The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

May 5, 2026
No Comments

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets hold of one, they don’t need a password.
OAuth

Leave a Reply Cancel reply

Visual data is the blind spot in enterprise security: that’s about to change May 4, 2026
Most enterprise security teams can tell you exactly how their databases are encrypted. They know who has access to their CRM and can pull audit logs for every sensitive document that’s been opened, copied, or shared in the last 90 days. Ask those same teams what’s happening with the thousands of hours of video footage […]
Danielle King
The new rules of war have no rules April 29, 2026
When the Iran conflict escalated the way it did, most businesses had no playbook for it. The disruption didn’t stay in the region. It showed up in energy supplies, financial systems, hospitals, and communication networks, touching organisations that had simply been going about their day. No warning, no preparation, just a sudden wave of uncertainty […]
Dilki Rathnayake
AppSec is dead, long live AI security April 29, 2026
“AppSec is Dead, Long Live AI Security” is the kind of statement designed to provoke a reaction. It is bold, dramatic, and easy to remember. It also captures a growing belief in the market that AI will soon make traditional application security obsolete. That belief is understandable. It is also wrong. AI is already changing […]
Aram Hovsepyan
Myth or Mythos? The illusion of advantage in the AI cybersecurity race April 24, 2026
Anthropic Mythos platform has sparked a new round of debate over a classic cybersecurity question – except at an entirely new level: What will happen as the systems used to discover and exploit vulnerabilities gain the ability to do so at the speed of machines? In conjunction with projects such as Project Glasswing, the idea is […]
Kirsten Doyle
Rogue users allegedly access Anthropic’s restricted Claude Mythos model April 23, 2026
Unsanctioned users have allegedly accessed Anthropic’s controversial Claude Mythos Preview AI frontier model although the company has limited the businesses that can use it. The group, who have yet to be named, had apparently made many attempts to access Mythos since it debuted earlier this month. They finally gained access via a third-party vendor. The users who accessed Mythos on the day it was announced are members of a […]
Kirsten Doyle
How integrated GIS is powering the next generation of industrial cyber resilience April 23, 2026
Cyber professionals have spent countless hours reinforcing the systems of myriad industries. Now, some of them are reciprocating, as integrating geographic information systems (GIS) with enterprise IT/OT systems becomes more common. By mapping location-based data against utility infrastructure, these platforms allow teams to analyze real-time variables and harden strategic decision-making. GIS tools add another layer […]
Emily Newton
Vercel confirms April 2026 security incident linked to third-party AI tool April 22, 2026
Cloud development platform Vercel has confirmed a security incident involving unauthorized access to parts of its internal systems, following a breach disclosed in April 2026. In an official security bulletin, the company stated: “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.” Vercel added that it is “actively investigating” the incident, has engaged incident response experts, and notified law enforcement […]
Kirsten Doyle
The 7 Top AI SOC Platforms to Watch in 2026 April 21, 2026
AI SOC platforms have been gaining rapid traction in the industry over the past few years. and will continue to grow in popularity as their usability and time-saving capabilities are demonstrated. These AI-driven, often agentic SOC platforms sit at the intersection of autonomy and human oversight, doing the heavy work on alert investigations so SOCs can spend their […]
Katrina Thompson
The Real Cyber Awards and Conference opens for entries April 20, 2026
Entries have opened for the Real Cyber Awards 2026 and Conference, a UK-based cybersecurity event designed to recognise the organisations and individuals working to keep businesses secure. Positioned as a platform to highlight “the real work happening in cybersecurity today,” the awards are free to enter, with shortlisted nominees receiving two complimentary tickets to attend […]
Kirsten Doyle
Pro-Russian threat actors target Swedish heat and power plant in failed cyberattack April 20, 2026
In 2025, pro-Russian threat actors attempted to disrupt a Combined Heat and Power (CHP) facility in western Sweden. A failed attack on dual-purpose critical infrastructure serving both electricity generation and district heating networks. The Minister for Civil Defence of Sweden, Carl-Oskar Bohlin, revealed in a news conference that the cyber-attack had been conducted in the spring of 2025 and the perpetrators […]
Kirsten Doyle

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Leave a Reply Cancel reply

[email protected]

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

Share :

Leave a Reply Cancel reply