Skip to main content
Vol. I · No. 1

The Identity at the Core

The Definitive Chronicle of Identity & Access Management

Breach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO productsBreach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO products

BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpoint

CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediately

BREACH: European fintech platform leaks OAuth tokens affecting 890K users

Topic

Zero Trust

Stop trusting the network. Start verifying every identity, every request, every time.

Zero Trust is the security model in which no user, device, or workload is trusted by default — every request is authenticated, authorized, and continuously evaluated against current context (identity, device posture, location, behavior). NIST SP 800-207 codified the principles in 2020; CISA and the U.S. federal government have adopted it as the baseline for federal security since 2022.

Identity is the cornerstone. A Zero Trust architecture without strong identity governance, phishing-resistant authentication, and just-in-time privilege is just network segmentation with extra steps. The hardest parts in practice are the identity ones: closing standing access, eliminating service-account sprawl, instrumenting risk signals into authorization decisions, and getting MFA right for the long tail of legacy applications.

This page tracks our reporting on Zero Trust at the identity layer — implementation patterns, audit findings, breach post-mortems, and vendor-neutral guidance.

Coverage

No posts yet under this topic.

We're writing. In the meantime, follow our breach feed or CVE dashboard for live intelligence.

Related topics