Cloud Security | Breaking Cybersecurity News | The Hacker News

In most security operations centers, CVSS quietly dictates remediation priorities. Dashboards are sorted by severity. "Critical" vulnerabilities float to the top. Quarterly summaries celebrate how many 9.0+ findings were closed. On paper, it looks rational. In practice, it's often wrong. CVSS was designed to standardize how vulnerabilities are scored. Its origins and main purpose have been to measure technical severity, including exploit complexity, required privileges, impact on confidentiality, integrity, and availability. It provides a shared language. But where it has perpetually struggled is measuring context within, like whether the asset is internet-facing, how critical it is to the business, and whether attackers are actively exploiting the vulnerability. And context is where real risk lives. How Abstract Scores Turn Vulnerability Management Into "Severity Theater" A vulnerability scored 9.8 in a non-production environment with no external access may demand immediate atten...

The conversation around AI in the SOC has mostly centered on efficiency: closing alerts faster, reducing queue backlog, and automating repetitive work that burns out L1 analysts. That framing is directionally right, and it matters because analyst fatigue is real. For teams dealing with high alert volume, analysts are often asked to make good decisions under a fragmented context and time pressure. But that framing is still incomplete. The bigger shift is not just workflow automation or orchestration of predefined playbooks. It is AI's ability to perform contextual, hypothesis-driven investigation across multiple telemetry sources, work that has traditionally depended on experienced L2 or L3 analysts and limited human time. When that capability can be applied consistently across every alert, it changes the operating model, not just the speed of the existing one. Two recent investigations at Prophet Security make that real. In both cases, the attacks were not obvious from signature-bas...

In the digital world, the secure exchange of cryptographic keys is the foundation upon which all private communication is built. It's the initial, critical handshake that allows two parties, like a user's browser and a web server, to establish a shared secret and communicate securely over the untrusted expanse of the internet. As the quantum computing era approaches, the very mathematics underpinning our traditional key exchange mechanisms are facing an existential threat. This spurred the development of new, quantum-resistant algorithms. This blog post provides a deep dive into how modern key exchange works, from the trusted classical methods to the emerging post-quantum standards, and explores how Zscaler leverages hybrid key exchange to bridge the gap. The Key Components of Modern Key Exchange At a high level, a secure key exchange protocol must achieve the following: Confidentiality: The established key must be a secret shared only between the two communicating parties. An ea...

Here's what keeps me up at night. Not zero-days. Not sophisticated nation-state attacks. What worries me is the backlog. Every MSP has one. The list of security configurations that need fixing. The policies have been sitting in "report only" mode since last year. The E5 features that clients are paying for but nobody's turned on because it might break something. The app registrations with excessive permissions from three years ago that nobody's audited. The conditional access policies that need updating but keep getting pushed to next quarter. We all know this backlog exists. We tell ourselves we'll get to it. But quarters turn into years, and that backlog just grows. Meanwhile, AI attackers don't have a backlog. They have automation. Most breaches in Microsoft 365 won't start with a zero-day. They'll start with a setting that's been in "report only" for two years. Example tenant: critical Conditional Access policies exist but a...

Every few years, a breach happens that security teams study for the wrong reasons. SolarWinds is a good example. When the compromised Orion update started reaching customer environments in early 2020, the signals were already there: unusual DNS requests, unexpected authentication behavior in Azure AD, odd SAML token activity, and lateral movement from on-premises Active Directory into cloud environments.  None of it looked like an attack. Each signal sat at low or medium severity, and they were scattered across domains. The attackers had close to a year of dwell time before FireEye, a victim itself, discovered the breach while investigating a stolen red-team toolkit. We tend to call SolarWinds a one-off. It wasn't.  The real lesson from that breach, and from the ones that have followed it, is structural.  SOCs are designed, staffed, and measured around routine work: phishing, endpoint detections, and user anomalies. The people, processes, dashboards, and tools are ...

