Tag
#identity
5 posts tagged #identity.
-
Analysis · Jun 5, 2026 · Colten Anderson
Your Azure CLI session has an MFA exemption you never asked for
Two Entra Conditional Access changes land in the same fortnight, and they're the lead evidence in a longer story: Microsoft is closing the identity opt-outs orgs have leaned on for years.
-
Analysis · May 20, 2026 · Colten Anderson
Cisco's management and identity products keep showing up in the catalog
Smart Licensing Utility, Identity Services Engine, IOS XE, Catalyst SD-WAN Manager, Unified Communications Manager, a run of exploited Cisco bugs in 2024-2026, including a hardcoded credential and several unauthenticated RCEs. The management plane is the target.
-
Analysis · May 20, 2026 · Colten Anderson
Server-side template injection: when the page renderer runs the attacker's code
CVE-2022-22954 is a template-injection bug in VMware Workspace ONE Access. A template engine meant to render data into a page rendered attacker input into code execution instead, unauthenticated, on the appliance that brokers your single sign-on. Attackers had an exploit 48 hours after the patch.
-
Analysis · May 20, 2026 · Colten Anderson
WSO2 CVE-2022-29464: an upload bug on the box that brokers your APIs and logins
CVE-2022-29464 is an unauthenticated file-upload-to-RCE in WSO2 products. The bug is a familiar one. What makes it serious is where it lives: API management and identity middleware that sits in front of your services and authenticates your users.
-
Analysis · Apr 28, 2026 · Colten Anderson
What patching looks like when you support the whole mess: endpoints, M365, identity, browsers, VPN, and line-of-business tools
Patching isn't Windows Updates anymore. A tour of the six surfaces a real shop patches every week.