CISA just dropped a bombshell. In its latest alert (dated July 25, 2025), the U.S. Cybersecurity and Infrastructure Security Agency is now urging every enterprise to implement phishing-resistant multifactor authentication (MFA)—everywhere: for email, VPNs, and anything touching critical systems. Not “consider it.” Not “evaluate in the future.” Require it. Now.

Another day. Another preventable breach. This time it’s a major UK based insurance company, Allianz Life, and the attackers didn’t need zero-day exploits or complex malware. They just talked their way in.

BetaNews recently asked this question in a detailed Q&A. The answers should concern every enterprise leader. The rise of identity-based attacks isn’t just a trend; it’s now the primary way cybercriminals get in. Attackers are no longer brute-forcing firewalls or cracking encryption. They’re simply logging in as you.

Microsoft’s recent advisory on Octo Tempest should make every CISO lose sleep. This group isn’t just hacking software vulnerabilities. They’re hacking people, impersonating employees, tricking help desks into resetting passwords, stealing session cookies, and bypassing legacy MFA with social engineering.

Generative AI just made phishing so easy that anyone can do it—and do it convincingly. According to Axios, researchers demonstrated that in just 30 seconds, a simple natural-language prompt was all it took to build a pixel-perfect spoofed login site. No coding. No technical skills. Just type “build a copy of the website login.okta.com,” and a convincing clone appears, ready to trick anyone into handing over credentials.

The cybersecurity world has a new consensus: credentials are no longer a weak point—they’re the entire attack surface.

A new report from CyberCube just confirmed what many of us in cybersecurity have long suspected: Scattered Spider is targeting hundreds of major enterprises with precision. Nearly 300 companies—each with over $500 million in annual revenue—have been flagged as high-risk. Why? Because they’re still running the same legacy technologies this threat group exploits with shocking ease.

If your organization still relies on passwords, SMS codes, or authenticator apps to protect employee logins, it’s not a matter of if you’ll be breached—it’s when.

As seen in Bleeping Computer

The shift to a passwordless future is well underway. Tech giants like Apple, Google, and Microsoft have embraced passkeys, and for good reason. Passwords have long been the weakest link in cybersecurity—easily guessed, phished, stolen, or reused across accounts. Passkeys represent a serious improvement. They’re phishing-resistant, user-friendly, and eliminate the need to remember or manage credentials.

Token Would Have Stopped This Cold. Another week, another breach. This time it’s Ingram Micro, one of the largest tech distributors on the planet. Systems down for days. Operations halted. Now they’re staring down a ransomware demand, possibly for millions.