Risk management | Breaking Cybersecurity News | The Hacker News

61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that a security control installed or deployed is not necessarily a security control configured to defend against real-world threats. The recent Gartner® Report , Reduce Threat Exposure With Security Controls Optimization, addresses the gap between intention and outcome. We feel it discusses a hard truth: without continuous validation and tuning, security tools deliver a false sense of, well, security. In this article, we'll take a deep dive into why control effectiveness should be the new benchmark for cybersecurity success, and how organizations can make this shift. The Myth of Tool Coverage Buying more tools has long been considered the k...

For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its place, a new reality took hold—one defined by alert fatigue and overwhelmed teams. According to OX Security's 2025 Application Security Benchmark Report , a staggering 95–98% of AppSec alerts do not require action - and may, in fact, be harming organizations more than helping. Our research, spanning over 101 million security findings across 178 organizations, shines a spotlight on a fundamental inefficiency in modern AppSec operations. Of nearly 570,000 average alerts per organization, just 202 represented true, critical issues. It's a startling conclusion that's hard to ignore: security teams are chasing shadows, wasting time, burning through budgets, and straining relations wit...

Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also makes it a prime target. Microsoft reports over 600 million attacks on Entra ID every day. These aren't just random attempts, but include coordinated, persistent, and increasingly automated campaigns designed to exploit even small vulnerabilities. Which brings us to the core question: Are Entra ID's native protections enough? Where do they fall short — and what steps should you take to close the gaps and ensure you're covered? Understanding Entra ID At its core, Microsoft Entra ID is your enterprise identity and access management system. It defines how users prove who they are, what resources...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term "AI" often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many existing solutions are assistant-based, requiring constant human input, while a new wave of autonomous, Agentic AI has the potential to fundamentally transform security operations. This article examines Agentic AI (sometimes also known as Agentic Security ), contrasts it with traditional assistant-based AI (commonly known as Copilots), and explains its operational and economic impacts on modern SOCs. We'll also explore practical considerations for security leaders evaluating Agentic AI solutions. Agentic AI vs. Assistant AI (aka Copilots): Clarifying the Difference Agentic AI is defined by ...

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities ( KEV ) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has been fixed in versions 10.8.4 and 11.3.1. "CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise," CISA said in an advisory. The shortcoming has been assigned the CVE identifier CVE-2025-31161 (CVSS score: 9.8). It bears noting that the same vulnerability was previously tracked as CVE-2025-2825 , which has now been marked Rejected in the CVE list. The development comes after th...

After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, I've learned that looking busy isn't the same as being secure.  It's an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of the tremendous efforts we're expending - how many vulnerabilities we patched, how fast we responded - but often vulnerability management metrics get associated with operational metrics because traditional approaches to measuring and implementing vulnerability management does not actually reduce risk. So, we resort to various ways of reporting on how many patches were applied under the traditional 30/60/90-day patching method . I call these vanity metrics : numbers that look impressive in reports but lack real-world impact. They offer reassurance, but not insights. Meanwhile, threats continue to grow more sophisticated, and attackers exploit the blind spots we're not measuring. I've se...

AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario : A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security alerts and potential attacks. Before the project can begin, it must pass through layers of GRC (governance, risk, and compliance) approval, legal reviews, and funding hurdles. This gridlock delays innovation, leaving organizations without the benefits of an AI-powered SOC while cybercriminals keep advancing. Let's break down why AI adoption faces such resistance, distinguish genuine risks from bureaucratic obstacles, and explore practical collaboration strategies between vendors, C-suite, and GRC teams. We'll also provide tips from CISOs who have dealt with these issues extensively as w...

Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices. For service providers, adhering to NIST standards is a strategic business decision. Compliance not only protects client data but also enhances credibility, streamlines incident response, and provides a competitive edge.  The step-by-step guide is designed to help service providers understand and implement NIST compliance for their clients. By following the guide, you will: Understand the importance of NIST compliance and how it impacts service providers. Learn about key NIST frameworks, including NIST Cybersecurity Framework (CSF 2.0), NIST 800-53, and NIST 800-171. Follow a structured compliance roadmap—from conducting a...

When assessing an organization's external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention . Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited.  This highlights how important your SSL configurations are in maintaining your web application security and minimizing your attack surface. However, research shows that most (53.5%) websites have  inadequate security and that  weak SSL/TLS configuration is amongst the most common application vulnerabilities. Get your SSL configuration right, and you'll enhance your cyber resilience and keep your apps and data safe. Get it wrong, however, and you can increase your organization's attack surface, exposing your business to more cyberattacks. We'll explore the impacts of SSL misconfigurations and explain why they present such a significant attack surface risk. Then, we'll show you how a s...