#identitythreats — Public Fediverse posts

Identity compromise continues to dominate intrusion chains.
From the Sophos Active Adversary Report 2026:
• 67% of initial access attributed to identity abuse
• 3.4-hour median to Active Directory pivot
• 3-day median dwell time
• 88% ransomware deployment off-hours
• 79% data exfiltration off-hours
Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
The compressed timeline from credential misuse to directory-level access underscores the need for:
– Continuous identity monitoring
– Behavioral analytics
– After-hours SOC coverage
– Conditional access enforcement
– Least-privilege architecture
Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

Is identity governance keeping pace with adversary dwell time compression?
Engage below.

Source: https://www.sophos.com/en-us/press/press-releases/sophos-active-adversary-report-2026-identity-attacks-dominate-as-threat-groups-proliferate

Follow TechNadu for high-signal infosec analysis.

Repost to strengthen industry awareness.

#Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

Identity compromise continues to dominate intrusion chains.
From the Sophos Active Adversary Report 2026:
• 67% of initial access attributed to identity abuse
• 3.4-hour median to Active Directory pivot
• 3-day median dwell time
• 88% ransomware deployment off-hours
• 79% data exfiltration off-hours
Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
The compressed timeline from credential misuse to directory-level access underscores the need for:
– Continuous identity monitoring
– Behavioral analytics
– After-hours SOC coverage
– Conditional access enforcement
– Least-privilege architecture
Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

Is identity governance keeping pace with adversary dwell time compression?
Engage below.

Source: https://www.sophos.com/en-us/press/press-releases/sophos-active-adversary-report-2026-identity-attacks-dominate-as-threat-groups-proliferate

Follow TechNadu for high-signal infosec analysis.

Repost to strengthen industry awareness.

#Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

Identity compromise continues to dominate intrusion chains.
From the Sophos Active Adversary Report 2026:
• 67% of initial access attributed to identity abuse
• 3.4-hour median to Active Directory pivot
• 3-day median dwell time
• 88% ransomware deployment off-hours
• 79% data exfiltration off-hours
Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
The compressed timeline from credential misuse to directory-level access underscores the need for:
– Continuous identity monitoring
– Behavioral analytics
– After-hours SOC coverage
– Conditional access enforcement
– Least-privilege architecture
Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

Is identity governance keeping pace with adversary dwell time compression?
Engage below.

Source: https://www.sophos.com/en-us/press/press-releases/sophos-active-adversary-report-2026-identity-attacks-dominate-as-threat-groups-proliferate

Follow TechNadu for high-signal infosec analysis.

Repost to strengthen industry awareness.

#Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

Identity compromise continues to dominate intrusion chains.
From the Sophos Active Adversary Report 2026:
• 67% of initial access attributed to identity abuse
• 3.4-hour median to Active Directory pivot
• 3-day median dwell time
• 88% ransomware deployment off-hours
• 79% data exfiltration off-hours
Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
The compressed timeline from credential misuse to directory-level access underscores the need for:
– Continuous identity monitoring
– Behavioral analytics
– After-hours SOC coverage
– Conditional access enforcement
– Least-privilege architecture
Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

Is identity governance keeping pace with adversary dwell time compression?
Engage below.

Source: https://www.sophos.com/en-us/press/press-releases/sophos-active-adversary-report-2026-identity-attacks-dominate-as-threat-groups-proliferate

Follow TechNadu for high-signal infosec analysis.

Repost to strengthen industry awareness.

#Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

A recent investigation into malicious Chrome extensions targeting enterprise HR and ERP platforms highlights a persistent challenge: browser extensions operating with elevated trust.

The campaign involved credential cookie exfiltration, session hijacking, and interference with administrative security controls - demonstrating how extensions can bypass traditional perimeter defenses.

This reinforces the need for stronger browser governance, extension allow-listing, and visibility within enterprise environments.

Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

Source: https://www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/

Thoughtful discussion encouraged.

#InfoSec #EnterpriseSecurity #BrowserHardening #IdentityThreats #CredentialSecurity #SaaSRisk #CyberDefense #SecurityAwareness

A recent investigation into malicious Chrome extensions targeting enterprise HR and ERP platforms highlights a persistent challenge: browser extensions operating with elevated trust.

The campaign involved credential cookie exfiltration, session hijacking, and interference with administrative security controls - demonstrating how extensions can bypass traditional perimeter defenses.

This reinforces the need for stronger browser governance, extension allow-listing, and visibility within enterprise environments.

Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

Source: https://www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/

Thoughtful discussion encouraged.

#InfoSec #EnterpriseSecurity #BrowserHardening #IdentityThreats #CredentialSecurity #SaaSRisk #CyberDefense #SecurityAwareness

A recent investigation into malicious Chrome extensions targeting enterprise HR and ERP platforms highlights a persistent challenge: browser extensions operating with elevated trust.

The campaign involved credential cookie exfiltration, session hijacking, and interference with administrative security controls - demonstrating how extensions can bypass traditional perimeter defenses.

This reinforces the need for stronger browser governance, extension allow-listing, and visibility within enterprise environments.

Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

Source: https://www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/

Thoughtful discussion encouraged.

#InfoSec #EnterpriseSecurity #BrowserHardening #IdentityThreats #CredentialSecurity #SaaSRisk #CyberDefense #SecurityAwareness

A recent investigation into malicious Chrome extensions targeting enterprise HR and ERP platforms highlights a persistent challenge: browser extensions operating with elevated trust.

