM Hack Happened Three Years Ago. Why Are Companies Still Letting Phone Calls Reset Their Security?

In September 2023, MGM Resorts suffered one of the most visible cyberattacks in recent memory. Hotel guests could not use digital room keys. Slot machines and ATMs were disrupted. Websites went offline. Operations across major properties were thrown into chaos. MGM later estimated the incident cost roughly $100 million in lost revenue. According to widely reported accounts, the front door was not kicked in by a zero day exploit, nation state malware, or some impossible technical breakthrough. It was opened with a phone call.

Kevin Surace
3 minute read
Aflac was breached again

Aflac Was Breached Again. This Is What Happens When Legacy MFA Turns You Into a Honeypot.

Last year, Aflac was swept into a wave of attacks that put the insurance industry on notice. Last week, Aflac disclosed another breach, this time involving its Japan subsidiary. The reported exposure includes policy information, personal data, and bank account information affecting millions of customers. We do not yet know the precise entry point in this new incident. It would be irresponsible to claim otherwise. But we do know the larger lesson.

Kevin Surace
3 minute read
Passwords are an action you repeat; identity is a fact you prove

JLR Reset 30,000 Passwords. Scattered Spider Could Have Come Back an Hour Later.

Jaguar Land Rover reportedly brought more than 30,000 employees onsite to reset their passwords after its cyberattack. That may have been necessary cleanup. But let’s be honest about what it was. Security theater. JLR was reportedly hit by a group linked to Scattered Spider. And Scattered Spider does not need yesterday’s password to come back tomorrow. Its documented playbook is built around social engineering employees and IT help desks into resetting passwords, replacing MFA factors, enrolling new devices, and granting access to accounts they should never control.

Kevin Surace
3 minute read
You Did Everything Right. So Why Are Attackers Still Getting In?

Your Auth App Won't Save You: How Attackers Beat MFA in Minutes

You rolled out MFA. You pushed auth apps across the whole company. You ran phishing simulations. You checked the compliance boxes. And yet, somewhere right now, an attacker is walking through a front door you built and called secure. That's not pessimism. That's math.

Kevin Surace
3 minute read
Enterprises need phishing-resistant, biometric FIDO2 authentication — not better awareness training

464 Million Phishing Attacks Later, Stop Asking Employees to Be Human Firewalls

OpenText’s 2026 Cybersecurity Threat Report should end the fantasy that phishing awareness training, spam filters, and an MFA app are enough to protect a company. The report found phishing activity rose 206% year over year in 2025, with more than 464 million phishing attacks and more than 327 million spearphishing attacks recorded.

Kevin Surace
3 minute read
Salesforce Is the New Front Door.

Salesforce Is the New Front Door. ShinyHunters Is Walking Through It.

The latest Sysco and Kodak breach claims should make every Salesforce customer stop pretending this is someone else’s problem. Sysco has now been tied to three separate breach stories. First came the prior data breach that resulted in a class action settlement. Then came a Qilin ransomware claim. Now ShinyHunters is claiming more than 61 million Salesforce records. Kodak appears in the same pattern, with ShinyHunters claiming 2.2 million records and Kodak confirming unauthorized access to some data.

Kevin Surace
4 minute read
The Data Behind the Deception Proves Legacy MFA Is the Honeypot to Bad Actors

The Data Behind the Deception Proves Legacy MFA Is the Honeypot to Bad Actors

The new Optery 2026 Enterprise Social Engineering Survey Report should make every CISO stop and ask a very uncomfortable question: Are we actually stopping identity attacks, or are we just pretending? The report surveyed 421 enterprise cybersecurity professionals, mostly senior leaders across large companies. The findings are blunt: 96% report an increase in targeted social engineering attacks over the past year. Nearly 75% report credential compromise resulting from targeted social engineering. 89.8% say recent attacks were highly or moderately personalized.

Kevin Surace
3 minute read
Why Toke is the Leading Choice for Salesforce Phishing Resistant Access

Salesforce Phishing Resistant Access: Why Token Became the Leading Choice

Salesforce has become one of the most valuable data platforms in the enterprise. It holds customer records, donor data, sales pipelines, financial history, case notes, reports, workflows, integrations, and privileged administrative controls. For many organizations, Salesforce is not just a CRM. Salesforce is the front door to the business. That is why Salesforce security is changing so quickly.

Kevin Surace
5 minute read
The FBI Just Warned About Device Code Attacks. The FBI Just Warned About Device Code Attacks.  Here’s How Enterprises Using TokenCore Devices Should Respond.

The FBI Just Warned About Device Code Attacks

Here’s How Enterprises Using TokenCore Devices Should Respond. The FBI and CISA recently issued a public warning about a rapidly growing attack technique abusing Microsoft 365 "device code flow" authentication. The advisory explains how attackers are using legitimate OAuth authorization workflows to gain persistent access to enterprise Microsoft 365 environments without stealing passwords or bypassing MFA in the traditional sense. This is an important moment for the industry because it highlights a larger truth: Strong authentication alone is no longer enough.

Kevin Surace
4 minute read

Carnival Shows the Same Pattern Again: Social Engineering + Compromised MFA

Tokens customers are fully protected. Carnival’s customers were not. Carnival Corp. has disclosed another cybersecurity incident, and the pattern should look familiar by now. According to Reuters, the company said an employee account was compromised in April after social engineering was used to deceive an employee and gain access to data. The exposed information included names, addresses, and government issued identification numbers.

Kevin Surace
3 minute read
Attacker reaches the identity door

The Grafana GitHub Token Breach: The Front Door Was Identity

Grafana recently disclosed that an unauthorized party obtained a token granting access to the company’s GitHub environment and used it to download portions of its codebase. Grafana confirmed that no customer data or personal information was accessed, invalidated the compromised credentials, and applied additional controls. The response was fast, and the containment was effective.

Kevin Surace
2 minute read
Nitrogen Ransomware, Foxconn, and the Identity Epidemic Reshaping Enterprise Security

Nitrogen Ransomware, Foxconn, and the Identity Architecture Problem Reshaping Enterprise Security

The Foxconn incident tied to the Nitrogen ransomware group is instructive — not because it reveals new attack techniques, but because it confirms a structural shift in how enterprise environments are compromised. Attackers are no longer primarily exploiting unpatched software. They are compromising identity systems, inheriting trusted sessions, and moving laterally through legitimate administrative pathways. This is not an emerging trend. It is the established model.

Kevin Surace
3 minute read
1 2 3 4 5 ... 8

Stay Identity Assured

Subscribe to The Assured Identity Brief for sharp insights on identity security, authentication, and the threats security leaders must stay ahead of.