Collecting Cyber-News from over 60 sources

Tag: saas

Cybercriminals Exploit Atlassian Cloud to Launch Spam Campaigns Promoting Fraudulent Investments

Feb 17, 2026 2:58 PM

Tags: authentication, cloud, cyber, cybercrime, email, exploit, infrastructure, risk, saas, spam

Cybercriminals abused Atlassian Cloud’s trusted infrastructure to run a burst of highly automated spam campaigns that redirected victims to fraudulent investment schemes and online casinos, highlighting the growing risk of SaaS-powered email abuse. By riding on Atlassian Jira Cloud’s strong domain reputation and built-in email authentication, the attackers were able to bypass many traditional email…
Large Language Model (LLM) integration risks for SaaS and enterprise

Feb 17, 2026 1:58 PM

Tags: api, automation, LLM, risk, saas, service

The rapid adoption of Large Language Models (LLMs) is transforming how SaaS platforms and enterprise applications operate. From embedded copilots and automated support agents to internal knowledge-base search and workflow automation, organisations are increasingly integrating LLM APIs into existing services to deliver faster and more intuitive user experiences. Nevertheless, as adoption accelerates, so too does”¦…
Phishing Evolves Into Multi-Platform Fraud Systems

Feb 16, 2026 5:58 PM

Tags: ai, fraud, phishing, saas

Bolster AI finds phishing has evolved into scalable, multi-platform fraud that hides in search, ads, and SaaS workflows. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/phishing-evolves-into-multi-platform-fraud-systems/
Building Secure Authentication Faster: When SaaS Teams Should Go Passwordless

Feb 16, 2026 12:58 PM

Tags: authentication, saas

Learn when SaaS teams should adopt passwordless authentication to boost security, reduce friction, and accelerate secure product development. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/building-secure-authentication-faster-when-saas-teams-should-go-passwordless/
Critical BeyondTrust RS vulnerability exploited in active attacks

Feb 14, 2026 1:58 AM

Tags: access, attack, authentication, computer, exploit, github, group, hacker, injection, network, ransomware, saas, software, tool, update, vulnerability

remote access.exe and others.”The attackers also managed to create domain accounts using the net user command and then added them to administrative groups such as “enterprise admins” or “domain admins.”The AdsiSearcher tool was used to search the Active Directory environment for other computers and PSexec was used to install SimpleHelp on multiple devices.The researchers also…
AI Governance. When AI becomes an Identity.

Feb 13, 2026 9:58 AM

Tags: ai, control, data, finance, saas

Building the Control Plane for ERP, Finance, and SaaS AI didn’t come with a rollout plan; it crept in unnoticed. Someone turned on a copilot in a finance or CRM application, an IT team tested an agent on a non”‘production system that still contained real audit data, or a regional team started using an AI……
5 key trends reshaping the SIEM market

Feb 13, 2026 8:58 AM

Tags: ai, api, attack, automation, business, cloud, compliance, crowdstrike, cyber, cybersecurity, data, detection, edr, google, guide, Hardware, ibm, identity, incident response, intelligence, jobs, monitoring, msp, network, nis-2, saas, service, siem, soar, startup, technology, threat, tool, vulnerability, vulnerability-management

Market split as midrange sales offset SME slump: A year on, Context’s data shows that this ongoing convergence of SIEM with security tools such as XDR and SOAR has triggered a structural split in the market.”Large midmarket firms are doubling down on unified platforms for compliance, while smaller organizations are investing less in SIEM entirely…
Roses Are Red, AI Is Wild: A Guide to AI Regulation

Feb 12, 2026 9:58 PM

Tags: ai, compliance, governance, guide, regulation, risk, saas

AI regulation doesn’t have to be romanticized or feared. Understand what matters in AI governance, compliance, and SaaS risk management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/roses-are-red-ai-is-wild-a-guide-to-ai-regulation/
Roses Are Red, AI Is Wild: A Guide to AI Regulation

Feb 12, 2026 9:58 PM

Tags: ai, compliance, governance, guide, regulation, risk, saas

AI regulation doesn’t have to be romanticized or feared. Understand what matters in AI governance, compliance, and SaaS risk management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/roses-are-red-ai-is-wild-a-guide-to-ai-regulation/
Best Enterprise SSO Providers for EdTech/Education SaaS in 2026

Feb 12, 2026 2:58 PM

Tags: compliance, saas

Discover the best enterprise SSO providers for EdTech and Education SaaS in 2026, comparing security, scalability, compliance, and integrations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/best-enterprise-sso-providers-for-edtech-education-saas-in-2026/
Supply chain attacks now fuel a ‘self-reinforcing’ cybercrime economy

Feb 12, 2026 1:58 PM

Tags: attack, breach, cybercrime, identity, ransomware, saas, supply-chain

Researchers say breaches link identity abuse, SaaS compromise, and ransomware into a cascading cycle First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/supply_chain_attacks/
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Reco Secures $30M as Enterprises Struggle With Governing AI

Feb 10, 2026 5:16 PM

Tags: ai, ceo, governance, saas, tool

Series B Funding Targets AI Agent Security Across Hundreds of SaaS Apps. Reco’s $30 million Series B round will fuel expansion of its AI SaaS governance platform as enterprises adopt generative AI at scale. CEO Ofer Klein says traditional security tools can’t keep up with the explosion of AI agents embedded across SaaS environments. First…
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
Zscaler AI Security Suite sorgt für mehr Überblick und Kontrolle bei KI-Anwendungen