The campaign involved credential cookie exfiltration, session hijacking, and interference with administrative security controls - demonstrating how extensions can bypass traditional perimeter defenses.

This reinforces the need for stronger browser governance, extension allow-listing, and visibility within enterprise environments.

Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

Source: https://www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/

Thoughtful discussion encouraged.

#InfoSec #EnterpriseSecurity #BrowserHardening #IdentityThreats #CredentialSecurity #SaaSRisk #CyberDefense #SecurityAwareness

Phishing campaigns are increasingly targeting trusted social platforms, not just email.

Recent activity on LinkedIn shows impersonated moderation replies posted in public comments, urging users to resolve fake policy violations via external links. Once credentials are captured, attackers can observe, escalate, and impersonate trusted identities over extended periods.
Key takeaways for defenders:
• Identity compromise often precedes larger incidents
• MFA meaningfully reduces downstream risk
• Awareness must extend beyond email-based threats
How are organizations adapting security awareness programs to include social platforms?

Source: https://www.linkedin.com/posts/gokahwilliam_%F0%9D%97%9F%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B8%F0%9D%97%B2%F0%9D%97%B1%F0%9D%97%9C%F0%9D%97%BB-%F0%9D%97%A3%F0%9D%97%B5%F0%9D%97%B6%F0%9D%98%80%F0%9D%97%B5%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B4-%F0%9D%97%9C%F0%9D%98%80-%F0%9D%97%98-activity-7416932002509062144-tozm/

Share insights, engage with the discussion, and follow TechNadu for objective InfoSec reporting.

#InfoSec #IdentityThreats #PhishingDefense #ZeroTrust #CyberRisk #TechNadu #SecurityAwareness

Phishing campaigns are increasingly targeting trusted social platforms, not just email.

Recent activity on LinkedIn shows impersonated moderation replies posted in public comments, urging users to resolve fake policy violations via external links. Once credentials are captured, attackers can observe, escalate, and impersonate trusted identities over extended periods.
Key takeaways for defenders:
• Identity compromise often precedes larger incidents
• MFA meaningfully reduces downstream risk
• Awareness must extend beyond email-based threats
How are organizations adapting security awareness programs to include social platforms?

Source: https://www.linkedin.com/posts/gokahwilliam_%F0%9D%97%9F%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B8%F0%9D%97%B2%F0%9D%97%B1%F0%9D%97%9C%F0%9D%97%BB-%F0%9D%97%A3%F0%9D%97%B5%F0%9D%97%B6%F0%9D%98%80%F0%9D%97%B5%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B4-%F0%9D%97%9C%F0%9D%98%80-%F0%9D%97%98-activity-7416932002509062144-tozm/

Share insights, engage with the discussion, and follow TechNadu for objective InfoSec reporting.

#InfoSec #IdentityThreats #PhishingDefense #ZeroTrust #CyberRisk #TechNadu #SecurityAwareness

Phishing campaigns are increasingly targeting trusted social platforms, not just email.

Recent activity on LinkedIn shows impersonated moderation replies posted in public comments, urging users to resolve fake policy violations via external links. Once credentials are captured, attackers can observe, escalate, and impersonate trusted identities over extended periods.
Key takeaways for defenders:
• Identity compromise often precedes larger incidents
• MFA meaningfully reduces downstream risk
• Awareness must extend beyond email-based threats
How are organizations adapting security awareness programs to include social platforms?

Source: https://www.linkedin.com/posts/gokahwilliam_%F0%9D%97%9F%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B8%F0%9D%97%B2%F0%9D%97%B1%F0%9D%97%9C%F0%9D%97%BB-%F0%9D%97%A3%F0%9D%97%B5%F0%9D%97%B6%F0%9D%98%80%F0%9D%97%B5%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B4-%F0%9D%97%9C%F0%9D%98%80-%F0%9D%97%98-activity-7416932002509062144-tozm/

Share insights, engage with the discussion, and follow TechNadu for objective InfoSec reporting.

#InfoSec #IdentityThreats #PhishingDefense #ZeroTrust #CyberRisk #TechNadu #SecurityAwareness

Phishing campaigns are increasingly targeting trusted social platforms, not just email.

Recent activity on LinkedIn shows impersonated moderation replies posted in public comments, urging users to resolve fake policy violations via external links. Once credentials are captured, attackers can observe, escalate, and impersonate trusted identities over extended periods.
Key takeaways for defenders:
• Identity compromise often precedes larger incidents
• MFA meaningfully reduces downstream risk
• Awareness must extend beyond email-based threats
How are organizations adapting security awareness programs to include social platforms?

Source: https://www.linkedin.com/posts/gokahwilliam_%F0%9D%97%9F%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B8%F0%9D%97%B2%F0%9D%97%B1%F0%9D%97%9C%F0%9D%97%BB-%F0%9D%97%A3%F0%9D%97%B5%F0%9D%97%B6%F0%9D%98%80%F0%9D%97%B5%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B4-%F0%9D%97%9C%F0%9D%98%80-%F0%9D%97%98-activity-7416932002509062144-tozm/

Share insights, engage with the discussion, and follow TechNadu for objective InfoSec reporting.

#InfoSec #IdentityThreats #PhishingDefense #ZeroTrust #CyberRisk #TechNadu #SecurityAwareness