Blog
Security
/ 1 Jun, 2026Analysis of the 2026 Stryker Breach: Weaponizing Cloud Endpoint Management
On March 11, 2026, attackers turned Stryker Corporation's own Microsoft Intune device-management plane into a non-encrypting wiper, factory-resetting roughly 200,000 endpoints across 79 offices worldwide without dropping a single piece of custom malware.
This analysis reconstructs the Living-off-the-Land attack chain — from infostealer logs and AiTM session theft through privilege escalation to the Intune control-plane pivot — and shows how SlashID's MITM/AiTM detection, phishing-resistant authentication, behavioral anomaly detection, and just-in-time privileged access stop it.
Security
/ 1 Jun, 2026Analysis of the 2026 Stryker Breach: Weaponizing Cloud Endpoint Management
On March 11, 2026, attackers turned Stryker Corporation's own Microsoft Intune device-management plane into a non-encrypting wiper, factory-resetting roughly 200,000 endpoints across 79 offices worldwide without dropping a single piece of custom malware.
This analysis reconstructs the Living-off-the-Land attack chain — from infostealer logs and AiTM session theft through privilege escalation to the Intune control-plane pivot — and shows how SlashID's MITM/AiTM detection, phishing-resistant authentication, behavioral anomaly detection, and just-in-time privileged access stop it.
New Feature
/ 10 Jun, 2023SlashID Analytics Webhooks
We are excited to release SlashID analytics and webhooks, providing greater visibility and actionable insights into your authentication flows.
Deep Dives
/ 24 May, 2023Passkeys - Threat modeling and implementation considerations
In this blog post, we review the current state of the technology from a security standpoint and we’ll discuss some critical aspects of passkey implementation.
New Feature
/ 12 May, 2023Authentication flows with SlashID
Implement MFA and Step-Up Authentication in React applications with SlashID.
Tutorial
/ 20 Feb, 2023Using Google Tink to sign JWTs with ECDSA
In this blog post, we will show how the Tink cryptography library can be used to create, sign, and verify JSON Web Tokens (JWTs), as well as to manage the cryptographic keys for doing so.
New Feature
/ 9 Feb, 2023React SDK support for <Groups>
With the latest React SDK release we are introducing a new control component, <Groups>. You can use <Groups> to conditionally render parts of the UI depending on whether the authenticated user belongs to specific Groups.
New Feature
/ 18 Jan, 2023Sign-in and Sign-up React component release
Today we’re happy to announce the next step in that journey to deliver a streamlined, low friction onboarding experience to our customers with the release of our sign-up/sign-in form component.
New Feature
/ 16 Jan, 2023Fetching Google Groups with SlashID SSO
Use SlashID to fetch Google Groups as part of a user authentication flow.
Experiments
/ 18 Dec, 2022In-browser HSM-backed Encryption with Tink and Wasm
This post explores how to use Wasm to lift Tink to JavaScript and how you can leverage it to perform client-side encryption directly from the browser, backed with a master key stored in a HSM.
New Feature
/ 28 Nov, 2022Official React SDK release
Today we’re excited to announce the public release of the official SlashID React SDK
In this blog post we’ll go over the design pillars, main features, and why we’re thrilled about what’s coming next.