Feb 7, 2026 11:14 AM

Tags: ai, saas, tool

In der Praxis fehlt vielen Unternehmen der vollständige Überblick über ihre KI-Landschaft. Dazu zählen nicht nur GenKI-Tools, sondern auch KI-Entwicklungsumgebungen, in SaaS integrierte KI-Funktionen, Modelle, Agenten sowie die zugrunde liegende Infrastruktur. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zscaler-ai-security-suite-sorgt-fuer-mehr-ueberblick-und-kontrolle-bei-ki-anwendungen/a43635/
Goßangelegter Missbrauch namhafter SaaS-Plattformen für Telefon-Betrug

Feb 6, 2026 5:14 PM

Tags: fraud, microsoft, phishing, saas, service, software

Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies, hat eine groß angelegte Phishing-Kampagne identifiziert, die bekannte SaaS-Dienste von Microsoft, Amazon, Zoom oder Youtube ausnutzt, um ihre Opfer zu betrügerischen Telefonaten zu verleiten. Anstatt Domänen zu fälschen oder bösartige Links zu versenden, missbrauchen Angreifer gezielt legitime Software-as-a-Service-Plattformen, um telefonbasierte Betrugsversuche durchzuführen, die für…
Check Point Research enttarnt Missbrauch namhafter SaaS-Plattformen für Telefon-Betrug

Feb 6, 2026 3:14 PM

Tags: fraud, saas

Diese Kampagne zeigt, wie Angreifer zunehmend vertrauenswürdige SaaS-Plattformen und native Benachrichtigungsworkflows als Waffen einsetzen, um telefonbasierte Betrugsversuche in großem Umfang durchzuführen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-research-enttarnt-missbrauch-namhafter-saas-plattformen-fuer-telefon-betrug/a43632/
The Buyer’s Guide to AI Usage Control

Feb 5, 2026 1:24 PM

Tags: ai, control, guide, saas, tool

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result…
Managed SaaS Threat Detection – AppOmni Scout

Feb 4, 2026 8:15 PM

Tags: ai, data, detection, monitoring, saas, service, threat

AppOmni Scout Managed Threat Detection Service Expertise to detect SaaS and AI threats and protect your critical data SaaS and AI threat detection led by threat experts Security teams don’t have the resources for timely detection to protect critical data and employees from threats. Monitoring SaaS and AI is complex, time-intensive, and results in… First…
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)

Feb 4, 2026 6:14 PM

Tags: access, attack, breach, business, cloud, control, data, data-breach, endpoint, exploit, flaw, google, infrastructure, injection, intelligence, leak, malicious, rce, remote-code-execution, risk, saas, spam, sql, threat, update, vulnerability

Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
Why Moltbook Changes the Enterprise Security Conversation

Feb 4, 2026 5:13 PM

Tags: ai, credentials, data, github, injection, intelligence, risk, saas

For several years, enterprise security teams have concentrated on a well-established range of risks, including users clicking potentially harmful links, employees uploading data to SaaS applications, developers inadvertently disclosing credentials on platforms like GitHub, and chatbots revealing sensitive information. However, a notable shift is emerging”, one that operates independently of user actions. Artificial intelligence agents…
Why Identity Threat Detection Response Matters in 2026?

Feb 3, 2026 10:13 AM

Tags: breach, cloud, detection, identity, saas, threat

In 2026, identity has firmly established itself as the new security perimeter. As enterprises accelerate cloud adoption, enable remote workforces, and integrate SaaS and third-party ecosystems, attackers are no longer trying to “break in”; they are simply logging in. Compromised identities now sit at the center of most advanced breaches, making Identity Threat Detection &……
IT Security

Feb 3, 2026 5:13 AM

Tags: cloud, computing, cyber, data-breach, infrastructure, resilience, saas, threat

In a world where businesses are built on digital infrastructure, IT security has become a critical pillar of organizational resilience and trust. From cloud computing and remote workforces to SaaS applications and connected devices, modern IT environments are larger, more complex, and more exposed than ever before. At the same time, cyber threats are growing…
ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data

Feb 2, 2026 6:13 PM

Tags: access, attack, cloud, credentials, data, extortion, group, mandiant, mfa, saas, tactics, threat

Several threat clusters are using vishing in extortion campaigns that include tactics that are consistent with those used by high-profile threat group ShinyHunters. They are stealing SSO and MFA credentials to access companies’ environments and steal data from cloud applications, according to Mandiant researchers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/shinyhunters-leads-surge-in-vishing-attacks-to-steal-saas-data/
ShinyHunters Expands Scope of SaaS Extortion Attacks

Feb 2, 2026 6:13 PM

Tags: attack, cybercrime, extortion, group, saas

Following its attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shinyhunters-expands-scope-saas-extortion-attacks
Mandiant details how ShinyHunters abuse SSO to steal cloud data

Jan 31, 2026 9:15 PM

Tags: attack, authentication, cloud, credentials, data, mandiant, mfa, phishing, saas, theft

Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mandiant-details-how-shinyhunters-abuse-sso-to-steal-cloud-data/
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

Jan 31, 2026 9:15 PM

Tags: access, attack, breach, credentials, extortion, google, group, hacking, mandiant, mfa, phishing, saas, threat, unauthorized

Google-owned Mandiant on Friday said it identified an “expansion in threat activity” that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters.The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim First seen on thehackernews.com Jump…