Cybersecurity | Breaking Cybersecurity News | The Hacker News

The transition to container-first infrastructure is complete, with microservices now powering production-critical workloads and driving digital innovation for most enterprises. While 100% of DevSecOps leaders view containerization as critical to their production strategy, this shift has been accompanied by a crisis in security frameworks. According to the ActiveState 2026 State of Vulnerability Management & Remediation Report , respondents' organizations faced a staggering 82% container breach rate over the past year. Many companies have tried to mitigate risk by "shifting left", empowering developers to build security into their code from the start while still leveraging containers and open-source software from public registries. But in 2026, the reality of shifting left has often meant shifting a mountain of undifferentiated remediation work (i.e., fixing someone else's code) onto already overextended engineering teams. How should Security Leaders think about container se...

CTM360 researchers have identified a large-scale fraud campaign involving thousands of fake banking websites that actively target users in the United States and the United Kingdom. Over the past year, more than 11,000 fraudulent bank domains were observed, with 8,000+ in the U.S. and 3,000+ in the UK, all operating without regulatory authorization or physical presence. These are not throwaway phishing pages. They are polished, SEO-optimized platforms that impersonate legitimate financial institutions, regulators, and lending services. Not Your Typical Phishing Fraud What sets this campaign apart is operational maturity. The fake banks offer services such as loans, mortgages, grants, and high-limit credit cards, often promising instant approval or no credit checks. Victims are funneled through simplified onboarding flows, fake KYC processes, and staged "approvals" designed to build trust before monetization. Once engaged, users are pressured to pay activation or processing fees ,...

Open-source intelligence (OSINT) was once a discipline primarily associated with criminal investigations and national intelligence work. Today, it has become a critical pillar in a wide range of corporate and operational processes from internal investigations and fraud detection to KYC, third-party validation, and due-diligence assessments. However, despite this shift in importance, OSINT is still frequently performed in an ad-hoc manner: how data is collected, how evidence is preserved, and operational security mechanisms often depend on individual habits rather than standardised practice. In many cases, investigations are even conducted directly from managed corporate devices, putting both the integrity of the intelligence operation and the wider enterprise network at unnecessary risk. This lack of standardisation introduces operational, security, and compliance risks that many organisations do not fully recognise until something goes wrong. Operational Risk Glazer is a sandboxed...

Why reporting, delivery, and validation have become just as critical as testing itself Pentesting has undergone a fundamental shift over the last 5 years. While the core objective of identifying exploitable weaknesses remains the same, the way results are managed, delivered, and validated has become just as important as the testing itself. Security leaders no longer view penetration tests as one-off engagements that end with a PDF. They expect timely, actionable results that feed into their broader vulnerability management and remediation programs. For pentest teams, this shift has exposed a growing gap between how testing is performed and how outcomes are operationalized. Why Traditional Pentest Delivery Is Breaking Down Historically, pentest results have been delivered as static reports, often disconnected from vulnerability scanners, ticketing systems, and remediation workflows. This creates a challenge as the data becomes siloed from other security data and is not aligned int...

A 2024 Gartner® survey of 162 large enterprises shows organizations running an average of 45 cybersecurity tools. It's no surprise, then, that 52% of executives cite complexity as the biggest barrier to effective security operations. While mid-market organizations typically run fewer tools, smaller IT and security teams mean they often face equal—or greater—operational complexity. Why Security Platforms Emerged The industry's answer to tool sprawl has been the security platform: a consolidated approach designed to reduce complexity by replacing multiple point products. In principle, platforms promise tighter integration, improved visibility across the attack surface, better alert correlation, and faster response. Research supports this direction. The 2025 IBM Institute for Business Value report notes that organizations with higher security platform maturity identify and contain incidents more quickly. Consolidation Doesn't Always Equal a Platform Vendor consolidation is accelera...

