Shadow IT | Breaking Cybersecurity News | The Hacker News

There's a war raging in the heart of every developer. On one side, you have the id: the impulse-driven creative force that wants to code at the speed of thought and would prefer to deploy first and ask questions later. On the other side, there's the superego, which wants to test every line of code and would push a release by a month if it meant catching one extra bug.  Experienced developers know how to act as a referee between these two forces and find the right balance between speed and security. But inexperienced or overworked devs often put their id in the driver's seat, which leads (among other things) to accidentally leaking developer secrets. These secrets include things like API and SSH keys, unencrypted credentials, and authentication tokens. Calling developer secrets "the keys to the kingdom" is something of a cliche, but it's tough to think of another phrase that accurately captures the unique power of this data. Unfortunately, the people who most appreciate the pow...

I have been a Star Wars fan since the moment I took my seat in the theatre and saw Princess Leia's rebel ship trying to outrun an Imperial Star Destroyer. It's impossible to see that movie (or its greatest successor, Andor ) and not take the side of the underdog rebels, who are determined to escape the iron fist of imperial control. Of course, in my work as a security professional, "control" is the name of the game. I've spent as much of my career trying to stop my own end-users from going outside the lines as I have trying to guard against malicious outsiders. I personally still think I'm the good guy, since my ultimate goal is to protect sensitive data, but I understand why IT and security teams are often seen as the bad guys. After all, we do operate according to something called the "rule of no." It's not great branding, and increasingly, it just isn't working. Here's the situation in 2025: we have a galaxy's worth of diverse applications, devices, and user identities accessing...

Shadow AI is presenting new challenges for security leaders. While AI tools have already revolutionized how we work, they've also created unprecedented security challenges that our traditional strategies or tools simply weren't designed to handle. I've spent the last decade working with organizations grappling with emerging tech risks, and I can tell you that this is different. In this post, we'll talk about why, and more importantly, what you can do about it. The Hidden Risks of AI Adoption: Shadow AI The Wiz research team recently uncovered a publicly exposed DeepSeek production ClickHouse database , leaking chat history, API secrets, and other sensitive data—raising serious concerns for any organization using DeepSeek's models. Truth is that many teams rushed to try out DeepSeek given the hype around its truly advanced technologies. While the DeepSeek situation has been surrounded by FUD, drama, and misinformation, it has also set important precedents for privacy ...