Cybersecurity | Breaking Cybersecurity News | The Hacker News

Identity sprawl, agentic AI risk, and the path to NHI governance maturity When security leaders talk about identity risk, the conversation almost always centers on humans: Privileged users, compromised accounts, insider threats. But for most enterprises, the greater risk has already shifted. And it has nothing to do with your employees. Non-human identities (NHIs) — service accounts, API keys, OAuth tokens, SSH keys, RPA bots, cloud workload credentials and AI agents — are the fastest-growing, least-governed attack surface in the modern enterprise. And the industry is beginning to reckon with what that means. $4.88M Global average cost of a data breach — IBM Cost of a Data Breach 2024 The scope of the problem The numbers are striking. Research from Rubrik Zero Labs puts the NHI-to-human identity ratio at 45:1 in the modern enterprise. For cloud-native and DevOps environments, Entro Labs H1 2025 research puts that figure at 144:1.  These identities are not passive: They au...

BEC accounted for over $3 billion in reported losses last year alone. Most organizations don't realize they're exposed until it's too late. Here's how to tell if your defenses have gaps. Business email compromise doesn't announce itself. There's no ransomware splash screen, no locked files, no dramatic system outage. Instead, a finance team member processes what looks like a routine vendor payment update. A controller wires funds based on what appears to be a CFO's direct request. By the time anyone notices, the money is gone. The FBI IC3's 2024 Internet Crime Report documented $55 billion in cumulative BEC losses over the past decade, with $3 billion in 2024 alone — making it the most financially destructive enterprise-targeted cyber threat in the country. The challenge with BEC is that it exploits trust, not technology. These attacks carry no malicious payload for a gateway to catch — just carefully crafted messages designed to manipulate human judgment. That makes traditional de...

Attackers embraced AI in 2024. They are running attacks at agentic speed now. Security operations mostly aren't moving at the same pace. The mismatch between attack speed and response speed is now the most exploitable condition in most environments.  We recently ran an analysis on healthcare organizations using Check Point Exposure Management . One tertiary hospital had reduced its mean time to remediate (MTTR) to 0.87 hours. Zero IPS bypass events. 100% hardening effectiveness. Sub-one-hour MTTR, at scale, in a regulated healthcare environment where change control alone used to take days. We did not get there from patching faster. It came from changing the model entirely. The Asymmetry Nobody Talks About The security industry spent years optimizing detection. Feed more signals into SIEM, add more correlation rules, build bigger dashboards. Detection got faster. But remediation stayed manual, sequential, and slow. Meanwhile, attackers didn't wait. They adopted agentic to...

The conversation around Anthropic's Claude Mythos Preview has understandably centered on zero-days. If AI systems can identify and exploit vulnerabilities across every operating system and browser at scale, defenders have to assume that exploit timelines will keep compressing. But for CISOs, the harder question is how long exposed access credentials remain valid after defenders discover the exposure. Credentials determine how far an attacker can move, how long they can persist, and how difficult containment becomes. A vulnerability just gets them in the door. That gap between time-to-exploit and time-to-revoke is where many organizations are most exposed. GitGuardian's State of Secret Sprawl report shows 64% of valid secrets detected in 2022 were still active and exploitable four years later in an environment where exploitation now collapses to hours. Vulnerabilities get attackers in the door, but credentials decide how far they go. The Mythos-ready briefing , developed b...

Phishing emails have reached a point where they can fool both people and the tools designed to stop them. For anyone working through a packed inbox, it's easy to trust what looks familiar and click without a second thought. What's worrying is that phishing is rarely the end goal. It's usually the entry point for something much bigger: a ransomware attack. Once attackers gain access, they don't act immediately. They move through systems, map connections, and prepare the environment. By the time ransomware is deployed, it's the final step — not the first. To stay ahead, you need protection at two critical points. An advanced email security solution that catches even the most stealthy phishing attempts, and a strong BCDR strategy that lets you restore data quickly and avoid paying a ransom if something slips through. Why phishing remains so effective Phishing works because it plays on human behavior. Email may seem like a simple communication tool, but it functions as a decision-mak...

