SaaS Security | Breaking Cybersecurity News | The Hacker News

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can generate reports, comb through data, or get instant answers just by asking Copilot.  However, alongside this convenience comes serious security concerns. Copilot operates across a company's SaaS apps (from SharePoint to Teams and beyond), which means a careless prompt or a compromised user account could expose troves of sensitive information.  Security experts warn that organizations shouldn't assume default settings will keep them safe. Without proactive controls, every file in your organization could be accessible via Copilot. A malicious actor might use Copilot to discover and exfiltrate confidential data without having to manually search through systems. With the right prom...

What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security unnoticed. This week's threats are a reminder: waiting to react is no longer an option. Every delay gives attackers more ground. ⚡ Threat of the Week Critical SAP NetWeaver Flaw Exploited as 0-Day — A critical security flaw in SAP NetWeaver (CVE-2025-31324, CVSS score: 10.0) has been exploited by unknown threat actors to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. The attacks have also been observed using the Brute Ratel C4 post-exploitation framework, as well as a well-known technique called Heaven's Gate to bypass endpoint protections. ...

Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before.  Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary cause of breaches. Source: Verizon DBIR Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary cause of breaches. Source: Verizon DBIR Attackers are turning to identity attacks like phishing because they can achieve all of the same objectives as they would in a traditional endpoint or network attack, simply by logging into a victim's account. And with organizations now using hundreds of internet apps across their workforce, the scope of accounts that can be phished or targeted with s...

As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks . Keep Aware's recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work. The reality is that traditional security tools are blind to what happens within the browser , and attackers know it. Key Findings: 70% of phishing campaigns impersonate Microsoft, OneDrive, or Office 365 to exploit user trust. 150+ trusted platforms like Google Docs and Dropbox are being abused to host phishing and exfiltrate data. 10% of AI prompts involve sensitive business content, posing risks across thousands of browser-based AI tools. 34% of file uploads on company devices go to personal accounts, often undetected. New Attack Patterns Bypass Traditional Defenses From phis...

Your employees didn't mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And by the time an alert is triggered—if it even exists—damage may already be done. This Isn't a Hypothetical Problem. It's Happening Now. AI adoption inside organizations is no longer strategic. It's spontaneous. Employees are experimenting, connecting, automating—and bypassing security while doing it. AI systems are becoming embedded in your SaaS stack without visibility or oversight. And it's creating a new class of shadow integrations—ones that don't show up in traditional threat models. If your current defenses rely on manual tracking, policy enforcement, or user education alone, you'r...