惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 三生石上(FineUI控件)
美团技术团队
Last Week in AI
Last Week in AI
WordPress大学
WordPress大学
L
LangChain Blog
雷峰网
雷峰网
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 叶小钗
Engineering at Meta
Engineering at Meta
腾讯CDC
Recent Announcements
Recent Announcements
The Register - Security
The Register - Security
有赞技术团队
有赞技术团队
Blog — PlanetScale
Blog — PlanetScale
博客园 - Franky
博客园 - 司徒正美
The Cloudflare Blog
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
C
Check Point Blog
小众软件
小众软件
V
Visual Studio Blog
V
V2EX
F
Full Disclosure
J
Java Code Geeks
MongoDB | Blog
MongoDB | Blog
罗磊的独立博客
人人都是产品经理
人人都是产品经理
量子位
Apple Machine Learning Research
Apple Machine Learning Research
F
Fortinet All Blogs
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 【当耐特】
博客园_首页
Y
Y Combinator Blog
N
Netflix TechBlog - Medium
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
Recorded Future
Recorded Future
G
Google Developers Blog
Vercel News
Vercel News
大猫的无限游戏
大猫的无限游戏
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
爱范儿
爱范儿
Jina AI
Jina AI

Cyber Daily News

Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ Report: AI-based data incidents on the rise in Australia WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July US Federal Reserve outlines AI's influence on the finance sector Exclusive: Major Australian jewellery brand confirms cyber incident Australian government establishes new Cyber Incident Review Board Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Over 1 in 2 firms have AI privacy concerns: Intuit Exclusive: Prime Properties listed as breach victim by M3rx ransomware Anthropic launches dedicated Claude Security platform to public beta DigiCert launches AI Trust architecture to secure agents, models, and content ‘Rebuilding the enterprise’: How CEOs are preparing for automation Op-Ed: Redefining performance in the AI-powered SOC Ukrainian official advocates for artificial intelligence, autonomous drones for battlefield deployment NZ council cyber attack leads to ID and financial data being exposed ‘Building confidence’: The key to effective AI implementation Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims US Department of War launches cyber-focused apprenticeship program CrowdStrike launches Project QuiltWorks to tackle skyrocketing AI-discovered vulnerabilities Australian government stands up new ‘tripartite forum’ to tackle AI challenges in the workforce Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations ANZ appoints its first chief AI officer Westpac appoints Chief AI Innovation Officer as part of technology push ADF strengthens skills as Cyber Command marks 2 years of operation Sri Lankan government hack sees $3.7m destined for Australia stolen Outsiders are already accessing Anthropic’s new AI model, but is Claude Mythos really that powerful? CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure AI adoption highest for finance and property SMEs, says NAB Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims Q&A: Quantum cryptography will be a “Y2k times 10 problem,” says DigiCert CEO PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC AI is helping young investors get into the property market Australia’s financial regulators are keeping a close eye on Mythos Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Your next car may be designed by AI Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Braclays warns that Mythos could prove a problem for larger banks with legacy systems Report: Data collection by school-backed apps in Australia is out of control and a risk to kids Kinetic IT appoints Kishore Jayaram in new chief transformation officer role Anthropic launches Claude Opus 4.7 as researchers reveal fake Claude installer spreading malware Australian Federal Court embraces AI in new practice note FOI docs reveal information commissioner’s concerns over Age Assurance Technology Trial Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway Op-Ed: Australia inspired the EU’s online age restrictions, now it’s time for us to learn from them National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Anthropic co-founder confirms Trump admin was informed about Mythos AI model European Commission’s new age verification app removes privacy risk of third-party data collection Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing CHROs must lead the AI transformation, AI CEO says Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities Kid stuff: Roblox to introduce safety improvements following Aus government warnings ADF joins international military exercise focused on cyber resilience and multi-domain operations The workforces impacted by the ‘AI axe’ OpenAI CEO’s home targeted in attempted drive-by just days after Molotov attack Report: Aussie youth increasingly turning to AI for mental health advice Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims Booking.com confirms cyber incident, customer reservation data potentially compromised Report: Majority of CISOs not ready for the next big cyber attack Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims AMP to ‘embrace’ AI as tech reshapes banking WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings Cyber war: Pro-Iranian hackers vow to fight on despite a fragile ceasefire with the US Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware Game on! Nationwide student competition aims to tackle Australia’s cyber skills gap Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation Atlassian’s Confluence gets a dose of AI as standard SaaS loses steam
The Industry Speaks, Part 1: World Password Day 2026
David Hollin · 2026-05-07 · via Cyber Daily News

World Password Day is a reminder that securing access to our digital lives is essential – but it’s only one piece of the broader data security picture.

Data is the lifeblood of today’s digital economy, growing rapidly in both volume and value across personal and enterprise environments. As attention shifts beyond access to how data is stored, protected and preserved, secure storage becomes a foundational layer of trust – ensuring information remains safe, accessible, and resilient over time.

