Skip to content

// #identity-access-management

0 articles

← All tags

Commentary tagged #identity-access-management

Opinion

Managed Identity Is the New Local Admin — and Most Enterprises Haven't Noticed

CVE-2026-26117 in the Azure Arc agent is not just a patching story. It reveals that managed identity has quietly become the most powerful unguarded credential in enterprise infrastructure. We dismantled local admin accounts and hardcoded passwords over the past decade — and then rebuilt the same concentration of privilege under a different name, with even less monitoring attached.

CipherWatch Editorial

Security Intelligence Platform
Opinion

Active Directory Keeps Getting Owned Because We Keep Letting It

A Kerberos authentication bypass and an Active Directory privilege escalation were both patched this week, adding to a multi-year catalogue of critical flaws in Microsoft's foundational identity infrastructure. The problem is not that Microsoft keeps shipping vulnerabilities — it is that organisations keep deploying Active Directory in configurations that maximise their exposure when those vulnerabilities arrive.

CipherWatch Editorial

Security Intelligence Platform