The Hacker News | Expert Insights — Index Page

Automated tools give you visibility. Adversarial testing gives you clarity. In Salesforce environments, you need both. The Problem with Checkbox Security in a Platform-Centric World Salesforce has become more than just a CRM—it's the backbone of how many organizations operate. It holds customer data, governs workflows, drives revenue, and connects to dozens of internal and third-party systems. But that complexity is exactly what makes it hard to secure. And too often, security teams rely solely on generic scans or scheduled audits that were never designed to handle the nuance of Salesforce's layered permissions, custom logic, and evolving integrations. The result? A lot of surface-level findings—and a lot of assumptions about what those findings actually mean. Automation Is Essential—But It's Only One Layer There's no question that modern scanning tools play a vital role in Salesforce security. The right platforms can surface deeply nested permissions, cross-object access paths,...

Generative AI has quietly become a part of the SaaS ecosystem that businesses use every day. Platforms like Zoom, Slack, Microsoft 365, and Salesforce now have AI assistants. You can use these tools to do things like write summaries of meetings or perform routine tasks. A recent  survey found that 95% of U.S. businesses now use generative AI. This is a big increase from last year. But this quick growth of AI features is making security leaders worried. Sensitive information could be leaked or used in the wrong way if there aren't enough controls in place. Shadow AI and Its Far-Reaching Risks When employees use AI apps without the knowledge or approval of IT, it creates shadow AI . This is akin to the shadow IT problem of unsanctioned cloud apps, but now with AI services. The unauthorized use of AI platforms can unknowingly expose organizations to data privacy issues, compliance violations, and even disinformation risks. We're already seeing these risks play out. Samsung engin...

The past year has marked a decisive shift in the way Distributed Denial-of-Service (DDoS) attacks operate. DDoS used to mean, simply speaking, the overwhelming of targets with massive amounts of traffic. But now, DDoS attacks have evolved into precision-guided threats – and this transformation can be partly attributed to AI.  The acceleration is measurable. In the first quarter of 2025 alone, DDoS incidents surged by 358 percent compared to the same period in 2024, according to Cloudflare. Even more concerning, the proportion of attacks that caused actual production downtime rose by 53 percent. This is not just a spike. It is a sign that attackers are fundamentally changing how DDoS campaigns are planned, launched, and adapted in real time. The consequences are significant: organizations that rely on legacy DDoS defenses or irregular testing methods are finding themselves exposed, often without knowing it. How Attackers are Enhancing DDoS Attacks DDoS attacks historically reli...

The Perfect Recipe for Endpoint Security Calls for Privilege Control Today's most effective ransomware attacks don't require malware; they require a login. Modern threat actors don't need to break in. They can leverage legitimate identities and their privileges to gain a foothold, then continue to capitalize on them, moving laterally to probe for more opportunities and manipulate vulnerabilities and exploits to spread ransomware and spyware. A vulnerable identity or account tied to an endpoint can quickly become an attacker's ticket to your most valuable assets and controls.  With legitimate identities being used as the initial foothold in more attacks, we're seeing less 'anomalous' activity and far more seemingly normal actions performed by a trusted, privileged user. And attackers are keenly aware of how easily they can 'hide' behind these legitimate user accounts.  This is why Endpoint Detection and Response (EDR) is really only one piece of the endpoint protection puzz...

When generative AI tools became widely available in late 2022, it wasn't just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in the enterprise not through official channels, but through the hands of employees eager to work smarter. Faced with the risk of sensitive data being fed into public AI interfaces, many organizations responded with urgency and force: They blocked access. While understandable as an initial defensive measure, blocking public AI apps is not a long-term strategy—it's a stopgap. And in most cases, it's not even effective. Shadow AI: The Unseen Risk The Zscaler ThreatLabz team has been tracking AI and machine learning (ML) traffic across enterprises, and the numbers tell a compelling story. In 2024 ...

With every credential breach that hits the news, CISOs and security professionals continually reach the same conclusion: passwords are insecure, and we should abandon them in favor of less risky authentication factors. But, secure or not, passwords are stubborn. The 2025 Verizon DBIR rated the likelihood of this being the year we finally eliminate passwords as being on par with "this being the year of the Linux desktop."  Any IT or security pro who has had to explain passkeys to their coworkers can tell you that 2025 isn't going to be the year we do away with passwords. Frankly, that year's not likely to come any time soon. Even if it were technically feasible (it often isn't) to transition every single login at a company to passkeys or biometrics, that would take years of concentrated effort. In the meantime, security leaders can't afford to sit on their hands and ignore the credential risks currently facing their company.  We need a new approach to thinking about secur...

Reachability has quickly become one of the latest buzzwords in cybersecurity, but every vendor means something slightly different by the term. In part one of this series, I argued that reachability is really about only showing exploitable vulnerabilities. In part two , I compared runtime and static reachability to determine that if the goal of reachability analysis is to only fix exploitable vulnerabilities, only runtime reachability will get us there. The final question to address is, "Which type of runtime reachability is the right kind?" In 2025, almost every vendor uses the term reachability, alongside a nifty funnel showing your vulnerability count going down, but vendors almost always mean different things by the term. In this article, we'll explore the complexity of reachability types, and how while there's no silver bullet, function level reachability for vulnerabilities is the best overall answer to the problem. Flavors of Runtime Reachability All excalidraws are availab...

Your identity environment holds the keys to your most critical data in the form of privileged accounts. Industry consolidation and a desire for company growth both often lead to mergers or acquisitions which, if not managed closely, can wreak havoc on an identity landscape. Mergers of identity environments create a glut of identities and identity accounts to manage, some of which may be redundant. They also introduce new 3rd parties, contractors and non-human identities like service accounts, bots etc.... into the equation. In addition, a merger or acquisition could hybridize the identity landscape, adding Cloud applications to on-prem resources, and vice versa. All of this increases the attack surface if not managed properly. As the two companies determine how to best work together, there is a level of uncertainty that can result in temporary measures as a stop-gap. Temporary access is often granted to provide employee, contractor and third party access to applications and privile...

Sub: GenAI is here to stay. The organizations that thrive will be those that understand its risks, implement the right safeguards, and empower their employees to harness it safely and responsibly. For many people, generative AI (GenAI) began as personal experimentation in homes and on personal devices. Now, however, AI has become deeply ingrained in workplace habits, creating productivity gains, but also exposing organizations to significant security gaps. Sensitive company data, inadvertently or otherwise, regularly finds its way into public AI systems, leaving IT and cybersecurity leaders scrambling to respond. Once proprietary data is processed by a public AI tool, it may become part of the model's training data, serving other users down the line. For example, in March 2023, a multinational electronics manufacturer was reported to have experienced several incidents of employees entering confidential data, including product source code, into ChatGPT. Generative AI applications, su...

As AI continues to make inroads into enterprise security, it's easy to see the appeal: faster triage, smarter detection, and fewer manual workflows. From SOAR platforms streamlining alerts to AI-enhanced identity systems approving access requests in milliseconds, the value proposition is clear — greater efficiency, speed, and scale. But here's the rub: speed without scrutiny can lead to security drift. AI is a powerful enabler, not an autonomous guardian. And in corporate security — where stakes include sensitive employee data, internal intellectual property, and privileged infrastructure — the absence of human oversight isn't just risky; it's potentially catastrophic. AI as a Copilot, Not a Commander In modern corporate security environments, AI-driven tooling is increasingly embedded into day-to-day operations. Triage systems leverage AI to correlate alerts, automation scripts to remediate routine issues, and IAM platforms auto-approve low-risk access. These advancements undenia...