Ultimately, there is no data security without secure storage. As data continues to grow in importance, so must our commitment to protecting it – so it remains available, recoverable, and secure when it matters most.


Charles Guillemet
CTO at Ledger

Passwords are a relic of a less adversarial internet. They were never built to withstand the scale and sophistication of today’s threats, and that gap is only widening. AI is fundamentally rewriting the economics of security: lowering the cost of attacks, industrialising phishing and social engineering, and making the internet more adversarial by design.

In this context, asymmetric-cryptography-based authentication, such as passkeys, is a meaningful step forward. They reduce human error and improve usability. But they still rely on trusted environments, smartphones and laptops, that remain vulnerable in a world where attackers are increasingly automated and adaptive.

What comes next is not just an evolution of authentication, it’s a paradigm shift. The account-based model that protects our secrets will give way to a model built on secure digital ownership, like Ledger’s, where users hold their own cryptographic keys securely and with sovereignty. In this world, wallets won’t just secure assets; they will become the primary interface for identity, authentication, and interaction online. You no longer log in; you connect. Your wallet becomes your identity. This is why wallets won’t simply replace passwords as a feature; they redefine the foundation of the internet itself: a model where trust is minimised, intermediaries are reduced, and users regain full control over both their digital value and identity.

Passkeys improve usability. Secure self-custody is the endgame, where security, identity, and ownership converge into a single, user-controlled system.


Darren Guccione
CEO & Co-Founder, Keeper Security

Every year, World Password Day generates the same conversation. And every year, attackers walk straight through the same open doors. Credentials remain the most exploited entry points in enterprise breaches – not because the risk is unknown, but because access is still not being controlled with the rigour the threat demands. A compromised password doesn’t just unlock an account. It hands an attacker a foothold for lateral movement, data exposure and, in many cases, full environment takeover.

Password strength alone is not the issue. The real exposure sits in how credentials are stored, shared and governed across users, systems and service accounts. This is where Privileged Access Management (PAM) becomes critical. Enforcing least privilege, rotating credentials, removing standing access and introducing visibility over how credentials are used changes the risk profile entirely.

Passkeys are gaining serious institutional momentum. The UK’s National Cyber Security Centre (NCSC) and US agencies, including CISA, are actively pushing phishing-resistant authentication aligned with FIDO standards – and adoption is already visible across public services. The direction is set. Even so, most organisations remain in hybrid environments where passwords persist. Governance does not disappear in that model. It expands to both passkeys and traditional passwords in parallel.

Strong passwords still matter. But without control over who can use them, when and under what conditions, they offer a false sense of security. Organisations that treat access as a one-time configuration rather than a continuously managed risk are not protected. The credential problem is solvable. What is lacking is the will to govern access with the same discipline we apply to every other critical business function.


Anne Cutler
VP Global Communications, at Keeper Security

Most people don’t think about their passwords until something goes wrong. By then, the damage is usually already done. A breached email does not just expose one account – when passwords or variations of passwords are reused, it opens everything attached to them: password resets, linked services, saved payment details, the list goes on. It unravels faster than you might expect.

What makes this so frustrating is how little effort it takes on the attacker's side. Credentials stolen from one platform get tested automatically across hundreds of others within seconds. And AI has made the front end of that process genuinely difficult to defend against. A phishing message, a fake login page, and impersonation are not crude scams anymore. They are convincing, personalised and increasingly automated.

The good news is that the defence is not complicated. A password manager eliminates the reuse problem entirely, giving each account a strong, unique credential – whether it’s a traditional password or a phishing-resistant passkey – that is generated and stored without you having to think about it. Paired with built-in multi-factor authentication, you remove the two entry points attackers rely on most.

The threats have gotten smarter. Fortunately, so have the tools.


Kevin Charest
Vice President of Cyber Governance Services at Netrio

World Password Day has been around for more than a decade, but in the last year, the conversation has shifted from stronger passwords to MFA, phishing resistance, and passkeys. While it probably should be renamed ‘World Passkey Day,’ the reality is that most people still use passwords for everything. Companies are also not using passkeys at scale, which means security tools are left to make up for the shortcomings of how people actually use passwords.

To this day, the single biggest issue remains password reuse. With so much breach and security incident data available, attackers often do not need to crack a password; they can take a known password and try it across multiple services and systems. Complexity rules do not fully solve the problem either. Users often just add a few required characters or move from “password123” to “password124”. Relying on user IDs and passwords as the primary form of security can be the downfall of many companies.

Until organisations can truly move away from passwords, MFA and detection tools must do more of the work. For SMBs and mid-market enterprises in particular, the challenge regarding passwords is especially tough. If they cannot afford to apply the highest level of security across the entire organisation – which in many cases is true, due to limited budget – they should at least identify critical roles and apply stronger controls in those areas. At a minimum, financial teams, employees sending or receiving money, and those handling sensitive data, intellectual property or the company’s “crown jewels” need a higher level of security.

