Blog Posts

One unmanaged machine identity—whether a TLS certificate, SSH key, code signing certificate, or API secret—that’s all it takes to crash your website, halt transactions, and leave customers...

CyberArk Privilege Cloud 14.7 improves user experience and enhances security with the new Secure Access space, Identity Protection, Threat Detection, Risk Management and more.

Do you know why Shai-Hulud should raise your hackles? Unless you’ve spent time on Arrakis in Frank Herbert’s Dune or the npm ecosystem this month, the name Shai-Hulud might not ring a bell. In...

We’ve spent decades treating persuasion like an art—something you could master if you had charisma, practice, or luck. Lawyers use it to hone arguments. Marketers use it to craft taglines. On the...

Across financial services operations, machine identities play critical roles, but in many organizations, these cryptographic keys, API tokens, certificates, and service accounts remain chronically...

Financial cybersecurity has never been a static discipline. Over two decades in this industry, I’ve seen it transform from a compliance checkbox to a cornerstone of business resilience—usually...

In the world of identity security, organizations evaluating solutions want to understand why CyberArk stands out as the top choice. Leaders aren’t just looking for a rundown of capabilities – they...

When new security research hits the headlines, it often sparks a predictable wave of worry: should we turn off features we rely on? Should we rethink basic workflows? That’s exactly the case with...

This blog was originally published by Zilla Security, now a CyberArk Company and may reference legacy product names that are now part of the CyberArk IGA portfolio. Protecting company assets and...

Picture this: You’re having your morning coffee when your phone buzzes with the kind of alert that makes security professionals break into a cold sweat. A single API key, leaked on GitHub months...

A sprawling cyber campaign is turning gamers’ hunger to gain an edge into a massive payday for threat actors who are leveraging over 250 malware samples to steal credentials and cryptocurrencies....

Introduction Not too long ago I read an interesting blogpost by SpecterOps about Microsoft EPM that got my attention as I was not aware of this Microsoft product/feature. It was interesting to...

It was recently reported that Salesloft’s Drift application was breached, allowing unauthorized access to its customers’ Salesforce data and affecting hundreds of organizations, including...

Fast-moving cloud environments demand speed, but without the right access controls they invite risk. Resources such as virtual machines, containers, and services are created, modified, and...

As the world’s top organizations prepare for the future, you can bet that certificate lifespans will continue to shorten. Factors such as the pace of continuous development and rapidly evolving...

In a bad dream, you open the closet. You think you know exactly what’s in there: a few SSH keys, a bunch of TLS certificates, and some secrets like API keys locked in what you...

The quantum threat isn’t theoretical—it’s operational. Quantum computing is rapidly shifting from research to reality, forcing chief information security officers (CISOs) to rethink cryptography,...

For many of us, the term “cloud security breach” conjures meticulous attack plans executed by sophisticated criminal syndicates. But in reality, “attacks” can be far more mundane: maybe some...