SaaS Security | Breaking Cybersecurity News | The Hacker News

AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you're not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background. And here's the problem: 🔐 They're invisible 🧠 They're powerful 🚨 They're unsecured In traditional identity security, we protect users. With AI, we've quietly handed over control to software that impersonates users — often with more access, fewer guardrails, and no oversight. This isn't theoretical. Attackers are already exploiting these identities to: Move laterally through cloud infrastructure Deploy malware via automation pipelines Exfiltrate data — without triggering a single alert Once compromised, these identities can silently unlock critical systems. You don't get a second cha...

Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries ), exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. "Low-code platforms such as Salesforce Industry Cloud make building applications easier, but that convenience can come at a cost if security isn't prioritized," Aaron Costello, chief of SaaS Security Research at AppOmni, said in a statement shared with The Hacker News. These misconfigurations, if left unaddressed, could allow cybercriminals and unauthorized to access encrypted confidential data on employees and customers, session data detailing how users have interacted with Salesforce Industry Cloud, credentials for Salesforce and other company systems, and business logic. Following responsible discl...

You don't need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That's shadow IT. And today, it's not just about unsanctioned apps, but also dormant accounts, unmanaged identities, over-permissioned SaaS tools, and orphaned access. Most of it slips past even the most mature security solutions. Think your CASB or IdP covers this? It doesn't. They weren't built to catch what's happening inside SaaS: OAuth sprawl, shadow admins, GenAI access, or apps created directly in platforms like Google Workspace or Slack. Shadow IT is no longer a visibility issue - it's a full-blown attack surface. Wing Security helps security teams uncover these risks before they become incidents.  Here are 5 real-world examples of shadow IT that could be quietly bleeding your data. 1. Dormant acces...

Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks in ways endpoint or network-based DLP tools can monitor. Yet, most companies continue using legacy DLP systems, leaving critical security gaps. A new white paper, Rethinking DLP For The SaaS Era: Why Browser-Centric DLP is the New Mandate , identifies precisely why current DLP methods struggle to secure modern SaaS-driven workflows. It also explores how browser-native security addresses these gaps by focusing security efforts exactly where user interactions occur, in the browser. Why Traditional DLP Tools Fall Short Traditional DLP solutions were built for a simpler time when sensitive...

For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core identity workflows . Core workflows, like enrolling in Multi Factor Authentication (MFA), keeping credentials secure and up to date, and revoking access the moment someone leaves—are often manual, inconsistent, and vulnerable to error. And when security execution relies on memory or follow-up, gaps appear fast. Human error remains one of the biggest threats to enterprise security. Verizon's 2025 Data Breach report found that the human element was involved in 60% of breaches. The same manual missteps that led to breaches a decade ago still expose identity systems today. Cerby's 2025 Identity Automation Gap research report shows just how wi...

Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem: they stop short of where the most sensitive user activity actually happens—the browser. This isn't a small omission. It's a structural limitation. And it's leaving organizations exposed in the one place they can't afford to be: the last mile of user interaction. A new report Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection analyzing gaps in SSE implementations reveals where current architectures fall short—and why many organizations are reevaluating how they protect user interactions inside the browser. The findings point to a fundamental visibility challenge at the point of user action. SSEs deliver value for what they're designed to do—enforce network-level policies and route traffic securely between en...

Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also makes it a prime target. Microsoft reports over 600 million attacks on Entra ID every day. These aren't just random attempts, but include coordinated, persistent, and increasingly automated campaigns designed to exploit even small vulnerabilities. Which brings us to the core question: Are Entra ID's native protections enough? Where do they fall short — and what steps should you take to close the gaps and ensure you're covered? Understanding Entra ID At its core, Microsoft Entra ID is your enterprise identity and access management system. It defines how users prove who they are, what resources...

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can generate reports, comb through data, or get instant answers just by asking Copilot.  However, alongside this convenience comes serious security concerns. Copilot operates across a company's SaaS apps (from SharePoint to Teams and beyond), which means a careless prompt or a compromised user account could expose troves of sensitive information.  Security experts warn that organizations shouldn't assume default settings will keep them safe. Without proactive controls, every file in your organization could be accessible via Copilot. A malicious actor might use Copilot to discover and exfiltrate confidential data without having to manually search through systems. With the right prom...

What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security unnoticed. This week's threats are a reminder: waiting to react is no longer an option. Every delay gives attackers more ground. ⚡ Threat of the Week Critical SAP NetWeaver Flaw Exploited as 0-Day — A critical security flaw in SAP NetWeaver (CVE-2025-31324, CVSS score: 10.0) has been exploited by unknown threat actors to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The attacks have also been observed using the Brute Ratel C4 post-exploitation framework, as well as a well-known technique called Heaven's Gate to bypass endpoint protections. ...

Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before.  Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary cause of breaches. Source: Verizon DBIR Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary cause of breaches. Source: Verizon DBIR Attackers are turning to identity attacks like phishing because they can achieve all of the same objectives as they would in a traditional endpoint or network attack, simply by logging into a victim's account. And with organizations now using hundreds of internet apps across their workforce, the scope of accounts that can be phished or targeted with s...

As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks . Keep Aware's recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work. The reality is that traditional security tools are blind to what happens within the browser , and attackers know it. Key Findings: 70% of phishing campaigns impersonate Microsoft, OneDrive, or Office 365 to exploit user trust. 150+ trusted platforms like Google Docs and Dropbox are being abused to host phishing and exfiltrate data. 10% of AI prompts involve sensitive business content, posing risks across thousands of browser-based AI tools. 34% of file uploads on company devices go to personal accounts, often undetected. New Attack Patterns Bypass Traditional Defenses From phis...