Authentication | Breaking Cybersecurity News | The Hacker News

Identity-based attacks are the #1 cause of breaches, often exploiting weaknesses in traditional identity platforms. It's time for a proactive approach that addresses these gaps and stops threats before they strike. Identity has become the primary attack surface in cybersecurity. According to Forbes, 75% of cyberattacks leverage identity-based threats. Threat actors gain access using stolen credentials, compromised devices, and deepfake impersonation techniques, often bypassing traditional defenses without detection. Many identity platforms rely on MFA, such as push notifications and one-time passcodes (OTPs), which were once considered secure but are now frequently exploited through phishing, MFA fatigue, and man-in-the-middle attacks. The rise of generative AI has made these threats more effective and more prevalent.  To compensate, organizations have deployed tools like Endpoint Detection and Response (EDR), Network Detection and Response (NDR), and Identity Threat Detection ...

SaaS applications are the backbone of modern organizations, powering productivity and collaboration. However, they also introduce critical security risks—identity sprawl, misconfigurations, and an expanding attack surface. Identity providers have become a prime target for threat actors, prompting security teams to focus on protecting identities across multiple SaaS environments. To mitigate these risks, many organizations adopt SaaS Security Posture Management (SSPM) to harden configurations, enforce least-privilege access, and maintain visibility over human and non-human identities. SSPM is an essential preventive tool that improves cyber hygiene by reducing the attack surface. Yet prevention alone is not enough in today's evolving threat landscape. Identity Threat Detection and Response (ITDR) is crucial to bridge this gap and enable organizations to detect and respond fast to active threats targeting their identity infrastructure. The Growing Threat to SaaS Identities The rise i...

Two years ago, who would have thought that Artificial Intelligence (AI) would transform how we interact with information? With the latest advancements in OpenAI and Anthropic models, breaking all limits with every new release, agents are inevitable. Last month, Anthropic released their "Computer agent," which can control a computer to perform actions based on user prompts. This raises some serious concerns: How does access control work? Imagine you have an army of agents, each specializing in a particular area. Would you be comfortable delegating all your access to these agents? Before getting to it, let's define what an AI Agent is. AWS defines an agent as "a software program that can interact with its environment, collect data, and use the data to perform self-determined tasks to meet predetermined goals." Few Facts About Agents Agents are "smart" computing units capable of performing tasks, but here are a few things to note: Humans are responsible for setting goals, and an a...