Security News

Cybersecurity news aggregator

MEDIUM Updates SC Media

XM Cyber expands platform to enforce least-privilege access

identitycloudaccess-control
  • What: XM Cyber expands platform to enforce least-privilege access
  • Impact: Helps enterprises reduce risks from excessive permissions in Active Directory and cloud environments
Read Full Article →

Privileged access management XM Cyber expands platform to enforce least-privilege access May 27, 2026 Share By SC Staff XM Cyber Inc. announced an expansion of its platform with new capabilities designed to help enterprises enforce least-privilege access across Active Directory, Microsoft Entra, and multicloud environments. The expansion addresses the prevalent issue of excessive permissions, which attackers exploit for lateral movement after compromising a single account, a threat amplified by AI-driven credential attacks, as reported by Silicon Angle. The platform expansion introduces two key features. Active Directory Excessive Permissions analyzes the actual usage of assigned privileges, providing data to justify revoking unused access. A new Cloud Infrastructure Entitlement Management feature profiles entitlement usage across multicloud environments, enabling DevSecOps and cloud security teams to reduce overly permissive roles. By correlating permission usage with mapped attack paths, XM Cyber aims to help security teams differentiate between theoretically risky permissions and those actively exploitable by attackers. Source: Silicon Angle SC Staff Related Identity Microsoft patches Entra ID bug that let AI agents escalate privileges Steve Zurier April 28, 2026 Flaw in Entra ID AI agent role enabled privilege escalation and takeover. Security Operations Microsoft Entra ID vulnerability allowed global admin impersonation SC Staff April 28, 2026 The vulnerability, discovered by Silverfort researchers, resided in the Agent ID Administrator role. Vulnerability Management Pack2TheRoot flaw allows Linux privilege escalation SC Staff April 27, 2026 The Pack2TheRoot vulnerability resides within the PackageKit daemon, a package management abstraction layer used across multiple Linux distributions. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Access Control Basic Authentication Biometrics Certificate-Based Authentication Challenge-Handshake Authentication Protocol (CHAP) Digest Authentication Digital Certificate Discretionary Access Control (DAC) Escrow Passwords Finger You can skip this ad in 5 seconds

Related Articles

INFO Why access decisions are becoming the weakest link in identity security CSO Online INFO Securing non-human identities: automated revocation, OAuth, and scoped permissions Cloudflare Blog INFO Managed OAuth for Access: make internal apps agent-ready in one click Cloudflare Blog INFO Non-human identities now center of enterprise risk SC Media
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn