John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Two weeks ago we wrote about critical auth bypasses hitting Cisco, GitHub, and Palo Alto at the same time. We called it a pattern worth watching. This week confirmed it is a trend, not a coincidence.
Look, four separate authentication failures landed in rapid succession. We are talking about a re-patched NTLM zero-day that APT28 was already using, a cPanel auth bypass with 44,000 IPs actively exploiting it, a GitHub Enterprise RCE you can trigger with a single git push, and a logic flaw in Microsoft Entra ID that lets an attacker hijack your entire cloud identity. Different vendors, same problem: the systems we trust to verify who you are keep getting it catastrophically wrong.
Here is the thing. Authentication is supposed to be the last line of defense. You can have misconfigurations or exposed services, but if your identity layer holds, the damage stays contained. This week showed that the identity layer itself is the new attack surface. NTLM hash theft via folder browsing, admin panels skipping checks, and code execution on a simple push are failures specifically at the point where a system decides who it trusts. Authentication complexity has grown faster than our ability to audit it, and the hackers figured that out before we did.
Check out the full breakdown of these critical identity failures