One criminal leveraged old stolen passwords and a lack of multi-factor authentication (MFA) to quietly breach roughly 50 large enterprises—showcasing that the weakest link in cloud security is not technology, but basic governance and accountability. This campaign, run by a threat actor known as Zestix or Sentap, is a case study in how organizations can…