However, in the end, the biggest hurdle is not always technology. Culture eats technology for breakfast. Asking users to carry a physical hardware device or adopt a new authentication process can create resistance. At its core, change management is difficult, but necessary. Passwords are still the game for most users, and until that changes, companies need to treat password behaviour as a foundational security gap that must be actively managed.


Mohammed Khan
Strategic Engagement Lead at HP

World Password Day is a timely reminder for Australian businesses that the case for strong password hygiene and identity security has never been more compelling.

HP’s latest Threat Insights Report shows attackers are increasingly using AI to scale low-effort, modular campaigns that can bypass traditional defences. These aren’t always sophisticated attacks, but they are often effective. They highlight a shift in the threat landscape where speed and volume can outweigh complexity.

We’re seeing techniques like “vibe-hacking” scripts and reusable malware components, allowing attackers to rapidly build and adapt campaigns – including credential harvesting and account compromise. The reality is that even basic attacks can have a significant impact if organisations aren’t ready to respond.

This is why strong password practices and identity protection are critical. When threats target user credentials, simple steps like using unique passwords, enabling multi-factor authentication, and adopting password managers can significantly reduce risk.

At HP, we believe organisations need to rethink security with a focus on reducing exposure – protecting identities, isolating high-risk activities, and building resilience from the hardware up.

World Password Day should serve as a call to action: strengthen your password practices, secure your identities, and ensure your organisation is prepared for evolving threats.


Munu Gandhi
President, Xerox IT Solutions and Chief Technology Officer, at Xerox

World Password Day reinforces a simple reality: identity is the control point in modern cybersecurity.

At Xerox IT Solutions, we apply a Zero Trust model where every access request is continuously validated using adaptive authentication. The focus is not more controls - it’s smarter, contextual access that reduces risk while enabling speed.

Organisations that build integrated identity frameworks will be better positioned to protect operations, earn client trust, and move with confidence in an increasingly distributed, AI-driven world.


Doug Kersten
CISO of Appfire

World Password Day reminds us that passwords are still one of the most common ways attackers gain access to systems, and the most common ways to protect information. Password risk doesn’t usually come from a single weak password; it comes from how those credentials are used across an organisation. Employees reuse the same passwords across systems, share access to move work forward, or connect them to new tools that aren’t centrally tracked. Over time, no one has a complete view of where access exists or who owns it.

That lack of visibility is exactly what attackers take advantage of. AI is making phishing emails, messages, and even voice calls more convincing, which increases the chances that someone could unknowingly give up a password that can be used across multiple systems. Password risk lies within everything that password connects to. The priority now is to reduce how often passwords are used, limit where they can be used, and ensure every system and account has clear ownership. This includes using multi-factor authentication, where you need a password and something you know, have, or are to increase the level of difficulty needed to compromise your accounts. When organisations have consistent visibility and control over access – alongside clear governance around how tools and credentials are used – a compromised password is far less likely to lead to a broader security issue.


Kevin Higgins
Senior consultant at Optiv

World Password Day is no longer just about protecting people. It’s now also about protecting machines. As machine-to-machine communication accelerates, strong, frequently rotated credentials are essential to ensure trusted systems don’t execute malicious or compromised instructions.

The challenge, however, is that many organisations still rely on static credentials. Long-lived API keys and persistent service account passwords create machine credentials with unlimited replay value. When credentials become permanent, compromise becomes persistent. If these credentials leak through logs, configuration files, AI, or repositories, attackers can impersonate trusted systems for extended periods without triggering the authentication signals typically associated with human access.

Modern security requires a shift to short-lived, cryptographic identities, where every workload proves what it is through mechanisms like mutual TLS authentication and temporary identity tokens. This ensures every interaction is verifiable and resilient by design.

The future of cybersecurity will be defined by how effectively we secure the machines that now act on our behalf, and passwords continue to play an important role in the evolving security journey.


Jack Cherkas
Global CISO at Syntax

World Password Day 2026 brings the usual advice for passwords: longer, unique, never reused. That is no longer enough. Passwords are only one of many credentials now under AI-powered attack. Generative AI has industrialised credential attacks: phishing lures that defeat traditional user training, voice clones that pass help-desk identity checks, and credential stuffing at an industrial scale.

Credentials remain one of the top initial access vectors year after year, and non-human identities, from AI agents to service accounts, are multiplying, each one holding credentials, each one a potential blast radius. When the next breach arrives, "we didn't know who or what had access" will not be acceptable as a defence.

