Apono

The Shai-Hulud worm is back — and this new wave is more aggressive than anything we saw earlier this year. What’s new this time: • Over 800 npm packages and tens of thousands of GitHub repos infected • Uses the Bun runtime to dodge detection • If it can’t steal your tokens, it now wipes your home directory • Creates random GitHub repos to exfiltrate secrets at scale This variant is spreading fast through critical dependencies like AsyncAPI, Postman, Zapier, and ENS — right before npm’s token changes go live. The pattern is the same as past supply-chain attacks: stolen tokens + vulnerable workflows + standing elevated permissions = cascading compromise. In our recent article, we broke down how JIT access and eliminating standing privileges can stop attacks like Shai-Hulud from spreading through GitHub orgs and CI/CD pipelines. If you want the deeper breakdown (and how to blunt this wave), check out my earlier post on the first Shai-Hulud and Nx/S1ngularity attacks. Here's the link: https://lnkd.in/gyV822St

🚨 $862K Insider Attack Shows Why Standing Privileges Are Still the Weakest Link A newly unsealed case reveals how a fired contractor re-entered his former employer’s network, impersonated another worker, reset 2,500 passwords, and triggered $862,000+ in damage — all because overly broad access made it possible. No malware. No exploit. Just permissions that should never have existed. Our latest breakdown covers: 🔹 How the attack unfolded 🔹 Why insiders remain a growing threat (now accounting for ~18% of incidents) 🔹 The role of standing access in enabling large-scale internal damage 🔹 How Zero Standing Privileges (ZSP) and JIT access can prevent this exact scenario This incident wasn’t sophisticated → it was avoidable. If insider risk, credential misuse, or privileged access sprawl is on your mind, this is worth the read. 👉 Full analysis: https://lnkd.in/g5wzzq2E And if you want a structured way to evaluate stronger guardrails: 📘 Download the Privileged Access Buyer Guide + RFP Checklist: https://lnkd.in/gWYeeKAR Your blueprint for comparing modern ZSP-ready platforms and identifying gaps in your access model.

⏰ 1 week until AWS re:Invent 2025! Apono recently announced a $34M Series B, and we’re bringing our biggest product updates yet to Las Vegas. If you want to see how modern Cloud PAM eliminates standing privileges and secures humans, NHIs, and AI agents, now’s the time to lock in your meeting. 🎧 Pre-book a 1:1 with our team and get Apple AirPods onsite. 📍 Booth #1228 | Dec 1–5 👉Book a meeting now: https://lnkd.in/epmckh8a

🚨 Cloudflare’s Global Outage Had No Attacker Behind It — Just One Permissions Change Last week’s Cloudflare incident is a reminder that not every major outage starts with a breach. Sometimes, standing privileges alone are enough to take down production. A single permissions change triggered a cascading failure across Cloudflare’s global network — no malware, no compromised account, just overly broad access with unintended impact. Here’s the real takeaway: 🔒 Standing access isn’t just a security risk 👉 it’s an operational risk. When humans or NHIs can modify sensitive systems by default, one routine change can ripple far beyond expectations. In our latest breakdown, we cover: ⚡ How the outage unfolded ⚡ Why “as-designed” permissions still caused global failure ⚡ How Zero Standing Privileges reduces both breach AND outage risk ⚡ How JIT access guardrails can prevent this exact class of incident If Cloudflare’s outage made you rethink your own privilege model, this will help: 📋Read the full analysis: https://lnkd.in/gQMupH7C And if you want to see where your own standing privileges may be putting you at risk: 📋 Download the Standing Privilege Risk Checklist A quick way to benchmark your exposure and identify high-impact fixes.

🚀 New from Apono: Instantly surface access data with our Admin MCP Server Admins shouldn’t need to dig through APIs, spreadsheets, or dashboards just to answer questions like: 🔍 “Who has access to prod?” 🔍 “Which flows include this user?” 🔍 “What MFA or approval rules are applied?” Today, we’re changing that. Our new Apono Admin MCP Server brings real-time access intelligence directly into tools like Claude, Cursor, GitHub Copilot, Slack, Teams, and Amazon Q — all through natural language. Ask a question → get a structured, auditable answer in seconds. ✨ Perfect for: • Fast compliance evidence • Troubleshooting access issues • Rightsizing & governance reviews • Understanding flows, bundles, scopes, MFA paths, and more If you’re responsible for access, governance, or cloud security… this is a big one. 👉 Read the full announcement: https://lnkd.in/gFntr8Z2

