BetaNews recently asked this question in a detailed Q&A. The answers should concern every enterprise leader. The rise of identity-based attacks isn’t just a trend; it’s now the primary way cybercriminals get in. Attackers are no longer brute-forcing firewalls or cracking encryption. They’re simply logging in as you.

Microsoft’s recent advisory on Octo Tempest should make every CISO lose sleep. This group isn’t just hacking software vulnerabilities. They’re hacking people, impersonating employees, tricking help desks into resetting passwords, stealing session cookies, and bypassing legacy MFA with social engineering.

Generative AI just made phishing so easy that anyone can do it—and do it convincingly. According to Axios, researchers demonstrated that in just 30 seconds, a simple natural-language prompt was all it took to build a pixel-perfect spoofed login site. No coding. No technical skills. Just type “build a copy of the website login.okta.com,” and a convincing clone appears, ready to trick anyone into handing over credentials.

The cybersecurity world has a new consensus: credentials are no longer a weak point—they’re the entire attack surface.

A new report from CyberCube just confirmed what many of us in cybersecurity have long suspected: Scattered Spider is targeting hundreds of major enterprises with precision. Nearly 300 companies—each with over $500 million in annual revenue—have been flagged as high-risk. Why? Because they’re still running the same legacy technologies this threat group exploits with shocking ease.

If your organization still relies on passwords, SMS codes, or authenticator apps to protect employee logins, it’s not a matter of if you’ll be breached—it’s when.

As seen in Bleeping Computer

The shift to a passwordless future is well underway. Tech giants like Apple, Google, and Microsoft have embraced passkeys, and for good reason. Passwords have long been the weakest link in cybersecurity—easily guessed, phished, stolen, or reused across accounts. Passkeys represent a serious improvement. They’re phishing-resistant, user-friendly, and eliminate the need to remember or manage credentials.

Token Would Have Stopped This Cold. Another week, another breach. This time it’s Ingram Micro, one of the largest tech distributors on the planet. Systems down for days. Operations halted. Now they’re staring down a ransomware demand, possibly for millions.

Amazon just sent out a warning about phishing emails targeting Prime members—scammers spoofing login pages and tricking users into handing over their credentials. Sound familiar?

Last week, Qantas joined a growing list of high-profile companies breached by Scattered Spider, a sophisticated threat group known for exploiting human error and weak authentication systems—not by hacking through firewalls, but by walking right through the front door.