2 October 2025

CyberArk: Database discovery and automated onboarding

We’re excited to announce a new capability in our discovery SaaS, which extends support to databases. This enhancement enables teams to seamlessly uncover, secure, and onboard database accounts with greater efficiency. Security teams can now accelerate onboarding at scale, reduce manual effort, and ensure database credentials are continuously rotated and tightly controlled.

 

Key highlights:

  • Targeted scanning: Run discovery scans using a CSV list of targets containing access details.
  • Dynamic credential utilization: The scan automatically fetches relevant vaulted credentials at runtime, based on target data.
  • Centralized discovery flow: Accounts identified during scans are routed into the Discovered Accounts area, making it simple to review and vault them together with other discoveries.
  • Automated remediation rules: Define onboarding rules to automatically vault and manage discovered accounts.
  • End-to-end coverage: From discovery → onboarding → rotation and access services, database accounts are fully managed in one streamlined workflow.

 

Supported databases:

  • MS SQL Server
  • Oracle
  • MySQL
  • PostgreSQL

 

Learn more

22 September 2025

Okta: introduces new capability: the Okta MCP Server

Why This Matters

  • Lets AI agents interact directly with Okta using natural language
  • Reduces the need for manual API calls or custom scripts
  • Enables automation of tasks like adding users, managing groups, and generating reports

 

What Has Changed

  • MCP Server bridges AI models with Okta’s Admin APIs
  • Supports both interactive login and secure headless authentication (private key JWT)
  • Built on Okta’s official SDK for reliability and tight integration

 

Timelines

12 September 2025

SailPoint: MCP (Model Context Protocol) Server update

SailPoint has just introduced the MCP (Model Context Protocol) Server, and this could be a game changer for how we handle access requests. In short, the MCP Server acts as a standardised bridge between AI applications and SailPoint’s Identity Security Cloud (ISC). Instead of needing heavy custom integration or multiple request centers, it gives you a ready-made interface to connect AI tools directly into SailPoint. That means access requests can finally become as simple as asking an assistant in plain language, without dropping enterprise security standards.

 

Key Benefits:

  • Quick Integration: quickly connect AI applications to SailPoint in 5-15 minutes without complex custom development.
  • Natural Language Processing: Enable conversational access request at scale.
  • Future-Proof Architecture: Built on MCP standard and regular updates to ensure compatibility with emerging AI platforms and security.
  • Enterprise-grade: Maintains SailPoint’s proven IAM expertise and enterprise-grade scalability and security.

Getting Started:

  • SailPoint Identity Security Cloud access is required.
  • Choose integration approach based on technical requirements.
  • Setup authentication following provided guides (coming soon).
  • Begin building AI-powered access management experiences

Important Dates:

  • General Availability: Sept 29, 2025
  • Integration Documentation: Sept 29, 2025
  • Expanded Toolkit: 6-12 months post-GA for expanded MCP tools

Dive Deeper

10 September 2025

CyberArk: CA25-31 – Potential authenticated remote code execution.

Issued: September 10, 2025

Updated: N/A

Version: 1.0

Severity: High

CVSS Score: 8.7

Third-party publication / CVE: N/A

Impact: Potential authenticated remote code execution.

 

Affected products and versions:

Secrets Manager – Self-Hosted (formerly Conjur Enterprise) – 13.5.0 – 13.5.2- 13.6.0 – 13.6.2

* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.

** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.

 

Resolution

Upgrade to a patch version from the table below by downloading the patch from the respective link and following the instructions in our online documentation.

If a patch isn’t available for your installed version, or if you want to move to the latest available version, upgrade your component according to the upgrade version compatibility docs.

 

Installed version: 

Secrets Manager – Self-Hosted (Conjur Enterprise) prior to 13.6.3 – Patch version 13.6.3Documentation

Secrets Manager – Self-Hosted (Conjur Enterprise) 13.5 and its patches prior to 13.5.3 – Patch version 13.5.3Documentation

 

Temporary mitigation

There is no temporary mitigation available for this security bulletin.

 

Exploited in the wild in a CyberArk environment

Not to the best of CyberArk’s knowledge.

 

Technical FAQ

Are there any pre-upgrading steps that should be carried out before upgrading?

  1. Backup your current environment.
  2. Verify the minimum requirements for Conjur Enterprise and Vault Synchronizer.
  3. Review the deployment workflow to ensure the usage of the relevant commands needed.

 

As CyberArk receives questions related to this Security Bulletin, answers will be added to the Technical FAQ article. To stay informed of updates, open the FAQ article and click the Follow button to receive notifications when new questions and answers are published.


1 2 3 5