Silverfort

Security researcher Eliran Partush discovered CVE-2025-60704, a Windows Kerberos elevation of privilege condition that emerges from multiple validation flaws across S4U2Self and S4U2Proxy flows. Kerberos has been trusted for decades as the backbone of enterprise authentication, but Eliran was able to manipulate fields that are intended to be protected including the identity of the impersonated user: 🎙️ "One very confusing 𝗰𝗵𝗲𝗰𝗸𝘀𝘂𝗺 paragraph later, I found myself deep in Kerberos internals, eventually discovering a way to manipulate the impersonation flow and influence which user Kerberos thinks you are." In his technical whitepaper, Eliran offers a deep dive into his research and unpacks: 💡 How Microsoft implements Kerberos delegation extensions 💡 Steps that led to discovering CVE-2025-60704 💡 Real-world examples of how the vulnerability could be abused 💡 The big-picture impact on your Identity Security posture mitigation recommendations Read it now: https://lnkd.in/geNcQ4px #Kerberos #ActiveDirectory #IdentitySecurity #MicrosoftAuthentication

🦞 Clawdbot, Moltbot, OpenClaw... whatever you call it, this clever lobster has led to a fresh wave of interest in AI agents for the developer and security communities. Not only does it operate locally on the machine where it’s installed, but it can connect to cloud-based models, creating a hybrid system that’s neither fully on-device nor fully centralized. Is this the next evolution of AI agents? Today, it’s OpenClaw. Tomorrow, it’s a hybrid AI agent designed for non-technical teams. The question is: 𝗛𝗼𝘄 𝗱𝗼 𝗖𝗜𝗦𝗢𝘀 𝗯𝘂𝗶𝗹𝗱 𝗮𝗻 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗳𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸 𝘁𝗵𝗮𝘁 𝗵𝗲𝗹𝗽𝘀 𝘁𝗵𝗲𝗺 𝗮𝘃𝗼𝗶𝗱 𝗮 “𝘄𝗵𝗮𝗰𝗸-𝗮-𝗺𝗼𝗹𝗲” 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼 𝗲𝘃𝗲𝗿𝘆 𝘁𝗶𝗺𝗲 𝗮 𝗻𝗲𝘄 𝗔𝗜 𝗮𝗴𝗲𝗻𝘁 𝗴𝗼𝗲𝘀 𝘃𝗶𝗿𝗮𝗹? In this LinkedIn Live, our AI experts get together to discuss how an identity-first security strategy can future-proof organizations from security risks posed by AI agents. This session is designed for CISOs and security leaders who want to understand: 🤖 Why AI agents aren’t humans or machines, but a new class of identity altogether (and why it matters) 🤖 The Identity Security implications of a tool like OpenClaw 🤖 Strategies to minimize AI Agent Security risks for all identities in your organization Speakers include: 🎤 Yaron Kassner, CTO & Co-founder, Silverfort 🎤 Abbas Kudrati, Chief Identity Security Advisor, Silverfort, and Former Chief Cybersecurity Advisor, Microsoft 🎤 Ben Goodman 🇺🇦, VP of Strategic Alliances and Corporate Development, Silverfort RSVP by clicking the event below 👇

Welcome to Silverfort Joseph Schramm, our new Vice President of Global Channel! 👏 In his role, Joe will lead Silverfort’s global channel strategy and deepen engagement with strategic solution providers, global systems integrators (GSIs), specialized identity consultancies, incident response firms, and cyber insurance ecosystems as enterprises elevate Identity Security as a core risk control. With 25+ years of experiences leading alliances and channel, including nearly a decade focused on identity, Joe will strengthen and expand Silverfort's existing ecosystem and focus on strategic channel priorities. 🎤 In his own words: "Partners need solutions that work across hybrid environments and make an impact fast, especially as customers face pressure from insurers and regulators. With Silverfort, partners can close identity gaps faster and play a more strategic role in their customers’ security posture." We're thrilled to have you on the team, Joe! 👋 Read more about his plans and priorities for our global channel strategy: https://lnkd.in/gu9y64jM #PartnerEcosystem #IncidentResponse #TechnologyPartnerships #IdentitySecurity #CyberInsurance

Welcome back to the 3-part series brought to you by the Identity Security Alliance, "𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻𝘀 𝗱𝗼𝗻𝗲 𝗿𝗶𝗴𝗵𝘁" ✅ Last week, we covered extending IdP MFA to on-prem using the Silverfort Bridge, and in part two it's all about Identity Security meets SIEM & SOAR 👋 In the video below, Director of Solution Architecture, Technology Alliances Frank Gasparovic explains: 🔍 How to centralize identity-related insights into the platforms your SOC team already uses to conduct investigations 📈 Why identity-first context enriches SIEM alerts to improve detection accuracy and investigation speed 🔄 How to integrate Silverfort's pre-packaged SIEM content—without any custom log engineering or mapping required Learn more about how to bring identity-first context to your SOC: https://lnkd.in/gxdGUQ93 #SecurityOperations #SIEM #SOAR #ThreatInvestigation #ITDR

