API Sprawl: The Attack Surface Nobody on Your Team Owns
API exploitation became a primary initial access vector in 2025 and has accelerated through Q1 2026. The mechanics are familiar — broken authentication, excessive data exposure, business logic flaws — but the organisational problem is newer. Most enterprises do not have a single team that owns API security, which is why API sprawl continues unchecked.
Beyond MFA: Why Session Hijacking Is the Threat You’re Not Defending Against
The story of the last decade in identity security was the deployment of multi-factor authentication. The story of the last 18 months has been the systematic defeat of MFA at scale, by attackers using techniques that bypass the authentication layer entirely. Here is what is happening, and what works against it.