Cloud Security | Breaking Cybersecurity News | The Hacker News

These days, there are plenty of ways to run DDoS simulation testing and make sure you're protected against attacks. You can do it on your own using commercial software or open-source tools—whatever works best for you. That said, there are a few must-haves when it comes to running DDoS tests. For one, you'll need a platform that allows you to easily start and stop attack simulations as needed. Plus, don't forget to notify and get approval from relevant parties, such as your cloud provider or tool vendor, before you begin testing. Beyond these basics, there are some best practices that can help you get the most out of your  DDoS testing . 1 – Plan tests to validate the protection of your most critical assets  While it may be easier to run black box testing (basically launching attacks without looking at the internal structure, architecture, and configuration of your protection), a white box testing approach is much more effective when it comes to uncovering serious vulnera...

What are Ephemeral Accounts? Corporate audits today, for cyber security insurance or compliance, focus on group memberships to identify who has access to what. This process identifies who is a Domain Admin, Enterprise Admin, Local Administrator, Database Global Admin, Global Admin in Azure, and Root Access in AWS. Accounts with this level of access likely have static privilege. I like to call these accounts game-over accounts. If these accounts are compromised, the company will have a massive issue on its hands.  Other account types lurking in your environment can cause this level of damage. Many DevOps accounts and API keys can also cause this level of damage if compromised. DevOps accounts sometimes fall under the radar outside of the scope of compliance and cybersecurity insurance.  The new Privileged Access Management buzzword among vendors, analysts, and operations teams is Ephemeral Accounts . A common phrase I tend to hear is that we don't have static privileged acc...

At some point in the last decade, SIEMs turned into that one friend who always promises to help you move, then shows up late, eats all your pizza, and still expects gas money. They were supposed to deliver centralized visibility and faster investigations. Instead, most SOC teams ended up with endless alerts, eye-watering bills, and dashboards that look impressive on the big screen but don't actually stop attackers. So, how did we end up here? A short history: when SIEMs were actually useful Back when firewalls were still exciting, SIEMs solved a real problem: logs scattered everywhere, auditors breathing down your neck, and no way to answer "who logged into what, when?" Then came the "next-gen" era. Vendors promised smarter detection, correlations across your stack, and even a pinch of threat intel. The promise was fewer false positives and a faster response. But instead of taming noise, NG SIEMs just amplified it. It was like turning up the volume on a broken radio and calling ...

ShinyHunters is a notorious cybercrime group that has resurfaced with a new playbook of SaaS-focused attacks. Known for monetizing stolen data on underground forums since 2020, ShinyHunters has historically breached companies by stealing credentials and databases. Recently, however, they've shifted tactics to aggressive social engineering, mirroring the methodology of the Scattered Spider group. Instead of exploiting software vulnerabilities, ShinyHunters now exploits human trust, targeting the underbelly of third-party SaaS platforms through impersonation and phishing. In mid-2025, a wave of breaches struck companies like Google, Workday, Pandora, Cisco, Chanel, and others, all tied together by one common thread: the attackers leveraged access to these firms' Salesforce CRM or similar cloud systems. Below, we look at what happened in the Google and Workday breaches, examine techniques ShinyHunters used, and demonstrate how a dynamic SaaS security approach (like Reco's) could have...

AI-powered coding assistants now play a central role in modern software development. Developers use them to speed up tasks, reduce boilerplate snippets, and automate routine code generation. But with that speed comes a dangerous trade-off. The tools designed to accelerate innovation are degrading application security by embedding subtle yet serious vulnerabilities in software. Nearly  half of the code snippets generated by five AI models contained bugs that attackers could exploit, a study showed. A second study confirmed the risk, with nearly one-third of Python snippets and a quarter of JavaScript  snippets produced by GitHub Copilot having security flaws . The problem goes beyond flawed output. AI tools instill a false sense of confidence. Developers using AI assistance not only  wrote significantly less secure code than those who worked unaided, but they also believed their insecure code was safe, a clear sign of automation bias. The Dangerous Simplicity of AI-...

When generative AI tools became widely available in late 2022, it wasn't just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in the enterprise not through official channels, but through the hands of employees eager to work smarter. Faced with the risk of sensitive data being fed into public AI interfaces, many organizations responded with urgency and force: They blocked access. While understandable as an initial defensive measure, blocking public AI apps is not a long-term strategy—it's a stopgap. And in most cases, it's not even effective. Shadow AI: The Unseen Risk The Zscaler ThreatLabz team has been tracking AI and machine learning (ML) traffic across enterprises, and the numbers tell a compelling story. In 2024 ...

Your identity environment holds the keys to your most critical data in the form of privileged accounts. Industry consolidation and a desire for company growth both often lead to mergers or acquisitions which, if not managed closely, can wreak havoc on an identity landscape. Mergers of identity environments create a glut of identities and identity accounts to manage, some of which may be redundant. They also introduce new 3rd parties, contractors and non-human identities like service accounts, bots etc.... into the equation. In addition, a merger or acquisition could hybridize the identity landscape, adding Cloud applications to on-prem resources, and vice versa. All of this increases the attack surface if not managed properly. As the two companies determine how to best work together, there is a level of uncertainty that can result in temporary measures as a stop-gap. Temporary access is often granted to provide employee, contractor and third party access to applications and privile...

Sub: GenAI is here to stay. The organizations that thrive will be those that understand its risks, implement the right safeguards, and empower their employees to harness it safely and responsibly. For many people, generative AI (GenAI) began as personal experimentation in homes and on personal devices. Now, however, AI has become deeply ingrained in workplace habits, creating productivity gains, but also exposing organizations to significant security gaps. Sensitive company data, inadvertently or otherwise, regularly finds its way into public AI systems, leaving IT and cybersecurity leaders scrambling to respond. Once proprietary data is processed by a public AI tool, it may become part of the model's training data, serving other users down the line. For example, in March 2023, a multinational electronics manufacturer was reported to have experienced several incidents of employees entering confidential data, including product source code, into ChatGPT. Generative AI applications, su...

As AI continues to make inroads into enterprise security, it's easy to see the appeal: faster triage, smarter detection, and fewer manual workflows. From SOAR platforms streamlining alerts to AI-enhanced identity systems approving access requests in milliseconds, the value proposition is clear — greater efficiency, speed, and scale. But here's the rub: speed without scrutiny can lead to security drift. AI is a powerful enabler, not an autonomous guardian. And in corporate security — where stakes include sensitive employee data, internal intellectual property, and privileged infrastructure — the absence of human oversight isn't just risky; it's potentially catastrophic. AI as a Copilot, Not a Commander In modern corporate security environments, AI-driven tooling is increasingly embedded into day-to-day operations. Triage systems leverage AI to correlate alerts, automation scripts to remediate routine issues, and IAM platforms auto-approve low-risk access. These advancements undenia...

Salesforce Is Mission-Critical, but That Doesn't Mean It's Protected At the beating heart of customer operations, the scope of Salesforce goes well and beyond traditional customer relationship management (CRM) systems. As a system of records, a sales engine, a service dashboard, and a repository for years of business-critical insight, deals flow through it continuously. Strategies depend on it. Customer relationships live or die by what they contain.  Yet, despite this, a dangerous misconception persists: "It's in the cloud, so it must be safe." Unfortunately, this assumption is as costly as it is common.  Here's the reality. Salesforce operates under a shared responsibility model , meaning your cloud provider — in this case, Salesforce — is responsible for platform uptime, infrastructure integrity, and security of the cloud. But you, the customer, are responsible for its actual content (your data, your metadata, and your configurations). So, while Salesforce protects th...