77% of organizations use over 9 different workforce identity tools and technologies... is your company one of them? 👀 Don't add a bunch more to your already-towering identity stack. Instead, discover how a security-first, single-platform solution fits your environment and future-proofs your strategy. 𝗜𝗻 𝗧𝗵𝗲 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗕𝘂𝘆𝗲𝗿'𝘀 𝗚𝘂𝗶𝗱𝗲 𝗮𝗻𝗱 𝗥𝗙𝗣 𝗖𝗵𝗲𝗰𝗸𝗹𝗶𝘀𝘁, 𝘆𝗼𝘂'𝗹𝗹 𝘀𝗲𝗲: ✅ What good Identity Security actually looks like ✅ Red (and green) flags to watch out for in vendor conversations ✅ A jargon-free breakdown of capabilities that impact risk ✅ A ready-to-print RFP checklist that makes comparisons easy ✅ Tips to keep your Identity, SecOps, and architecture teams aligned Get your guide now: https://lnkd.in/gNZAAv3F #IdentitySecurity #CybersecuritySolutions #IAM #NHISecurity #MFA

What if your login journey could change course the moment a risk shows up? With the Silverfort x Ping Identity integration, we found a way. Our shared customers who install Silverfort Journey Nodes can experience seamless risk exchange between Silverfort and Ping Access Management or Advanced Identity Cloud. The integration enables authentication and registration flows to adapt dynamically based on a user’s current risk posture in your on-premise and cloud identity providers 🔁 𝗪𝗵𝗮𝘁 𝗮𝗿𝗲 𝘁𝗵𝗲 𝗦𝗶𝗹𝘃𝗲𝗿𝗳𝗼𝗿𝘁 𝗝𝗼𝘂𝗿𝗻𝗲𝘆 𝗡𝗼𝗱𝗲𝘀?  𝟭. 𝗦𝗶𝗹𝘃𝗲𝗿𝗳𝗼𝗿𝘁 𝗥𝗶𝘀𝗸 𝗡𝗼𝗱𝗲: Retrieves a user’s current Silverfort risk level and places it in a shared state for downstream evaluation.  𝟮. 𝗦𝗶𝗹𝘃𝗲𝗿𝗳𝗼𝗿𝘁 𝗨𝗽𝗱𝗮𝘁𝗲 𝗥𝗶𝘀𝗸 𝗡𝗼𝗱𝗲: Reads a risk value from shared state and updates the corresponding user’s risk level in Silverfort. Bottom line: ✅ Adaptive risk intelligence meets authentication ✅ Maintain consistent security posture across systems ✅ Extend MFA everywhere without requiring agents or proxies, or modifying protected assets Now available on the PingOne Marketplace: https://lnkd.in/giyEChWa #Authentication #MFA #CyberRiskManagement

We're exploring what it 𝘳𝘦𝘢𝘭𝘭𝘺 takes to make identity-first integrations succeed in cybersecurity with our new 3-part series brought to you by the Identity Security Alliance: "𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻𝘀 𝗱𝗼𝗻𝗲 𝗿𝗶𝗴𝗵𝘁" ✅ In this first video with Frank Gasparovic, Director of Solution Architecture, Technology Alliances, he unpacks how IdP integrations extend MFA to on-prem authentications using the Silverfort Bridge. Watch below to find out: 🤝 How the Silverfort Bridge transforms the way enterprises authenticate in a hybrid infrastructure reality ⬇️ Strategies to reduce MFA friction without disrupting your current authentication flows 🪜 Steps to set up an IdP integration in Silverfort's Identity Security Platform 𝗕𝗲 𝘀𝘂𝗿𝗲 𝘁𝗼 𝗙𝗢𝗟𝗟𝗢𝗪 𝗦𝗶𝗹𝘃𝗲𝗿𝗳𝗼𝗿𝘁 𝗮𝗻𝗱 𝗵𝗶𝘁 𝘁𝗵𝗲 𝗟𝗜𝗞𝗘 𝗯𝘂𝘁𝘁𝗼𝗻 𝘀𝗼 𝘆𝗼𝘂 𝗱𝗼𝗻'𝘁 𝗺𝗶𝘀𝘀 𝗮𝗻𝘆 𝘃𝗶𝗱𝗲𝗼𝘀 𝗶𝗻 𝘁𝗵𝗲 𝘀𝗲𝗿𝗶𝗲𝘀—up next we have: 🔄 Enhancing detection & response through SIEM/SOAR integrations 🔄 Strengthening identity-to-endpoint defense with EDR/XDR integrations #IdentitySecurity #Cybersecurity #TechIntegrations #SIEM #IdP

"Just 2.6% of executives feel 'very prepared' for AI-based threats," according to survey data from The Identity Underground Annual Pulse 2026 📊 At the same time, the survey also reveals that 54% of executives cite AI-enhanced threats as their primary concern this year. This gap in preparedness versus priority signals a shift in enterprise Identity Security: Even while organizations continue to confront age-old attack techniques like credential stuffing and password spraying, they're simultaneously planning for the new class of threats rapidly gaining momentum. 📖 Learn more about the threat perception and preparedness divide and how CISOs are addressing it now: https://lnkd.in/gsHwPt9N #AISecurity #AIThreats #AIAgents #CISO

To the developer and cybersecurity communities, "claws" and "lobsters" have taken on new meaning in the last week 🦞 Moltbot is an open source, local AI agent that first captured the attention of developers and quickly spread far beyond them. It's called a "bot," but that label understates what it can do ⬇️ As VP of Identity Security Strategy Roy Akerman puts it: "Bots respond. Moltbot plans, reasons, and acts." It reasons like a cloud service and behaves like a local user, operating without a central control plane. This not only makes it agentic AI, but also a hybrid identity starting from a place of clear human guidance but capable of drifting somewhere new—detaching from the owner over time. If you're a CISO or security leader in your organization, read Roy's blog to learn about the nature of Moltbot's hybrid identity and how to secure it: https://lnkd.in/gpW5jwnA #Moltbot #Clawdbot #DeveloperSecurity #CISO