Unit 42: Nearly two-thirds of breaches now start with identity abuse | CyberScoop<\/title> <meta name=\"description\" content=\"The persistent pitfalls of identity extended beyond initial access, with an identity-related element playing a critical role in nearly 90% of all incidents last year.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/attackers-abuse-identity-unit42-palo-alto-networks-incident-response-report\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Unit 42: Nearly two-thirds of breaches now start with identity abuse\"> <meta property=\"og:description\" content=\"The persistent pitfalls of identity extended beyond initial access, with an identity-related element playing a critical role in nearly 90% of all incidents last year.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/attackers-abuse-identity-unit42-palo-alto-networks-incident-response-report\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-02-17T11:00:00+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg\"> <meta property=\"og:image:width\" content=\"2875\"> <meta property=\"og:image:height\" content=\"1617\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1770142553g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1770755286g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87791\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87791\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fattackers-abuse-identity-unit42-palo-alto-networks-incident-response-report%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fattackers-abuse-identity-unit42-palo-alto-networks-incident-response-report%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87791 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/attackers-abuse-identity-unit42-palo-alto-networks-incident-response-report\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.44\">\n<div class=\"single-article__header-content\" readability=\"34.533936651584\">\n<p> Palo Alto Network\u2019s incident response firm said identity-based attacks are exploding as poor security controls stretch across a widening mosaic of integrated tools and systems. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87791\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg 2875w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg?resize=2048,1152 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-2.jpg?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> (Getty) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"55.332129963899\"><body readability=\"114.81441624365\"><\/p>\n<p>Identity is still the primary entry point for cyberattacks, according to Palo Alto Networks\u2019 threat intelligence firm Unit 42. In its <a href=\"https:\/\/www.paloaltonetworks.com\/resources\/research\/unit-42-incident-response-report\">annual incident response report<\/a> released Tuesday, Unit 42 found that identity-based techniques accounted for nearly two-thirds of all initial network intrusions last year. <\/p>\n<p><a href=\"https:\/\/cyberscoop.com\/tag\/social-engineering\/\">Social engineering<\/a> was the leading attack method, accounting for one-third of the 750 incidents Unit 42 responded to in the one-year period ending in September 2025. Attackers also bypassed security controls with compromised credentials, brute-force attacks, overly permissive identity policies and insider threats, researchers said.<\/p>\n<p>The persistent pitfalls of <a href=\"https:\/\/cyberscoop.com\/tag\/identity\/\">identity<\/a> extended beyond initial access, with an identity-related element playing a critical role in nearly 90% of all incidents last year. Unit 42\u2019s report highlights the explosive impact of identity abuse, and pins much of the problem on poor security controls and misconfigurations across interconnected tools and systems.<\/p>\n<p>\u201cAcross the attack lifecycle, the biggest thing is that once you have an identity, you\u2019ve got everything, you\u2019ve got the key and you\u2019re in,\u201d Sam Rubin, senior vice president of consulting and threat intelligence at Unit 42, told CyberScoop. \u201cFrom a defense standpoint, enterprises are still not very good at finding the signal in the noise, essentially the detection when an identity-based tactic is used because there isn\u2019t unauthorized access per se from a technical telemetry standpoint, and it becomes a harder detection mechanism.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Vulnerability exploits, an ever-moving target, were still prolific and accounted for 22% of initial intrusions across attacks, but humans remain the weakest link, Rubin said. <\/p>\n<p>The rise of machine-based identities and AI agents, which require an identity to take action, is expanding the attack surface for cybercriminals. Identity challenges are manifesting in the software supply chain as well, as API access and SaaS integrations become another weak link and way in for attackers if control keys aren\u2019t properly controlled.<\/p>\n<p>An <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-compromise-scope-expands\/\">attack on Salesloft Drift customers<\/a> last summer highlighted how tightly integrated services can unravel and expose victims that are multiple layers removed from the vendor. More than 700 organizations were impacted directly, but Salesloft Drift\u2019s integrations with dozens of third-party tools opened many additional paths of potential compromise. <\/p>\n<p>More broadly, attackers are jumping from branch offices into a victims\u2019 headquarters or data centers because too many accounts remain over permissioned and cloud-based accounts are established with too much privilege or a lack of segmentation, Rubin said. <\/p>\n<p>These gaps allow threat groups to turn break-ins into significant attacks. