Data Breach | Breaking Cybersecurity News | The Hacker News

Phishing emails have reached a point where they can fool both people and the tools designed to stop them. For anyone working through a packed inbox, it's easy to trust what looks familiar and click without a second thought. What's worrying is that phishing is rarely the end goal. It's usually the entry point for something much bigger: a ransomware attack. Once attackers gain access, they don't act immediately. They move through systems, map connections, and prepare the environment. By the time ransomware is deployed, it's the final step — not the first. To stay ahead, you need protection at two critical points. An advanced email security solution that catches even the most stealthy phishing attempts, and a strong BCDR strategy that lets you restore data quickly and avoid paying a ransom if something slips through. Why phishing remains so effective Phishing works because it plays on human behavior. Email may seem like a simple communication tool, but it functions as a decision-mak...

For years, cybersecurity has operated on a simple premise: detect malware, stop the attack. That model is starting to break down. Attackers are no longer relying primarily on malicious files or obvious payloads. Instead, they're increasingly turning to what already exists inside your environment — trusted tools, native binaries, and legitimate administrative utilities. These are used to move laterally, escalate privileges, and maintain persistence, often without triggering traditional security alerts. The problem? Most organizations don't recognize this exposure until after the damage is already done. To better understand how this risk manifests in real environments, Bitdefender offers a complimentary free Internal Attack Surface Assessment — a practical, low-friction way to uncover where trusted tools may be working against you. Here's what's really happening inside modern environments — and why attackers prefer to use your own tools against you. 1. Attacks Are Designed Not to ...

Telegram entered 2025 under unprecedented pressure. Public scrutiny, regulatory attention, and leadership turmoil forced the platform to do something it had long resisted, enforce at scale. Moderation volumes surged, automation expanded, and millions of channels and groups were removed in a single year. On paper, this looks like a turning point.  In practice, it wasn't the collapse of cyber criminal activity on Telegram; it was an evolution, for sure, but not a collapse.  What we are seeing in 2026 is not a mass exodus from the platform, nor a meaningful decline in threat actor coordination. Instead, Telegram's crackdown has triggered a familiar pattern. Criminal ecosystems adapt faster than platforms can reform. Read the just released Telegram report, by Tal Samra and Or Shichrur for evasion methods, statistics and monitoring recommendations: https://checkpoint.cyberint.com/telegrams-crackdown-criminal-resilience Over 43 Million & Channels Blocked  Tele...

The employee who doesn't exist Not long ago, the idea of a fake employee sounded far-fetched. Resume fraud? Sure. Outsourced interviews? Occasionally. But a completely synthetic person (face, voice, work history, and identity) getting hired, onboarded, and trusted inside a company used to feel like science fiction. That era is over. Gartner predicts that by 2028, one in four candidate profiles worldwide could be fake . The firm also reports that 6% of job candidates admit to interview fraud, including impersonation or having someone else interview for them. Hiring teams are already seeing face-swapping and synthetic identities appear in real interview workflows. Taken together, the pattern is clear: companies are increasingly interviewing, and in some cases hiring, people who don't exist. These "employees" can pass screening, ace remote interviews, and start work with legitimate credentials. Then, once inside, they steal data, map internal systems, divert funds, or quietly set the...

As SaaS ecosystems expand, not every user is human anymore. AI assistants, automation bots, integration services, and API tokens now perform countless actions across business cloud applications, often with the same or greater access privileges as employees. These non-human identities (NHIs) are silently driving productivity while introducing a new class of risk: unmonitored, long-lived, and often misunderstood access. These machine credentials (service accounts, API keys, OAuth tokens, etc.) are essential for automation and integrations, but their growth far outpaces the oversight and security controls applied to them. The result is a widening visibility gap. A lot of NHI types enjoy broad permissions within SaaS apps, sometimes more privileges than a human user, yet they rarely get the same scrutiny as employee accounts. Over-privilege is common: about one-third of SaaS app integrations have access to sensitive data that exceeds their needs. Let's examine a few notable data brea...

The browser has quietly become the most critical application in the enterprise — and the most targeted. With SaaS, cloud, and hybrid work redefining IT boundaries, browsers now handle proprietary data, credentials, and business workflows. Yet legacy security tools like firewalls, antivirus, and EDR were never designed to defend this new digital front line. The shift from being an ancillary tool to becoming the main location of work means legacy security solutions, such as firewalls, antivirus, VDI, etc., are not equipped to provide the necessary level of protection needed to secure today's organizations. The browser, once an afterthought, is now the weak link that legacy defenses simply can't secure.  This article examines the modern browser exploitation playbook and details why legacy tools alone are no match for today's cybercriminals. By adopting a Secure Enterprise Browser (SEB), enterprises can complement their existing security tools, shore up their weak link, and future-p...

CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact of risk clear to business decision-makers? Boards want to hear how risk affects revenue, governance, and growth. They have a limited attention span for lists of vulnerabilities or technical details. When the story gets too technical, even urgent initiatives lose traction and fail to get funded. CISOs need to translate technical issues into terms the board understands. Doing so builds trust, garners support and shows how security decisions connect directly to long-term growth. It was the urgent need to bridge the CISO-Board communication gap that led us to create a new paradigm in CISO continu...

For decades, organizations operated under the assumption that vulnerability management could be slotted into predictable maintenance windows. Monthly patch cycles, quarterly review periods, and planned outages became the standard rhythm of IT operations. Yet, in today's environment, where exploit code emerges within hours of a disclosure and attackers weaponize vulnerabilities on an industrial scale, those rhythms are dangerously outdated. The modern reality is that continuous patch management and end-to-end vulnerability lifecycle governance are no longer aspirational, they are the bare minimum. Security must be measured not by the comfort of predictability, but by the ability to remediate as close to real time as possible. The Problem with Periodic Maintenance Windows Exploitation Outpaces Response: exploits are increasingly released at or before vendor patch availability. A monthly or even bi-weekly patch cadence leaves systems exposed during the critical first days when atta...