The market is flooded with chatbots that summarize requirements, GenAI that drafts policies, and AI assistants that extract provisions from contracts. And these tools undoubtedly make existing workflows better. But when it comes to transformational technology, different is better than better.  These AI for GRC capabilities are the direct result of practitioners and vendors alike asking, "How can AI make our current workflows better?" What they should be asking is "Does AI make a completely new way of operating possible?" Agentic GRC doesn't improve GRC workflows; it replaces them with agents. For something to earn the title agentic, it needs to take an entire workflow, including the decision-making between each step, and execute it from start to finish. Whether teams are ready for the future or not (and they should be), they need to start thinking about their workflows in an entirely new way. Here's a framework for them to do so. Why the Distinction Between AI f...

The world of identity security is in constant motion. What was once a straightforward matter of usernames and passwords has evolved into a complex ecosystem of biometrics, hardware tokens, and zero-trust architectures. As we look toward 2026, the pace of change is only accelerating. The lines between our digital and physical identities are blurring, and the threat landscape is becoming more sophisticated. Chief Information Security Officers spend their days on the front lines of this evolution. Staying ahead isn't just about reacting to threats; it's about anticipating them to reduce risk. Based on the trends I'm seeing today, here are 9 identity security predictions for where we'll be in 2026. 1. AI will become the primary identity governance tool. Manual access reviews and role-based access control (RBAC) models are already showing their age. By 2026, AI-driven identity governance and administration (IGA) will be standard. These systems will continuously analyze u...

Enterprise adoption of AI is no longer a future trend; it's a present-day reality. As organizations race to leverage AI for innovations, security teams are grappling with a new, complex, and dynamic attack surface. AI is breaking the operational silos that currently segregate Cloud, SaaS and Endpoint Security; AI is everywhere and it is consuming enterprise data and assets across these channels. Traditional security tools, designed for cloud infrastructure and SaaS applications, are fundamentally ill-equipped to handle the unique risks posed by AI.  AI security posture management (AI-SPM) solutions can provide relief by protecting critical AI assets, but it's important to note that not all AI-SPM solutions are created equal. Many solutions offer only basic posture checks and are focused predominantly on infrastructure and vulnerability management. In addition, most focus solely on Cloud or SaaS, leaving many blind spots when trying to get the full picture of your AI landscape. ...

A 2024 Gartner® survey of 162 large enterprises shows organizations running an average of 45 cybersecurity tools. It's no surprise, then, that 52% of executives cite complexity as the biggest barrier to effective security operations. While mid-market organizations typically run fewer tools, smaller IT and security teams mean they often face equal—or greater—operational complexity. Why Security Platforms Emerged The industry's answer to tool sprawl has been the security platform: a consolidated approach designed to reduce complexity by replacing multiple point products. In principle, platforms promise tighter integration, improved visibility across the attack surface, better alert correlation, and faster response. Research supports this direction. The 2025 IBM Institute for Business Value report notes that organizations with higher security platform maturity identify and contain incidents more quickly. Consolidation Doesn't Always Equal a Platform Vendor consolidation is accelera...

For nearly two decades, offensive security has centered around the same basic ritual: schedule an annual or quarterly penetration test, brace for the findings, remediate what you can, and then repeat the next cycle next year. It's familiar, predictable, and built into every compliance framework. It's also fundamentally mismatched to the way modern infrastructure works and the way attackers operate.  Today's environments change too quickly for point-in-time testing to provide real assurance. Cloud deployments shift daily; CI/CD pipelines push new code constantly, and new assets appear abruptly. A penetration test conducted in November tells you almost nothing about your exposure in January.  This is where Continuous Penetration Testing (CPT) comes in. CPT doesn't just improve offensive security outcomes but reshapes the equation entirely. When organizations adopt continuous validation, they gain clearer visibility, shorter remediation cycles, and tangible, measurable ROI. ...