Cloud Security | Breaking Cybersecurity News | The Hacker News

Here's what keeps me up at night. Not zero-days. Not sophisticated nation-state attacks. What worries me is the backlog. Every MSP has one. The list of security configurations that need fixing. The policies have been sitting in "report only" mode since last year. The E5 features that clients are paying for but nobody's turned on because it might break something. The app registrations with excessive permissions from three years ago that nobody's audited. The conditional access policies that need updating but keep getting pushed to next quarter. We all know this backlog exists. We tell ourselves we'll get to it. But quarters turn into years, and that backlog just grows. Meanwhile, AI attackers don't have a backlog. They have automation. Most breaches in Microsoft 365 won't start with a zero-day. They'll start with a setting that's been in "report only" for two years. Example tenant: critical Conditional Access policies exist but a...

Every few years, a breach happens that security teams study for the wrong reasons. SolarWinds is a good example. When the compromised Orion update started reaching customer environments in early 2020, the signals were already there: unusual DNS requests, unexpected authentication behavior in Azure AD, odd SAML token activity, and lateral movement from on-premises Active Directory into cloud environments.  None of it looked like an attack. Each signal sat at low or medium severity, and they were scattered across domains. The attackers had close to a year of dwell time before FireEye, a victim itself, discovered the breach while investigating a stolen red-team toolkit. We tend to call SolarWinds a one-off. It wasn't.  The real lesson from that breach, and from the ones that have followed it, is structural.  SOCs are designed, staffed, and measured around routine work: phishing, endpoint detections, and user anomalies. The people, processes, dashboards, and tools are ...

The market is flooded with chatbots that summarize requirements, GenAI that drafts policies, and AI assistants that extract provisions from contracts. And these tools undoubtedly make existing workflows better. But when it comes to transformational technology, different is better than better.  These AI for GRC capabilities are the direct result of practitioners and vendors alike asking, "How can AI make our current workflows better?" What they should be asking is "Does AI make a completely new way of operating possible?" Agentic GRC doesn't improve GRC workflows; it replaces them with agents. For something to earn the title agentic, it needs to take an entire workflow, including the decision-making between each step, and execute it from start to finish. Whether teams are ready for the future or not (and they should be), they need to start thinking about their workflows in an entirely new way. Here's a framework for them to do so. Why the Distinction Between AI f...

The world of identity security is in constant motion. What was once a straightforward matter of usernames and passwords has evolved into a complex ecosystem of biometrics, hardware tokens, and zero-trust architectures. As we look toward 2026, the pace of change is only accelerating. The lines between our digital and physical identities are blurring, and the threat landscape is becoming more sophisticated. Chief Information Security Officers spend their days on the front lines of this evolution. Staying ahead isn't just about reacting to threats; it's about anticipating them to reduce risk. Based on the trends I'm seeing today, here are 9 identity security predictions for where we'll be in 2026. 1. AI will become the primary identity governance tool. Manual access reviews and role-based access control (RBAC) models are already showing their age. By 2026, AI-driven identity governance and administration (IGA) will be standard. These systems will continuously analyze u...

Enterprise adoption of AI is no longer a future trend; it's a present-day reality. As organizations race to leverage AI for innovations, security teams are grappling with a new, complex, and dynamic attack surface. AI is breaking the operational silos that currently segregate Cloud, SaaS and Endpoint Security; AI is everywhere and it is consuming enterprise data and assets across these channels. Traditional security tools, designed for cloud infrastructure and SaaS applications, are fundamentally ill-equipped to handle the unique risks posed by AI.  AI security posture management (AI-SPM) solutions can provide relief by protecting critical AI assets, but it's important to note that not all AI-SPM solutions are created equal. Many solutions offer only basic posture checks and are focused predominantly on infrastructure and vulnerability management. In addition, most focus solely on Cloud or SaaS, leaving many blind spots when trying to get the full picture of your AI landscape. ...

A 2024 Gartner® survey of 162 large enterprises shows organizations running an average of 45 cybersecurity tools. It's no surprise, then, that 52% of executives cite complexity as the biggest barrier to effective security operations. While mid-market organizations typically run fewer tools, smaller IT and security teams mean they often face equal—or greater—operational complexity. Why Security Platforms Emerged The industry's answer to tool sprawl has been the security platform: a consolidated approach designed to reduce complexity by replacing multiple point products. In principle, platforms promise tighter integration, improved visibility across the attack surface, better alert correlation, and faster response. Research supports this direction. The 2025 IBM Institute for Business Value report notes that organizations with higher security platform maturity identify and contain incidents more quickly. Consolidation Doesn't Always Equal a Platform Vendor consolidation is accelera...

For nearly two decades, offensive security has centered around the same basic ritual: schedule an annual or quarterly penetration test, brace for the findings, remediate what you can, and then repeat the next cycle next year. It's familiar, predictable, and built into every compliance framework. It's also fundamentally mismatched to the way modern infrastructure works and the way attackers operate.  Today's environments change too quickly for point-in-time testing to provide real assurance. Cloud deployments shift daily; CI/CD pipelines push new code constantly, and new assets appear abruptly. A penetration test conducted in November tells you almost nothing about your exposure in January.  This is where Continuous Penetration Testing (CPT) comes in. CPT doesn't just improve offensive security outcomes but reshapes the equation entirely. When organizations adopt continuous validation, they gain clearer visibility, shorter remediation cycles, and tangible, measurable ROI. ...

In cybersecurity, the old adage "trust but verify" emphasizes that granting trust should always be accompanied by oversight. Yet, with software-as-a-service (SaaS), organizations often stop at the "trust" part and never get around to the "verify." SaaS environments in 2025 run on implicit trust. Once a user or app is authenticated and given access, it's largely trusted indefinitely. Tokens issued to third-party apps rarely expire, integrations often get more permissions than they truly need, and automations execute with minimal human oversight. We talk about Zero Trust principles, but in practice, many SaaS platforms grant one-time approval and then assume all is well thereafter. The result is a growing security gap, where credentials and connections are implicitly trusted far beyond what's safe, creating fertile ground for breaches and abuse. Implicit Trust in the SaaS Ecosystem Every SaaS integration or API token represents an implicit trust relationship between your organizatio...

As SaaS ecosystems expand, not every user is human anymore. AI assistants, automation bots, integration services, and API tokens now perform countless actions across business cloud applications, often with the same or greater access privileges as employees. These non-human identities (NHIs) are silently driving productivity while introducing a new class of risk: unmonitored, long-lived, and often misunderstood access. These machine credentials (service accounts, API keys, OAuth tokens, etc.) are essential for automation and integrations, but their growth far outpaces the oversight and security controls applied to them. The result is a widening visibility gap. A lot of NHI types enjoy broad permissions within SaaS apps, sometimes more privileges than a human user, yet they rarely get the same scrutiny as employee accounts. Over-privilege is common: about one-third of SaaS app integrations have access to sensitive data that exceeds their needs. Let's examine a few notable data brea...