The fix is not novel. For organisations: phishing-resistant multi-factor authentication (MFA) and passkeys, single sign-on wired into a disciplined joiner-mover-leaver process, vaulted privileged access, and scoped, logged, revocable credentials for every non-human identity, AI agents included, never a shared service account. For individuals: a password manager, unique passwords or passkeys, and MFA on every account. The password era is ending, the credential era is not. Most breaches still begin with a credential someone forgot to protect, revoke, rotate, or retire.

The organisations and individuals that master that unglamorous work are the ones that stay resilient when the next AI-powered attack lands.


Jason Pearce
Field CTO APJ at Claroty

World Password Day is a timely reminder that despite years of warnings, 'admin/admin' remains the skeleton key to the world’s most critical infrastructure. Shockingly, many important systems are still protected by these weak, unchanged default logins. In the realm of Cyber-Physical Systems (CPS), weak or default passwords aren’t just a digital vulnerability – they are a direct threat to physical safety and operational uptime. As organisations continue to bridge the gap between IT and OT systems without the proper security in place, they are essentially leaving the front door unlocked to our power plants, water systems, and hospitals for any adversary with a basic search engine and a bit of persistence.

To shut this door, organisations must move past manual password management and embrace automated exposure management instead. Humans cannot feasibly manage hundreds or thousands of passwords at once – in many cases, humans can't even identify every single device that exists on their network. Therefore, any good exposure management program must start with having total visibility into every connected asset across the XIoT. This should be followed by implementing secure access controls that 'wrap' legacy systems in modern security layers like Multi-Factor Authentication (MFA). On this World Password Day, the goal shouldn't simply be "have better passwords". Instead, organisations should aim for a zero-trust architecture that ensures a single compromised credential can't take down an entire production line, a power grid or a health care facility.


Tomer Bar
Associate VP of Security Research at Semperis

Passwords have a terrible reputation, but that’s not really the password’s fault. It’s ours. Most of the risk comes from human limitations and predictable behaviour. The comforting myth is, "if the number of possible combinations for a 10-character password using lowercase letters, uppercase letters, digits, and special characters is enormous, then the password must be safe". The total search space is in the order of tens of quintillions of combinations. Even if an attacker can test one billion guesses per second, it would take roughly 1,700 years to exhaust the entire space with a pure brute-force attack.

On paper, that looks great. It’s misleading – because very few people choose random 10-character passwords. Humans tend to fall back on predictable patterns: a capital letter first, followed by one or more lowercase letters, then one to four digits (often a year), and finally a single special character at the end.

Advanced attackers know this. They don’t brute-force the entire key space; they brute-force your habits, making it much quicker to guess. If you keep using passwords, the best practice is to stop letting humans design them. Use a password manager to generate and store long, truly random passwords (20+ characters) and never reuse them; turn on MFA wherever possible so stolen passwords are far less useful; and for the few passwords you must remember, use long, unique passphrases made of random words instead of lyrics, quotes or clever patterns. The goal is to make attacking you so difficult and unprofitable that attackers move on to easier targets.


Robb Reck
Chief Information, Trust, and Security Officer at Pax8

For most small and mid-sized businesses, the password is still the front door. After years of breaches, credential stuffing, and cheap compute power, that door is effectively unlocked.

MSPs exist to close that gap. Helping customers eliminate account takeover risk is one of the highest-leverage moves in the SMB security stack.

World Password Day is a reminder to act on the basics. Microsoft's data is unambiguous: over 99.9 per cent of compromised accounts had no MFA. Turning it on is the single highest-impact control an SMB can implement today. Longer term, FIDO-based passkeys remove the password attack surface entirely by eliminating passwords from the equation.

The path is straightforward: unique credentials and MFA now, passwordless tomorrow. SMBs don't need enterprise budgets. They need an MSP with a repeatable playbook and the will to enforce it.


Nick Nigro
VP Sales, Reolink Australasia

As we mark World Password Day, it’s worth remembering that passwords are fundamental to our digital safety. With recent reports showing Australia logged 1.1 million leaked accounts in Q1 2026 alone, it’s clear that safeguarding our personal data has never been more critical.

At Reolink, we believe your security system should be safe from the moment you plug it in. That’s why we support the Australian Government's recent mandate to remove universal default passwords across consumer smart devices. Instead of relying on risky factory defaults, we have our users create their own unique passwords right from the setup.

Managing multiple logins can feel like a chore, but basic habits drastically improve your digital safety. Since longer equals stronger, always use at least ten characters. Avoid real words, obvious names, and birthdays; instead, rely on random combinations of letters, numbers, and symbols to stop bad actors. If tracking these complex codes seems daunting, a password manager can securely generate and store them for you. Finally, always enable two-factor authentication (2FA). While it might require an extra step at login, that unique code sent to your phone provides a massive, necessary layer of defence.

Ultimately, the motivation for using strong, unique passwords is the exact same reason we use home security systems: safety, protection, and peace of mind.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.