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe just see this time and again that there could have been better identity-based practices that would have constrained the blast radius, even if it didn\u2019t stop the initial access,\u201d Rubin said. <\/p>\n<p>\u201cIt\u2019s a problem of signal and noise,\u201d he added. \u201cThink about a global enterprise and all of this authenticated, legitimate activity happening every day. How do you see and identify the one instance where a user is already authenticated but doing something that they shouldn\u2019t do?\u201d<\/p>\n<p>Large and older organizations are at a greater disadvantage, Rubin said. Over time, their technology stacks have evolved to include legacy systems acquired through various business deals. This leaves IT teams managing a patchwork of disparate systems that are poorly integrated, creating significant security vulnerabilities. <\/p>\n<p>\u201cWe forgot as defenders to consider the entire attack chain, because too often we see the defense happens in silos,\u201d Rubin said, adding that attacks that pivot from endpoints to cloud-based services are commonly missed. <\/p>\n<p>Each of those jumps gives defenders a chance to thwart attacks. Nearly 90% of the attacks Unit 42 investigated last year involved malicious activity across multiple attack surfaces.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Financially motivated attacks accounted for most of the 750 incidents Unit 42 responded to last year. Unit 42 did not say how many of those attacks resulted in payments, but it said median payments increased 87% year-over-year to $500,000 last year. <\/p>\n<p>Attackers continue to pick up speed as well, exfiltrating data from victim networks under a median duration of two days. Attackers stole data in under one hour in 22% of the attacks Unit 42 responded to last year. <\/p>\n<p>Unit 42\u2019s annual look-back spotlights critical areas of concern and attack trends that continue to take root, yet it\u2019s not comprehensive. The report\u2019s visibility is limited to incidents that went from bad to worse and prompted victims to seek help from Unit 42. <\/p>\n<p>\u201cThe hardest thing about incident response in cybersecurity,\u201d Rubin said, \u201cis there is no one global spot for how much is going on.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.9755700325733\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/attackers-abuse-identity-unit42-palo-alto-networks-incident-response-report\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unit 42: Nearly two-thirds of breaches now start with identity<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3029,235,2973,282,78,440,3912,1156,4540,3471,715,46,256,4899,4900,2533,1999,310,288,183],"tags":[3032,236,2975,286,86,444,3916,1168,4543,3475,720,54,262,4902,4903,2536,2002,311,294,207],"class_list":["post-8352","post","type-post","status-publish","format-standard","hentry","category-access-management","category-ai","category-credential-theft","category-cybercrime","category-cybersecurity","category-data-breaches","category-identity","category-incident-response","category-initial-access","category-misconfiguration","category-palo-alto-networks","category-ransomware","category-research","category-salesloft","category-salesloft-drift","category-social-engineering","category-stolen-credentials","category-technology","category-threats","category-unit-42","tag-access-management","tag-ai","tag-credential-theft","tag-cybercrime","tag-cybersecurity","tag-data-breaches","tag-identity","tag-incident-response","tag-initial-access","tag-misconfiguration","tag-palo-alto-networks","tag-ransomware","tag-research","tag-salesloft","tag-salesloft-drift","tag-social-engineering","tag-stolen-credentials","tag-technology","tag-threats","tag-unit-42"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/access-management\/\" rel=\"category tag\">access management<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/credential-theft\/\" rel=\"category tag\">credential theft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-breaches\/\" rel=\"category tag\">data breaches<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/identity\/\" rel=\"category tag\">identity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/incident-response\/\" rel=\"category tag\">incident response<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/initial-access\/\" rel=\"category tag\">initial access<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/misconfiguration\/\" rel=\"category tag\">misconfiguration<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salesloft\/\" rel=\"category tag\">Salesloft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salesloft-drift\/\" rel=\"category tag\">Salesloft Drift<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/social-engineering\/\" rel=\"category tag\">Social engineering<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/stolen-credentials\/\" rel=\"category tag\">stolen credentials<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/unit-42\/\" rel=\"category tag\">Unit 42<\/a>","tag_info":"Unit 42","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8352"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8352\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8352,"date":"2026-02-17T05:00:00","date_gmt":"2026-02-17T11:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87791"},"modified":"2026-02-17T05:00:00","modified_gmt":"2026-02-17T11:00:00","slug":"unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/02\/17\/unit-42-nearly-two-thirds-of-breaches-now-start-with-identity-abuse\/","title":{"rendered":"Unit 42: Nearly two-thirds of breaches now start with identity abuse"},"content":{"rendered":"