Zero Trust | Breaking Cybersecurity News | The Hacker News

Identity Is the New Perimeter—And It's Fractured In 2025, identity isn't just a security issue—it's the battleground. And too many organizations are getting caught flat-footed. Organizations today must reckon with complex hybrid environments that contain interconnected endpoints, servers, cloud services, DevOps systems, identity infrastructure, and much more. And with enterprise systems no longer fitting neatly into a single network perimeter, the identities used to interact with these systems have become the new perimeter.  A strong cybersecurity foundation starts with clear visibility that puts risk in content. Identity security is no different. However, in practice, identity management systems are anything but centralized. Building IDs and access to physical offices are handled by one system. Logins to Windows machines are generally managed with Windows domains and Active Directory—but what about Macs and Linux machines? Companies use Okta, Ping Identity, or the equivalent ...

Gone are the days of mass phishing campaigns. Today's attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams—exploiting human vulnerabilities with precision. The Zscaler ThreatLabz 2025 Phishing Report dives deep into the rapidly evolving phishing landscape and uncovers the latest trends, including top phishing targets, real-world examples of AI-driven phishing attacks, and actionable best practices to defend against the next wave of AI-powered phishing threats. Key findings on phishing attacks The ThreatLabz research team analyzed over 2 billion blocked phishing transactions captured across the Zscaler Zero Trust Exchange™ cloud security platform from January 2024 to December 2024 and uncovered several key findings: Phishing is down but is more tar...

Identity-based attacks are the #1 cause of breaches, often exploiting weaknesses in traditional identity platforms. It's time for a proactive approach that addresses these gaps and stops threats before they strike. Identity has become the primary attack surface in cybersecurity. According to Forbes, 75% of cyberattacks leverage identity-based threats. Threat actors gain access using stolen credentials, compromised devices, and deepfake impersonation techniques, often bypassing traditional defenses without detection. Many identity platforms rely on MFA, such as push notifications and one-time passcodes (OTPs), which were once considered secure but are now frequently exploited through phishing, MFA fatigue, and man-in-the-middle attacks. The rise of generative AI has made these threats more effective and more prevalent.  To compensate, organizations have deployed tools like Endpoint Detection and Response (EDR), Network Detection and Response (NDR), and Identity Threat Detection ...

The cybersecurity community has been buzzing about JPMorgan Chase CISO Pat Opet's open letter to third-party suppliers since its release right before RSA. This candid assessment from the security leader of one of the world's largest financial institutions has struck a chord, particularly his observations about SaaS security. Opet didn't mince words: " SaaS models are fundamentally reshaping how companies integrate services and data—a subtle yet profound shift eroding decades of carefully architected security boundaries ." This statement encapsulates a reality that security professionals have been grappling with—the traditional security perimeter has dissolved, replaced by a complex web of interconnected SaaS applications, each with their own configurations, access controls, and data sharing capabilities. Let's break down the key issues highlighted in Opet's letter and explore practical solutions. The New SaaS Security Challenges OAuth Vulnerabiliti...

In today's digital landscape, where cyber threats are becoming increasingly sophisticated and pervasive, organizations must take a hard look at their traditional security models. For over three decades, firewalls and VPNs have been the backbone of network security. However, as the threat landscape evolves, it's clear that these legacy systems are no longer sufficient. Enter the Zero Trust model, exemplified by innovative solutions like Zscaler, which could revolutionize the way your organization approaches cybersecurity. Understanding the Risks Public IP Addresses as Attack Surfaces One of the critical vulnerabilities inherent in traditional security models is the reliance on public IP addresses. These addresses serve as direct attack surfaces for malicious actors. Just as having your phone number in a public directory makes you susceptible to unwanted calls, exposing public IPs makes organizations vulnerable to cyberattacks. Attackers can easily discover these IPs, allowing th...

Many of the day-to-day digital operations of businesses, governments, and critical infrastructure have one thing in common: Microsoft. From the Microsoft Windows operating systems powering endpoints and servers, to Azure's rapidly growing cloud services, Microsoft's products are everywhere, making the company and its products attractive targets for threat actors seeking to exploit vulnerabilities at scale.  With more than 1.4 billion Windows users around the globe and the adoption of platforms like Microsoft 365, Active Directory, and Azure surging, a single exploitable vulnerability in a Microsoft product can open the door to privilege escalation, lateral movement, or ransomware deployments that impact tens of thousands of interconnected systems. Whether nation state or financially motivated, modern cyber-crime syndicates will consistently take the path of least resistance, and vulnerable assets are a reliable attack vector. For twelve years, the Microsoft Vulnerabilities Repor...

Many moons ago, when the World Wide Web was young and the nerd in me was strong, I remember building a PC and setting it up as a web server. In those exciting, pioneering days, it was quite something to be able to have my very own IP address on the internet and serve my own web pages directly from my Apache server to the world. Great fun. I also remember looking at the server logs in horror as I scrolled through pages upon pages of failed login, and presumably hacking, attempts. I'd buttoned things up pretty nicely from a security standpoint, but even so, it would only have taken a vulnerability in an unpatched piece of software for a breach to occur, and from there, all bets would have been off. Even today, many internet service providers will let you provision your own server, should you feel brave enough. Of course, the stakes were not high for me at home, but knowing what we know now about the growth of ransomware attacks and how AI is facilitating them, no organization would da...

Businesses are firmly in attackers' crosshairs. Financially motivated cybercriminals conduct ransomware attacks with record-breaking ransoms being paid by companies seeking to avoid business interruption. Others, including nation-state hackers, infiltrate companies to steal intellectual property and trade secrets to gain commercial advantage over competitors. Further, we regularly see critical infrastructure being targeted by nation-state cyberattacks designed to act as sleeper cells that can be activated in times of heightened tension. Companies are on the back foot. Leaders must be confident in their cyber posture: Are defenses up to the job of keeping attacks at bay? Does the leadership team have a complete understanding of the threats and risks the company faces? How can CEOs seize the initiative to get ahead of threats? Adoption of zero trust architectures to improve cyber defense Businesses that don't embrace true zero trust will find themselves increasingly vulnerable to br...