Most of the commentary on Anthropic's Claude Mythos Preview has gone in one of two directions: one camp treats it as the civilizational inflection point, the other as marketing dressed up as a research result. Neither read is particularly useful for a security leader who still has a program to run on Monday. The AISLE team's technical response to the Mythos announcement made a fair point worth sitting with: much of what was demonstrated is recoverable on smaller, open-weight models, particularly on the discovery side. Early testing results of OpenAI's GPT 5.5 show CTF performance close to or slightly superior to Mythos; the exclusivity framing is arguable, but the accelerated model improvement in offensive security is undisputable. The UK AI Security Institute found that Mythos can autonomously execute a complete corporate network takeover, succeeding in 30% of its attempts on a complex attack range — a task AISI estimates would require roughly 20 hours for a human e...

For years, cybersecurity has operated on a simple premise: detect malware, stop the attack. That model is starting to break down. Attackers are no longer relying primarily on malicious files or obvious payloads. Instead, they're increasingly turning to what already exists inside your environment — trusted tools, native binaries, and legitimate administrative utilities. These are used to move laterally, escalate privileges, and maintain persistence, often without triggering traditional security alerts. The problem? Most organizations don't recognize this exposure until after the damage is already done. To better understand how this risk manifests in real environments, Bitdefender offers a complimentary free Internal Attack Surface Assessment — a practical, low-friction way to uncover where trusted tools may be working against you. Here's what's really happening inside modern environments — and why attackers prefer to use your own tools against you. 1. Attacks Are Designed Not to ...

Government impersonation scams have evolved into a large, highly coordinated fraud ecosystem targeting citizens across the globe. CTM360 's latest threat intelligence research analyzes a widespread campaign, referred to as GovTrap, that demonstrates how attackers systematically exploit public trust in government institutions through thousands of fraudulent digital platforms. Unlike traditional phishing attacks that rely on simple deceptions, GovTrap campaigns replicate entire government service environments. These fraudulent platforms mimic official portals with high accuracy, including branding, language, workflows, and service structures. From tax portals and licensing systems to fine payment services, each fake site is designed to appear legitimate while functioning as part of a broader, scalable fraud operation. Read the full report here:  https://www.ctm360.com/reports/government-impersonation-phishing-govtrap-scams Scale and Targeting Patterns CTM360 identified mo...

The event that didn't exist At 2:14 p.m. on a Tuesday, an employee clicks a link. If you reconstruct the moment from your security stack, nothing happened. A browser process opened an HTTPS connection. The certificate was valid. The destination wasn't flagged. Traffic volume was unremarkable. No detections fired. Inside the browser session, a different story was unfolding. The page that loaded looked like a routine CAPTCHA with "verify you're human" framing, a prompt to complete a quick check to continue. The instructions told the user to press Windows+R, paste what had already been copied to their clipboard, and hit Enter. In the middle of a busy work day, they did. What they pasted was a shell script. It executed in the user's own context, with the user's own permissions, as a deliberate action the user performed with their own hands. Nothing about the browser session looked unusual. The page rendered normal web content. The clipboard write happene...

Most organizations believe they are prepared for ransomware, but they probably aren't. Sure, everything seems to be in place: backups and a plan for disaster recovery, plus recovery time objective (RTO) and recovery point objective (RPO) tracking.  But when a real attack happens, many fail to recover within acceptable timeframes, if at all.  Not because backups are missing but because they're not reliable or can't be retrieved quickly enough. Therein lies the gap between backup and true cyber resilience . Backup isn't worth much without fast and reliable recovery.  What actually happens when ransomware hits and recovery begins A realistic ransomware incident rarely looks like a sudden outage. It unfolds over time. Day 0 – Initial compromise Cybercriminals steal credentials through phishing or exposed services. Day 3 – Lateral movement Attackers move across endpoints and servers using legitimate tools. Day 7 – Privilege escalation Cyberattackers achieve domain a...