OAuth | Breaking Cybersecurity News | The Hacker News

As SaaS ecosystems expand, not every user is human anymore. AI assistants, automation bots, integration services, and API tokens now perform countless actions across business cloud applications, often with the same or greater access privileges as employees. These non-human identities (NHIs) are silently driving productivity while introducing a new class of risk: unmonitored, long-lived, and often misunderstood access. These machine credentials (service accounts, API keys, OAuth tokens, etc.) are essential for automation and integrations, but their growth far outpaces the oversight and security controls applied to them. The result is a widening visibility gap. A lot of NHI types enjoy broad permissions within SaaS apps, sometimes more privileges than a human user, yet they rarely get the same scrutiny as employee accounts. Over-privilege is common: about one-third of SaaS app integrations have access to sensitive data that exceeds their needs. Let's examine a few notable data brea...

The cybersecurity community has been buzzing about JPMorgan Chase CISO Pat Opet's open letter to third-party suppliers since its release right before RSA. This candid assessment from the security leader of one of the world's largest financial institutions has struck a chord, particularly his observations about SaaS security. Opet didn't mince words: " SaaS models are fundamentally reshaping how companies integrate services and data—a subtle yet profound shift eroding decades of carefully architected security boundaries ." This statement encapsulates a reality that security professionals have been grappling with—the traditional security perimeter has dissolved, replaced by a complex web of interconnected SaaS applications, each with their own configurations, access controls, and data sharing capabilities. Let's break down the key issues highlighted in Opet's letter and explore practical solutions. The New SaaS Security Challenges OAuth Vulnerabiliti...