Cloud Security | Breaking Cybersecurity News | The Hacker News

The proliferation of AI agents in the enterprise has moved from theoretical to practical at a remarkable pace. These agents, whether developed internally or licensed, are increasingly integrated into core business workflows. While they promise substantial gains in automation and productivity, they also introduce a new and complex class of security risks that demand immediate attention.  The core challenge is not whether to adopt AI agents, but how to govern them effectively. A disciplined approach to balancing innovation with security is essential for any organization looking to leverage AI without exposing itself to unacceptable risk.  Recent research highlights the urgency of this issue. A comprehensive study found that 82% of companies are already using AI agents, with 53% acknowledging they access sensitive information daily . This rapid adoption, often occurring without adequate oversight, creates significant vulnerabilities. The imperative is clear: organizations must...

The browser has quietly become the most critical application in the enterprise — and the most targeted. With SaaS, cloud, and hybrid work redefining IT boundaries, browsers now handle proprietary data, credentials, and business workflows. Yet legacy security tools like firewalls, antivirus, and EDR were never designed to defend this new digital front line. The shift from being an ancillary tool to becoming the main location of work means legacy security solutions, such as firewalls, antivirus, VDI, etc., are not equipped to provide the necessary level of protection needed to secure today's organizations. The browser, once an afterthought, is now the weak link that legacy defenses simply can't secure.  This article examines the modern browser exploitation playbook and details why legacy tools alone are no match for today's cybercriminals. By adopting a Secure Enterprise Browser (SEB), enterprises can complement their existing security tools, shore up their weak link, and future-p...

For nearly two decades, managed-security models have defined how most organizations handle detection and response. Faced with alert overload, chronic staffing shortages, and the high cost of 24/7 coverage, many teams turned to Managed Security Service Providers (MSSPs) and later to Managed Detection and Response (MDR) vendors to fill the gap. Beyond staffing and capacity, many also lacked in-house expertise in building detection systems. It was a rational choice. MSSPs and MDRs provided 24/7 monitoring, experienced analysts, and predictable coverage. They gave companies without an in-house SOC a viable way to maintain security coverage in an increasingly complex threat landscape. But the ground has shifted. AI-driven SOC platforms are now automating large parts of what human analysts once did: triaging alerts, correlating signals, enriching incidents, and recommending or even executing responses. That raises a simple but profound question: what happens to the managed-security m...

Enterprises are spending more than ever on DDoS defense, but despite the increased investment, organizations are still suffering damaging downtime. MazeBolt's new DDoS Defense survey , produced in collaboration with Global Surveyz, quizzed 300 CISOs and security directors across the US and Europe, and uncovered some surprising perspectives. The following is a sneak preview from the report. Inside the Survey MazeBolt surveyed senior security leaders at banking, financial services, and insurance companies with between 500 and 25,000 employees and annual revenues of at least $250 million. These are organizations where business continuity is critical and where a single outage can cause severe financial and reputational damage. Attacks Keep Coming – and They're Costly Respondents reported an average of 3.85 damaging DDoS incidents in the past year. 60% said they suffered between 2 and 5 such attacks. Larger companies faced the most serious consequences, with enterprises of more than 1...

As hybrid and multi-cloud environments become the standard, organizations are under growing pressure to deliver scalable and secure remote access. Traditionally, Virtual Private Networks (VPNs) have been the go-to solution for connecting remote users to corporate networks. While VPNs have been essential for remote access, they were originally designed for simpler, perimeter-based security models. Organizations that rely solely on VPNs face significant limitations, including weak access control, increased risk of lateral movement and poor visibility. Continue reading to learn the limitations of VPN-based access and how KeeperPAM® provides a strong, modern alternative for securing remote access. Why VPNs are no longer enough Although VPNs have been used to enable remote access within organizations, the limitations of VPNs are becoming increasingly clear as IT environments span across multiple on-premises, hybrid and remote systems. Relying on VPN-based access alone can actually make ...

These days, there are plenty of ways to run DDoS simulation testing and make sure you're protected against attacks. You can do it on your own using commercial software or open-source tools—whatever works best for you. That said, there are a few must-haves when it comes to running DDoS tests. For one, you'll need a platform that allows you to easily start and stop attack simulations as needed. Plus, don't forget to notify and get approval from relevant parties, such as your cloud provider or tool vendor, before you begin testing. Beyond these basics, there are some best practices that can help you get the most out of your  DDoS testing . 1 – Plan tests to validate the protection of your most critical assets  While it may be easier to run black box testing (basically launching attacks without looking at the internal structure, architecture, and configuration of your protection), a white box testing approach is much more effective when it comes to uncovering serious vulnera...

What are Ephemeral Accounts? Corporate audits today, for cyber security insurance or compliance, focus on group memberships to identify who has access to what. This process identifies who is a Domain Admin, Enterprise Admin, Local Administrator, Database Global Admin, Global Admin in Azure, and Root Access in AWS. Accounts with this level of access likely have static privilege. I like to call these accounts game-over accounts. If these accounts are compromised, the company will have a massive issue on its hands.  Other account types lurking in your environment can cause this level of damage. Many DevOps accounts and API keys can also cause this level of damage if compromised. DevOps accounts sometimes fall under the radar outside of the scope of compliance and cybersecurity insurance.  The new Privileged Access Management buzzword among vendors, analysts, and operations teams is Ephemeral Accounts . A common phrase I tend to hear is that we don't have static privileged acc...

At some point in the last decade, SIEMs turned into that one friend who always promises to help you move, then shows up late, eats all your pizza, and still expects gas money. They were supposed to deliver centralized visibility and faster investigations. Instead, most SOC teams ended up with endless alerts, eye-watering bills, and dashboards that look impressive on the big screen but don't actually stop attackers. So, how did we end up here? A short history: when SIEMs were actually useful Back when firewalls were still exciting, SIEMs solved a real problem: logs scattered everywhere, auditors breathing down your neck, and no way to answer "who logged into what, when?" Then came the "next-gen" era. Vendors promised smarter detection, correlations across your stack, and even a pinch of threat intel. The promise was fewer false positives and a faster response. But instead of taming noise, NG SIEMs just amplified it. It was like turning up the volume on a broken radio and calling ...

ShinyHunters is a notorious cybercrime group that has resurfaced with a new playbook of SaaS-focused attacks. Known for monetizing stolen data on underground forums since 2020, ShinyHunters has historically breached companies by stealing credentials and databases. Recently, however, they've shifted tactics to aggressive social engineering, mirroring the methodology of the Scattered Spider group. Instead of exploiting software vulnerabilities, ShinyHunters now exploits human trust, targeting the underbelly of third-party SaaS platforms through impersonation and phishing. In mid-2025, a wave of breaches struck companies like Google, Workday, Pandora, Cisco, Chanel, and others, all tied together by one common thread: the attackers leveraged access to these firms' Salesforce CRM or similar cloud systems. Below, we look at what happened in the Google and Workday breaches, examine techniques ShinyHunters used, and demonstrate how a dynamic SaaS security approach (like Reco's) could have...