Artificial Intelligence | Breaking Cybersecurity News | The Hacker News

For security leaders, the inbox remains the front door for attackers. Here's why the smartest teams are adding adaptive, AI-driven protection to their cloud email security, not replacing them. Email is still the number-one attack vector for enterprises, and it is not even close. The FBI's Internet Crime Complaint Center reported that business email compromise alone generated $3 billion in losses in 2024 , with AI-enabled attacks accelerating the trend ( FBI IC3 Report ). The attacks that succeed today don't carry obvious malicious payloads. They rely on trust, tone, and timing; a spoofed vendor sending a "routine" invoice update, or a convincing impersonation of a CEO with an urgent request. No malware. No suspicious links. Just words, carefully chosen. Microsoft 365 is the backbone of productivity for most organizations, and Microsoft Defender and Exchange Online Protection do solid work catching known spam, malware, and co...

We recently worked with an organization that had invested heavily in advanced security tooling, including AI-driven detection and monitoring capabilities. From a technical perspective, the environment appeared mature: alerts were firing, dashboards were populated, and risks were clearly identified.  Yet progress had stalled.  The security team and IT disagreed on ownership. Business leadership perceived cyber risk as "under control," while the security team felt increasingly exposed and unheard. AI surfaced the signals, but no one could agree on what to do with them.  The turning point did not come from additional tooling or deeper analysis. It came from reframing the conversation.  By aligning stakeholders around clear business impact, contextualizing the findings against industry peers, and translating technical gaps into credible, board-level risk narratives that reinforced the internal security team's concerns rather than questioning their judgment, decisions were finally ma...

While working on the Transparent Tribe's vibeware research, we have encountered two distinct camps, the optimists and the skeptics. What makes the current dialogue unique is that both sides can be right at the same time. There is, however, a clear operational reason why we encounter "AI attacks" primarily on professional social media feeds rather than within our own telemetry logs. In this article, we analyze the factors explaining why Skynet is not here yet, and how, much like a shark, AI does not need to be innovative to be dangerous. LLM Architecture Bias LLMs are mathematically optimized to predict the most likely outcome, while hacking is the art of identifying the statistical anomaly. LLMs are designed to predict the most statistically probable next token. They are excellent at the average, but poor at the exceptional. A hacker, by contrast, is a practitioner of statistical anomaly, actively seeking the low-pro...

The conversation around AI in the SOC has mostly centered on efficiency: closing alerts faster, reducing queue backlog, and automating repetitive work that burns out L1 analysts. That framing is directionally right, and it matters because analyst fatigue is real. For teams dealing with high alert volume, analysts are often asked to make good decisions under a fragmented context and time pressure. But that framing is still incomplete. The bigger shift is not just workflow automation or orchestration of predefined playbooks. It is AI's ability to perform contextual, hypothesis-driven investigation across multiple telemetry sources, work that has traditionally depended on experienced L2 or L3 analysts and limited human time. When that capability can be applied consistently across every alert, it changes the operating model, not just the speed of the existing one. Two recent investigations at Prophet Security make that real. In both cases, the attacks were not obvious from signature-bas...

AI hype is everywhere. Every security vendor claims their platform is "AI-powered." Dashboards promise automation. Generative AI is positioned as the solution to staffing shortages. For small and mid-sized organizations with lean IT and cybersecurity teams, these messages are understandably compelling. But this leads to a critical question: Can AI realistically strengthen your security program — and is it worth the effort? The Current Reality: Under-Resourced and Overwhelmed Small and midsized organizations face a difficult equation. Threat actors are becoming more sophisticated. Attack surfaces continue to expand. Compliance pressures are rising. Meanwhile, security teams are small — often just a few professionals wearing multiple hats. AI sounds like a relief. In theory, it can accelerate detection, reduce alert fatigue, automate triage, improve response times, and surface hidden threats buried in large volumes of data. But AI is not plug-and-play magic for defenders. For l...

In the digital world, the secure exchange of cryptographic keys is the foundation upon which all private communication is built. It's the initial, critical handshake that allows two parties, like a user's browser and a web server, to establish a shared secret and communicate securely over the untrusted expanse of the internet. As the quantum computing era approaches, the very mathematics underpinning our traditional key exchange mechanisms are facing an existential threat. This spurred the development of new, quantum-resistant algorithms. This blog post provides a deep dive into how modern key exchange works, from the trusted classical methods to the emerging post-quantum standards, and explores how Zscaler leverages hybrid key exchange to bridge the gap. The Key Components of Modern Key Exchange At a high level, a secure key exchange protocol must achieve the following: Confidentiality: The established key must be a secret shared only between the two communicating parties. An ea...

Here's what keeps me up at night. Not zero-days. Not sophisticated nation-state attacks. What worries me is the backlog. Every MSP has one. The list of security configurations that need fixing. The policies have been sitting in "report only" mode since last year. The E5 features that clients are paying for but nobody's turned on because it might break something. The app registrations with excessive permissions from three years ago that nobody's audited. The conditional access policies that need updating but keep getting pushed to next quarter. We all know this backlog exists. We tell ourselves we'll get to it. But quarters turn into years, and that backlog just grows. Meanwhile, AI attackers don't have a backlog. They have automation. Most breaches in Microsoft 365 won't start with a zero-day. They'll start with a setting that's been in "report only" for two years. Example tenant: critical Conditional Access policies exist but a...

Every few years, a breach happens that security teams study for the wrong reasons. SolarWinds is a good example. When the compromised Orion update started reaching customer environments in early 2020, the signals were already there: unusual DNS requests, unexpected authentication behavior in Azure AD, odd SAML token activity, and lateral movement from on-premises Active Directory into cloud environments.  None of it looked like an attack. Each signal sat at low or medium severity, and they were scattered across domains. The attackers had close to a year of dwell time before FireEye, a victim itself, discovered the breach while investigating a stolen red-team toolkit. We tend to call SolarWinds a one-off. It wasn't.  The real lesson from that breach, and from the ones that have followed it, is structural.  SOCs are designed, staffed, and measured around routine work: phishing, endpoint detections, and user anomalies. The people, processes, dashboards, and tools are ...