Cybersecurity | Breaking Cybersecurity News | The Hacker News

For security leaders, the inbox remains the front door for attackers. Here's why the smartest teams are adding adaptive, AI-driven protection to their cloud email security, not replacing them. Email is still the number-one attack vector for enterprises, and it is not even close. The FBI's Internet Crime Complaint Center reported that business email compromise alone generated $3 billion in losses in 2024 , with AI-enabled attacks accelerating the trend ( FBI IC3 Report ). The attacks that succeed today don't carry obvious malicious payloads. They rely on trust, tone, and timing; a spoofed vendor sending a "routine" invoice update, or a convincing impersonation of a CEO with an urgent request. No malware. No suspicious links. Just words, carefully chosen. Microsoft 365 is the backbone of productivity for most organizations, and Microsoft Defender and Exchange Online Protection do solid work catching known spam, malware, and co...

How session cookie theft bypasses MFA — and what you can do about it When you check into a hotel, you show your ID at the front desk. The clerk verifies who you are, maybe checks a secondary piece of information, and hands you a key card. From that point on, that key card is what gets you into your room. It doesn't matter that you proved your identity at check-in. What matters is who has the key. Your applications work the same way. When a user logs into a web application — entering their password, completing an MFA challenge — the application issues them a session token, typically stored as a cookie in their browser. That token is their key card. Every subsequent request the user makes, the application checks for the token, not the credentials. If the token is valid, access is granted. And if someone steals that token? They get in, too. No username required. No password required. No MFA prompt. They simply ...

We recently worked with an organization that had invested heavily in advanced security tooling, including AI-driven detection and monitoring capabilities. From a technical perspective, the environment appeared mature: alerts were firing, dashboards were populated, and risks were clearly identified.  Yet progress had stalled.  The security team and IT disagreed on ownership. Business leadership perceived cyber risk as "under control," while the security team felt increasingly exposed and unheard. AI surfaced the signals, but no one could agree on what to do with them.  The turning point did not come from additional tooling or deeper analysis. It came from reframing the conversation.  By aligning stakeholders around clear business impact, contextualizing the findings against industry peers, and translating technical gaps into credible, board-level risk narratives that reinforced the internal security team's concerns rather than questioning their judgment, decisions were finally ma...

While working on the Transparent Tribe's vibeware research, we have encountered two distinct camps, the optimists and the skeptics. What makes the current dialogue unique is that both sides can be right at the same time. There is, however, a clear operational reason why we encounter "AI attacks" primarily on professional social media feeds rather than within our own telemetry logs. In this article, we analyze the factors explaining why Skynet is not here yet, and how, much like a shark, AI does not need to be innovative to be dangerous. LLM Architecture Bias LLMs are mathematically optimized to predict the most likely outcome, while hacking is the art of identifying the statistical anomaly. LLMs are designed to predict the most statistically probable next token. They are excellent at the average, but poor at the exceptional. A hacker, by contrast, is a practitioner of statistical anomaly, actively seeking the low-pro...

Vulnerability management is the continuous process of identifying, assessing, prioritizing, and addressing security weaknesses across systems, applications, and infrastructure. It extends beyond periodic scanning; it includes validating findings, understanding exposure in real-world environments, and tracking remediation over time. Effective vulnerability management combines asset visibility, vulnerability intelligence, and operational context to determine which flaws present actual risk rather than theoretical exposure. Modern IT environments further complicate the process of vulnerability management. Hybrid IT infrastructure, third-party dependencies, and internet-facing services increase the attack surface while generating large volumes of vulnerability data. Security teams must balance operational constraints, such as out-of-support legacy systems and uptime requirements, with the need to quickly reduce exposure. As a result, vulnerability management is no longer limited to coun...

Most application security (AppSec) teams know their OWASP Top 10, the industry-standard list of the most critical software security risks. Fewer know which of those categories their organization actually fixes. In conversations with security teams, I hear the same story: "We prioritize criticals, so the important stuff gets handled." The data tells a different story. Fix rates vary dramatically by OWASP vulnerability class, and not in the ways most teams expect. The data comes from Semgrep's Remediation at Scale report , which analyzed anonymized remediation patterns across 50,000+ repositories and hundreds of organizations during 2025. The methodology is straightforward: group organizations into two cohorts by fix rate (top 15% as "leaders," remaining 85% as "field"), then compare what each group actually does differently. The gap between leaders and the field isn't about detection quality or prioritization frameworks. Both cohorts apply the s...

While AI reduces some coding flaws, credential sprawl accelerates, expanding the non-human identity attack surface, and making remediation the new security bottleneck. AI is changing software development faster than most security teams can adapt. As coding assistants and autonomous agents become embedded in daily workflows, many assume traditional application security controls will steadily lose relevance. If machines can scan code, catch flaws, and even suggest safer alternatives in real time, then software risk should start to shrink. But that's not what is happening in the real world, according to GitGuardian's security research. The battle isn't in the code anymore, because AI is shifting where the control point is. It's in the credentials, tokens, service accounts, and machine identities that AI systems need in order to access data and take action. This matters because the attack surface has fundamentally changed. AI-assisted commits grew exponentially in 2025 and leaked secr...

Telegram entered 2025 under unprecedented pressure. Public scrutiny, regulatory attention, and leadership turmoil forced the platform to do something it had long resisted, enforce at scale. Moderation volumes surged, automation expanded, and millions of channels and groups were removed in a single year. On paper, this looks like a turning point.  In practice, it wasn't the collapse of cyber criminal activity on Telegram; it was an evolution, for sure, but not a collapse.  What we are seeing in 2026 is not a mass exodus from the platform, nor a meaningful decline in threat actor coordination. Instead, Telegram's crackdown has triggered a familiar pattern. Criminal ecosystems adapt faster than platforms can reform. Read the just released Telegram report, by Tal Samra and Or Shichrur for evasion methods, statistics and monitoring recommendations: https://checkpoint.cyberint.com/telegrams-crackdown-criminal-resilience Over 43 Million & Channels Blocked  Tele...