Cybersecurity | Breaking Cybersecurity News | The Hacker News

These days, there are plenty of ways to run DDoS simulation testing and make sure you're protected against attacks. You can do it on your own using commercial software or open-source tools—whatever works best for you. That said, there are a few must-haves when it comes to running DDoS tests. For one, you'll need a platform that allows you to easily start and stop attack simulations as needed. Plus, don't forget to notify and get approval from relevant parties, such as your cloud provider or tool vendor, before you begin testing. Beyond these basics, there are some best practices that can help you get the most out of your  DDoS testing . 1 – Plan tests to validate the protection of your most critical assets  While it may be easier to run black box testing (basically launching attacks without looking at the internal structure, architecture, and configuration of your protection), a white box testing approach is much more effective when it comes to uncovering serious vulnera...

You're jolted awake by a 2:46 AM critical alert: ransomware in production. Customer data's compromised, systems are locked, and $1 million Bitcoin demand stares back at you. Your SIEM lit up. EDR flagged unusual file access. ITDR surfaced account anomalies. But it's too late. The attacker got in with stolen credentials, likely from a phishing email. Once authenticated, they slipped past your defenses, escalated privileges, and detonated ransomware. The post-incident report reveals what your tools missed: the initial login. If authentication had tapped real-time signals from your existing security stack — device compliance, threat intelligence, or login anomalies — the stolen credential could have been blocked at the login prompt, stopping the attack cold. Why Identity Is the New Perimeter Adversaries are increasingly focused on identities and credentials rather than fortified perimeters or servers. After all, why bother cracking a vault when you can stroll in with the keys?  ...

What are Ephemeral Accounts? Corporate audits today, for cyber security insurance or compliance, focus on group memberships to identify who has access to what. This process identifies who is a Domain Admin, Enterprise Admin, Local Administrator, Database Global Admin, Global Admin in Azure, and Root Access in AWS. Accounts with this level of access likely have static privilege. I like to call these accounts game-over accounts. If these accounts are compromised, the company will have a massive issue on its hands.  Other account types lurking in your environment can cause this level of damage. Many DevOps accounts and API keys can also cause this level of damage if compromised. DevOps accounts sometimes fall under the radar outside of the scope of compliance and cybersecurity insurance.  The new Privileged Access Management buzzword among vendors, analysts, and operations teams is Ephemeral Accounts . A common phrase I tend to hear is that we don't have static privileged acc...

At some point in the last decade, SIEMs turned into that one friend who always promises to help you move, then shows up late, eats all your pizza, and still expects gas money. They were supposed to deliver centralized visibility and faster investigations. Instead, most SOC teams ended up with endless alerts, eye-watering bills, and dashboards that look impressive on the big screen but don't actually stop attackers. So, how did we end up here? A short history: when SIEMs were actually useful Back when firewalls were still exciting, SIEMs solved a real problem: logs scattered everywhere, auditors breathing down your neck, and no way to answer "who logged into what, when?" Then came the "next-gen" era. Vendors promised smarter detection, correlations across your stack, and even a pinch of threat intel. The promise was fewer false positives and a faster response. But instead of taming noise, NG SIEMs just amplified it. It was like turning up the volume on a broken radio and calling ...

Security teams today live in two different realities. On one side, platforms like ServiceNow create order: every vulnerability has a ticket, every incident has a workflow, and everything ties back to the CMDB. On the other side, attackers create chaos. They don't follow workflows. They look for the easiest way in, chaining together whatever exposures they can find until they reach something valuable. A vulnerability marked as "medium" in a ticketing system can still be the critical link in an attack path that leads straight to a company's crown jewels. In the ticketing system, the issue appears in isolation, yet attackers see how it connects to everything else. Without visibility into how exposures link together, teams risk wasting effort while the actual attack paths stay open. This is where ServiceNow's integration with XM Cyber comes in. By layering attack graph analysis onto VR and SIR , the platform lets teams see each issue through an attacker's eyes. Tickets and incidents ar...

ShinyHunters is a notorious cybercrime group that has resurfaced with a new playbook of SaaS-focused attacks. Known for monetizing stolen data on underground forums since 2020, ShinyHunters has historically breached companies by stealing credentials and databases. Recently, however, they've shifted tactics to aggressive social engineering, mirroring the methodology of the Scattered Spider group. Instead of exploiting software vulnerabilities, ShinyHunters now exploits human trust, targeting the underbelly of third-party SaaS platforms through impersonation and phishing. In mid-2025, a wave of breaches struck companies like Google, Workday, Pandora, Cisco, Chanel, and others, all tied together by one common thread: the attackers leveraged access to these firms' Salesforce CRM or similar cloud systems. Below, we look at what happened in the Google and Workday breaches, examine techniques ShinyHunters used, and demonstrate how a dynamic SaaS security approach (like Reco's) could have...

In early 2025, Russian state-backed threat group Secret Blizzard targeted foreign embassies with a man-in-the-middle (MITM) attack that bypassed MFA. Instead of sending phishing emails or dropping malware, they compromised the root of trust on embassy systems — the mechanism that determines which connections and certificates are trusted. By controlling local internet infrastructure inside Russia, Secret Blizzard: Used that certificate to impersonate legitimate websites without triggering browser warnings. Intercepted "secure" traffic to harvest session tokens, cookies, and credentials — without detection. High-signal takeaway: A root-of-trust compromise undermines all Transport Layer Security (TLS)-based protections, including FIDO-based MFA. Why Traditional MFA and FIDO Fail Against This Attack Seemingly secure MFA assumes secure TLS connections. When TLS is compromised via a rogue root certificate, the browser happily connects to an attacker-controlled endpoint. This break...

AI-powered coding assistants now play a central role in modern software development. Developers use them to speed up tasks, reduce boilerplate snippets, and automate routine code generation. But with that speed comes a dangerous trade-off. The tools designed to accelerate innovation are degrading application security by embedding subtle yet serious vulnerabilities in software. Nearly  half of the code snippets generated by five AI models contained bugs that attackers could exploit, a study showed. A second study confirmed the risk, with nearly one-third of Python snippets and a quarter of JavaScript  snippets produced by GitHub Copilot having security flaws . The problem goes beyond flawed output. AI tools instill a false sense of confidence. Developers using AI assistance not only  wrote significantly less secure code than those who worked unaided, but they also believed their insecure code was safe, a clear sign of automation bias. The Dangerous Simplicity of AI-...

Imagine joining a video call with your CEO, only to find out later the CEO participant was actually an AI-generated fake. Welcome to the new digital battlefield.  Adversarial AI and deepfakes have created an identity attack surface that is not just digital, but is also based on reality itself . These technologies are no longer science fiction or theoretical. They are actively being used to spoof identities, manipulate political perceptions, and circumvent even the best cybersecurity training initiatives. , and circumvent even the best cybersecurity training initiatives.  If your cybersecurity defenses rely solely on human perception, voice recognition, or even visual evidence, you are vulnerable to an attack.  From Cat and Mouse to Machine vs. Machine Cybersecurity has always been a game of cat and mouse. As defenders (mice), we have historically been able to adapt our defenses for phishing, malware , ransomware, and insider threats . Today, we're also strategizing ...