2024 saw a surge in non-human identity (NHI) attacks, raising concerns for 2025. Significant breaches included Cloudflare's access token failure, compromised GitHub credentials resulting in data leaks at the New York Times, and attacks on Adobe Commerce affecting online stores. Other incidents involved exposed AWS and Microsoft Azure keys compromising user data, Schneider Electric's data theft through Jira credentials, and exploits via a critical vulnerability in Palo Alto Networks tools. NHI threats are expected to escalate, necessitating proactive measures from security teams.
https://www.darkreading.com/vulnerabilities-threats/will-2025-see-rise-nhi-attacks