🚀 Apono Raises $34M Series B to Redefine Privileged Access for the Agentic Era We’re excited to announce our $34M Series B funding round led by U.S. Venture Partners, with participation from Swisscom Ventures, Vertex Ventures, 33N Ventures and existing investors — bringing our total funding to more than $54M. As enterprises accelerate the adoption of cloud and AI-driven systems, identity security has become a foundational challenge. Apono solves this by redefining privileged access, eliminating standing privileges, and delivering dynamic, just-in-time, just-enough access powered by real-time context and policy automation. Global organizations, including Intel Developer, Hewlett Packard Enterprise and monday.com rely on Apono to secure access across hybrid and multi-cloud environments. This funding will fuel: 🔹 Expansion of AI-powered access intelligence 🔹 Growth in U.S. and international markets 🔹 Scaling of our engineering and GTM teams 🔹 Continued leadership in securing access to resources for every identity Thank you to our customers, investors, partners, and the incredible Apono team. We’re just getting started! 👉 Read the full announcement: https://lnkd.in/gXzpnU92

🚀 Announcement for Security & DevOps Leaders Planning 2026 PAM Refresh If you’re evaluating or planning to replace your Privileged Access Management (PAM) solution in 2026… this is where to start. We just released the Access Platform Buyer’s Guide + Enterprise RFP Checklist — built from real-world criteria used by CISOs, Cloud Security Architects, and DevSecOps teams modernizing access for the cloud & AI era. Inside, you’ll find: 🔹 Side-by-side vendor comparisons 🔹 What truly separates Cloud PAM from legacy vault-based tools 🔹 Evaluation criteria for scale, automation, and NHI governance 🔹 A ready-to-use, enterprise-validated RFP checklist Before you shortlist vendors for 2026, get the complete toolkit to evaluate them with confidence. 📘 Download the Buyer’s Guide + RFP Checklist : https://lnkd.in/emEEEqxF

🚀 Apono is heading to AWS re:Invent 2025! We’ll be in Las Vegas all week showing how Apono helps security and DevOps teams secure every identity — human, non-human, and agentic AI. If you’re attending, come by Booth #1228 or book a quick 1:1 with us to see how Apono eliminates standing privileges, automates Just-in-Time access, and simplifies cloud governance all without slowing developers down. 🎧 Bonus: Pre-book your meeting and get a free pair of Apple AirPods when you meet us onsite! 👉 Book your meeting here - https://lnkd.in/eDkY9M_z See you in Vegas!

🚨 🚨 Ransomware operators are getting smarter and faster. The latest campaign, Cephalus, is turning stolen RDP credentials into instant ransomware entry points. Once inside, attackers move laterally, disable backups, and encrypt entire systems often within hours. What makes this campaign especially dangerous is how legitimate it looks: 🟡 Valid credentials → bypass MFA gaps 🟡 Normal RDP behavior → evades detection 🟡 Admin privileges → complete control Defenders can fight back by: ✅ Removing direct RDP exposure (use gateways or brokers) ✅ Enforcing MFA and strong password hygiene ✅ Shifting to Just-in-Time (JIT) and Just-Enough Privilege (JEP) access ✅ Monitoring for abnormal RDP activity and backup interference Credential-based ransomware thrives on standing access. Eliminate it and you eliminate the attacker’s easiest path in. Read the full breakdown: https://lnkd.in/gVfM9cSc

🚨 New Blog: TruffleNet Weaponizes Stolen Credentials to Target AWS Attackers are getting smarter - and faster. Recent research from Fortinet reveals a wave of intrusions into AWS environments where hackers are weaponizing IAM itself. Using a network dubbed “#TruffleNet”, attackers are testing stolen credentials with the open-source TruffleHog tool, turning AWS identity controls into a launchpad for abuse. Once inside, they exploit AWS Simple Email Service (SES) for downstream Business Email Compromise (BEC) attacks - proving again that compromised identities are the entry point to much larger breaches. 💡 This incident reinforces a crucial truth: Even valid credentials can’t be trusted when standing access exists. At Apono, we help organizations close this gap with: ✅ Just-in-Time (JIT) access: eliminating standing privileges attackers can exploit ✅ Just-Enough (JEP) privilege: continuously rightsizing permissions ✅ Access Flow Deny Policies: quarantining risky privileges safely and reversibly 🔗Read the full breakdown and see how Zero Standing Privilege (ZSP) helps prevent credential-based attacks: 👉 https://lnkd.in/gaa6PXjS