AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Image
Episode 4  •  Mar 6, 2026  •  21 Min

SSO Phishing, Patching Failures & Exposed APIs

This week’s coverage spans identity, patching, exposed infrastructure, and aging systems. A fintech breach traced back to phished SSO accounts exposed nearly a million records, while researchers pointed out that known vulnerabilities are still doing most of the damage. An exposed backend service leaked traveler data, and widely used enterprise tools landed on CISA’s exploited list.

Key Takeaways:

Nearly 1 Million User Records Compromised in Figure Data Breach
Security Week

  • What Matters: Attackers used social engineering to compromise SSO accounts at fintech firm Figure, exposing nearly a million customer records. Identity is prime real estate, so phishing against SSO remains a high-return move. This was not centralized identity collapsing, but a reminder that when SSO becomes the front door, configuration and monitoring have to be tight.
  • What’s Overhyped: This was not a platform-level collapse. The identity provider was not breached; attackers phished users who happened to rely on it.

Forget Zero-Days - 'N-days' Could Be the Most Worrying Threat
TechRadar

  • What Matters: Reporting highlights that most exploited vulnerabilities are known and patchable, not zero-days. Known bugs keep landing because patching processes are still broken. Weak asset data and fragile update cycles leave old flaws exposed longer than anyone intends.
  • What’s Overhyped: There is no sudden pivot toward n-days. Known, patchable flaws have driven exploitation for years, so the surprise factor is overstated.

Huge OneFly Data Breach Sees Traveler IDs and Payment Details Leaked
TechRadar

  • What Matters: An unsecured Elasticsearch instance tied to internal services exposed traveler IDs, payment data, and authentication tokens. An internal system reachable from the internet points to gaps in testing or segmentation. As APIs and backend services multiply, those gaps become easier to miss.
  • What’s Overhyped: The focus on “clear text” data implies encryption alone would have prevented this. However, the real issue was an exposed service, not a failure to sprinkle cryptography everywhere.

CISA warns of actively exploited enterprise software vulnerabilities for SolarWinds, Notepad++
Security Week

  • What Matters: CISA added several widely used enterprise tools, including SolarWinds and Notepad++, to its Known Exploited Vulnerabilities (KEV) list. When monitoring and management systems show up there, it matters because those tools sit at the center of enterprise visibility and control, and access in that layer can ripple outward fast.
  • What’s Overhyped: Landing on the exploited list does not automatically make a tool uniquely unsafe. Widely deployed enterprise software becomes a target simply because it is everywhere.

Hackers Actively Scan Citrix NetScaler Infrastructure
Cybersecurity News

  • What Matters: Researchers observed large-scale internet scanning targeting exposed Citrix login portals as part of pre-exploitation reconnaissance. Internet-facing login pages will be scanned nonstop, which makes forgotten or misconfigured assets the real risk. Exposure that lingers longer than intended is usually an inventory and lifecycle problem.
  • What’s Overhyped: Large-scale scanning of exposed portals is routine background noise. Seeing probes in your logs does not mean something new just started.

Zombie Projects Rise Again to Undermine Security
Dark Reading

  • What Matters: Abandoned or poorly maintained legacy systems continue to introduce risk, especially in complex environments with deep software dependencies. Software ages poorly, and ownership often fades over time. Without clear accountability and end-of-life planning, those systems persist and accumulate risk quietly.
  • What’s Overhyped: Older systems are not inherently negligent. In many industries, long lifecycles are expected; unmanaged ownership is the real failure.

Chinese Bots Drive Traffic Surge to Lanzhou Website
The Cyber Express

  • What Matters: Reporting described a surge of automated traffic attributed to bot activity, doubling activity on niche Chinese-language sites. A traffic spike should trigger analysis, not panic, because noise in one area can mask activity somewhere else. Defenders need enough visibility to avoid overcommitting to the loudest signal in the room.
  • What’s Overhyped: The reported spike was limited and tied to niche sites. This surge looks more like tool testing rather than launching a large-scale campaign.
Sean McMillan Headshot

Sean McMillan

Community Manager

Sean McMillan is Community Manager at Bishop Fox, focused on making complex security topics easier to understand and more interesting to follow. He holds a bachelor’s degree in Mass Communication and Media Studies from Arizona State University and brings over a decade of experience in podcasting, live hosting, and audience engagement. As host of Initial Access, he works with practitioners to explore how real-world attacks actually happen.

More by Sean McMillan
Bfx25 Justin Greis Headshot

Justin Greis

Chief Executive Officer & Board Member, acceligence

Justin is the Founder and CEO of acceligence, a management consulting firm focused on technology, cybersecurity, risk, and strategy. Justin helps executives and boards of the world’s leading organizations optimize their technology investments and transform risk into competitive advantage. Bishop Fox is a proud alliance partner with acceligence. Learn more about our partnership.

Prior to acceligence, Justin led the North America Cybersecurity Practice at McKinsey & Company, serving technology executives, the c-suite, and boards across a variety of industries, to protect their most critical assets while helping them go faster with confidence. He works closely with technology and cybersecurity providers and investors on strategy, growth, and go-to-market programs that build market leadership and yield tangible results.

More by Justin Greis
Dan Petro Headshot

Dan Petro

Principal Security Engineer

As a Principal Security Engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

More by Dan Petro

Subscribe to our PODCAST

Real talk on the threats, trends, and tactics shaping security today

Listen Anywhere

Spotify iHeartRadio YouTube Apple Podcasts Amazon Music

Recommened Resources

You might be interested in these related Resources.

Datasheets

AI-Powered Application Penetration Testing Datasheet

AI-Powered Application Penetration Testing Datasheet

Most enterprises are managing dozens — sometimes hundreds — of applications with the same constrained budgets and headcount. Bishop Fox AI-Powered Application Penetration Testing delivers validated, expert-reviewed findings across your entire portfolio without the noise or overhead.

Download Datasheet
Guides

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Secure AI-Assisted Development: 15 Guardrails for Shipping AI-Generated Code

Before releasing AI-developed software, use our recommended security guardrails checklist to learn how to constrain generated code, enforce security controls, and prevent silent risk from prompt to production.

Read Guide
Reports

2026 GigaOm Radar for Attack Surface Management

2026 GigaOm Radar for Attack Surface Management

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Read Report