AI chatbots, SaaS platforms, and assumed safety are creating new risks. ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
Zero Trust Weekly

This week in Zero Trust

The most dangerous cyber risks are the ones we underestimate

Estimated reading time: 5-6 minutes

 

In this issue:

  • Is the corporate network really safer than remote work?
  • The SaaS security gaps attackers are counting on
  • Implementing Zero Trust no longer slows productivity
  • Webinar: How to stop phishing and session hijacking attacks
  • Threats you need to know: Kali365 and AI-driven malware distribution
View in browser

Manage preferences

From the CEO

Your fastest path to compliance

 

"Most major cybersecurity compliance frameworks are moving in the same direction. NIST, HIPAA, ISO 27001, and the Australian Essential Eight (just to name a few) are rooted in Zero Trust philosophy: controlling access, enforcing least privilege, blocking unauthorized software, and continuously monitoring the environment. That does not mean buying a Zero Trust product automatically makes you compliant. But in my experience, organizations that genuinely adopt a Zero Trust approach find compliance becomes significantly easier, regardless of the framework."  - Danny Jenkins

From the ThreatLocker blog

RTO risks, SaaS security, and Zero Trust without friction

 

Does the return to office lower cyber risks?

Office environments come with their own vulnerabilities

  • What's happening: Return to office mandates are increasing, and it has many wondering whether organizations are at greater risk of cyber threats in an office or remote/hybrid setting. Phishing attempts spike with remote work, and unsecure home networks and unknown personal devices create headaches for IT teams. However, ransomware can spread faster on internal systems, and the office environment can inadvertently increase insider threat risks. 
  • Why it matters: Assuming the corporate network is inherently safer leaves organizations open to risk. Many worry that returning to the office will lead companies to loosen controls concerning device validation, identity verification, and behavioral monitoring. 
  • The big picture: Attackers do not care where someone is working from. They only care about vulnerabilities they can exploit. With cloud platforms and SaaS tools handling so much data, access typically comes down to credentials rather than location.
    See which environment creates the biggest hidden risks.

SaaS security is too often overlooked

Businesses cannot rely on SaaS providers entirely

  • What's happening: Software-as-a-service (SaaS) platforms are integral to many organizations, and attacks against them are increasing. Instead of only targeting infrastructure vulnerabilities, many threat actors target weak access controls and identity gaps, controls that sit on the customer side of responsibility. Insider threats, misconfigurations, and excessive permissions are all underestimated SaaS security risks. 
  • Why it matters: A successful breach of a SaaS platform can impact thousands of customers, and many organizations misunderstand SaaS security. Providers secure the service itself through firewalls and hardened infrastructure, but each customer is responsible for securing how the service is configured and accessed in their own environment.
  • The big picture: In SaaS environments, credential theft and permission abuse account for most security incidents, and these are outside the SaaS providers' control. Real SaaS security must be enforced internally with default-deny allowlisting and least privilege access. 
    The SaaS security gaps many organizations miss.

How to implement Zero Trust without friction

Modern tools make the process more intuitive and scalable

  • What's happening: More frameworks and governments are aligning with or recommending Zero Trust controls as the best defense against cyber threats, leading to an increase in Zero Trust adoption. In the past, organizations have resisted Zero Trust because of cumbersome early tools and the perception that Zero Trust adoption disrupts productivity. Truthfully, Zero Trust is about taking control and simplifying daily work. 
  • Why it matters: Not running a Zero Trust framework increases risk. Modern threats have been designed to bypass traditional defenses that hope to catch malicious activity before too much damage is done. 
  • The big picture: Adopting Zero Trust isn't complex with the right plan in place. Educate internal security and operations teams on the benefits of Zero Trust. Learn your environment and simulate policies before full rollout to ensure vital functions aren't restricted. 
    A practical roadmap for Zero Trust adoption.
How to stop phishing and session hijacking attacks

Webinar: MFA is not enough: How to stop phishing and session hijacking attacks

Tuesday, June 16

 

Session hijacking and token theft attacks are increasing because attackers no longer need passwords to compromise accounts. Learn how device-level access controls can stop phishing-based account takeover attacks even after credentials are stolen.

Register today

Threats you need to know

PhaaS continues to grow, trust in AI is being abused 

 

Phishing-as-a-service platform gives access without credentials

Kali365 enables attackers to bypass MFA

  • What's happening: The FBI has warned of a phishing-as-a-service (PhaaS) platform called Kali365 that allows attackers to access Microsoft 365 tokens and bypass MFA without legitimate credentials. The platform runs as a subscription service and provides AI-generated phishing lures, victim tracking, and automated templates. 

  • Why it matters: The attacks typically impersonate trusted cloud and document sharing services and provide a code for the target to paste into a legitimate Microsoft verification page. From here, threat actors gain OAuth access and refresh tokens, giving them access to Teams, Outlook, OneDrive, and more. 
  • The big picture: Assuming compromise is not as far-fetched as it may have once seemed. The likelihood of one of your coworkers or employees falling for a phishing attack is increasing. Controls that restrict what users—legitimate or malicious—can access or execute are crucial to limiting damage after compromise.

AI chatbots recommend malicious sites

Active cryptojacking campaign using AI chatbots

  • What's happening: Microsoft is warning of a new cryptojacking campaign that is using AI chatbots to send unsuspecting users to malicious download sites. CrystalDiskInfo, HWMonitor, and PDFgear are some of the legitimate utilities being impersonated, and Microsoft speculated the goal is to compromise systems with the highest mining value rather than infecting the most machines possible. 

  • Why it matters: Users are finding these websites in interactions with LLMs or in search results thanks to SEO poisoning. Most often, they are asking for software download recommendations and are directed to the malicious sites by the AI chatbot.

  • The big picture: Users are beginning to trust AI recommendations and LLMs the same way they trust search engines, and attackers are exploiting that shift. Continuous verification is a must when it comes to researching and using new tooling. Users should validate software sources internally instead of implicitly trusting search engines or AI-generated recommendations.

ThreatLocker events

Meet the Cyber Hero Team in person at these upcoming events

  • InfoTech Live | June 9–11
    Las Vegas, Nevada
  • Kaseya DattoCon Europe | June 16–18
    Prague, CZ
  • GITEX Europe | June 30–July 1
    Berlin, DE
  • SANSFIRE | July 14–15
    Washington D.C.
  • Black Hat USA | August 1–6
    Las Vegas, Nevada
  • Technology in Government | August 4–5
    Canberra, AU
See more upcoming events
Cyber Hero Frontline, a magazine by ThreatLocker

Issue 4 of the ThreatLocker magazine Cyber Hero Frontline is out now. Inside you'll find:

  • 7-Zip is one innocent tool with many major flaws
  • The evolution of cybersecurity across emerging digital markets in India, Nigeria, and Latin America
  • Akira and the business of modern ransomware

Get all that plus more actionable insights and strategies to fight evolving cyber threats:

Get the next issue of Cyber Hero Frontline
ThreatLocker: Zero Trust Platform | Zero Trust Weekly

ThreatLocker, 1901 Summit Tower Blvd, Orlando, Florida 32810, United States

Manage preferences

Connect with us

                             

©2026 ThreatLocker Inc., All Rights Reserved