The employee who doesn't exist Not long ago, the idea of a fake employee sounded far-fetched. Resume fraud? Sure. Outsourced interviews? Occasionally. But a completely synthetic person (face, voice, work history, and identity) getting hired, onboarded, and trusted inside a company used to feel like science fiction. That era is over. Gartner predicts that by 2028, one in four candidate profiles worldwide could be fake . The firm also reports that 6% of job candidates admit to interview fraud, including impersonation or having someone else interview for them. Hiring teams are already seeing face-swapping and synthetic identities appear in real interview workflows. Taken together, the pattern is clear: companies are increasingly interviewing, and in some cases hiring, people who don't exist. These "employees" can pass screening, ace remote interviews, and start work with legitimate credentials. Then, once inside, they steal data, map internal systems, divert funds, or quietly set the...

Deepfakes aren't just viral clips or political media anymore — they're appearing in enterprise workflows where a camera feed is treated as proof: onboarding, account recovery, remote hiring, privileged access, and partner verification. That shift forces security teams to ask not just, "Does this look fake?" but, "Can we verify in real time that the capture is authentic and the channel isn't compromised — without disrupting the workflow?" A new benchmark from Purdue University addresses that question. Instead of testing detectors on clean, lab-style samples, Purdue evaluated tools on real incident content pulled from social platforms — the kind of compressed, low-resolution, post-processed material that tends to break models tuned to ideal conditions. What Purdue tested — and why it matters Purdue built its benchmark around the Political Deepfakes Incident Database (PDID), which focuses on deepfake incidents circulating on X/Twitter, YouTube, TikTok, and Instagram. Real-world distri...

AI is everywhere. What began as machine learning and evolved into novelty technology applications has rapidly progressed into a significant component of daily life and enterprise strategy. It influences how our businesses plan, code, implement, and protect our most sensitive assets. Among its most transformative applications is its growing role in identity and access management (IAM) . The Expanding Influence of AI in Identity Security Within identity security, AI is reshaping how we define a mature IAM program. What once required manual reviews, repetitive decision-making, and active triage is now increasingly supported by intelligent automation. AI streamlines operations, reduces human bottlenecks and errors, and strengthens security postures through robust, context-driven assistance and automation. The Strength of Predictive AI Modern identity programs lean heavily on predictive analytics—AI capabilities that run continuously in the background to analyze behaviors, support auto...

In November 2025, Anthropic revealed a cyber espionage campaign dubbed GTG-1002, the first documented case of an AI agent orchestrating real-world intrusions with minimal human input. A Chinese state-sponsored group manipulated Anthropic's Claude Code assistant into executing about 80% of a multi-target hacking campaign autonomously. Instead of merely advising cybercriminals, the AI took control of key steps: reconnaissance, vulnerability discovery, exploitation, credential theft, and data exfiltration across dozens of organizations. The result was an operation running at machine tempo. Claude performed tasks in a fraction of the time a human team would need, even identifying sensitive databases and writing exploits in seconds. Figure 1: The distinct phases of the Claude cyberattack At the peak of the attack, the AI made thousands of requests (often several per second), an onslaught of activity impossible for humans to match. This speed and scale of automation is a game changer: a...

For nearly two decades, offensive security has centered around the same basic ritual: schedule an annual or quarterly penetration test, brace for the findings, remediate what you can, and then repeat the next cycle next year. It's familiar, predictable, and built into every compliance framework. It's also fundamentally mismatched to the way modern infrastructure works and the way attackers operate.  Today's environments change too quickly for point-in-time testing to provide real assurance. Cloud deployments shift daily; CI/CD pipelines push new code constantly, and new assets appear abruptly. A penetration test conducted in November tells you almost nothing about your exposure in January.  This is where Continuous Penetration Testing (CPT) comes in. CPT doesn't just improve offensive security outcomes but reshapes the equation entirely. When organizations adopt continuous validation, they gain clearer visibility, shorter remediation cycles, and tangible, measurable ROI. ...