Data Breach | Breaking Cybersecurity News | The Hacker News

CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact of risk clear to business decision-makers? Boards want to hear how risk affects revenue, governance, and growth. They have a limited attention span for lists of vulnerabilities or technical details. When the story gets too technical, even urgent initiatives lose traction and fail to get funded. CISOs need to translate technical issues into terms the board understands. Doing so builds trust, garners support and shows how security decisions connect directly to long-term growth. It was the urgent need to bridge the CISO-Board communication gap that led us to create a new paradigm in CISO continu...

For decades, organizations operated under the assumption that vulnerability management could be slotted into predictable maintenance windows. Monthly patch cycles, quarterly review periods, and planned outages became the standard rhythm of IT operations. Yet, in today's environment, where exploit code emerges within hours of a disclosure and attackers weaponize vulnerabilities on an industrial scale, those rhythms are dangerously outdated. The modern reality is that continuous patch management and end-to-end vulnerability lifecycle governance are no longer aspirational, they are the bare minimum. Security must be measured not by the comfort of predictability, but by the ability to remediate as close to real time as possible. The Problem with Periodic Maintenance Windows Exploitation Outpaces Response: exploits are increasingly released at or before vendor patch availability. A monthly or even bi-weekly patch cadence leaves systems exposed during the critical first days when atta...

Enterprises are spending more than ever on DDoS defense, but despite the increased investment, organizations are still suffering damaging downtime. MazeBolt's new DDoS Defense survey , produced in collaboration with Global Surveyz, quizzed 300 CISOs and security directors across the US and Europe, and uncovered some surprising perspectives. The following is a sneak preview from the report. Inside the Survey MazeBolt surveyed senior security leaders at banking, financial services, and insurance companies with between 500 and 25,000 employees and annual revenues of at least $250 million. These are organizations where business continuity is critical and where a single outage can cause severe financial and reputational damage. Attacks Keep Coming – and They're Costly Respondents reported an average of 3.85 damaging DDoS incidents in the past year. 60% said they suffered between 2 and 5 such attacks. Larger companies faced the most serious consequences, with enterprises of more than 1...

For most of its history, the Security Operations Center (SOC) has been a privilege of the few. Building one meant millions in technology spend and round-the-clock analyst coverage. Unsurprisingly, for years, SOCs were a privilege of the few -  large enterprises and organizations with high-risk profiles, where budgets and scale justified the investment. Everyone else was left with partial coverage or had to outsource. That reality is changing. AI has flipped the SOC equation. What was once out of reach for all but the largest enterprises is now accessible and affordable for nearly every company that needs one. The risk every company faces By now, almost any 9-year-old knows that cyberattacks threaten every company . It's no longer just banks and financial giants in the crosshairs. Over the past decade, cyberattacks have expanded into every sector, from e-commerce sites to research institutes to local hospitals. Recent data from the 'VikingCloud 2025 SMB Threat Landscape' repo...

You're jolted awake by a 2:46 AM critical alert: ransomware in production. Customer data's compromised, systems are locked, and $1 million Bitcoin demand stares back at you. Your SIEM lit up. EDR flagged unusual file access. ITDR surfaced account anomalies. But it's too late. The attacker got in with stolen credentials, likely from a phishing email. Once authenticated, they slipped past your defenses, escalated privileges, and detonated ransomware. The post-incident report reveals what your tools missed: the initial login. If authentication had tapped real-time signals from your existing security stack — device compliance, threat intelligence, or login anomalies — the stolen credential could have been blocked at the login prompt, stopping the attack cold. Why Identity Is the New Perimeter Adversaries are increasingly focused on identities and credentials rather than fortified perimeters or servers. After all, why bother cracking a vault when you can stroll in with the keys?  ...

What are Ephemeral Accounts? Corporate audits today, for cyber security insurance or compliance, focus on group memberships to identify who has access to what. This process identifies who is a Domain Admin, Enterprise Admin, Local Administrator, Database Global Admin, Global Admin in Azure, and Root Access in AWS. Accounts with this level of access likely have static privilege. I like to call these accounts game-over accounts. If these accounts are compromised, the company will have a massive issue on its hands.  Other account types lurking in your environment can cause this level of damage. Many DevOps accounts and API keys can also cause this level of damage if compromised. DevOps accounts sometimes fall under the radar outside of the scope of compliance and cybersecurity insurance.  The new Privileged Access Management buzzword among vendors, analysts, and operations teams is Ephemeral Accounts . A common phrase I tend to hear is that we don't have static privileged acc...

ShinyHunters is a notorious cybercrime group that has resurfaced with a new playbook of SaaS-focused attacks. Known for monetizing stolen data on underground forums since 2020, ShinyHunters has historically breached companies by stealing credentials and databases. Recently, however, they've shifted tactics to aggressive social engineering, mirroring the methodology of the Scattered Spider group. Instead of exploiting software vulnerabilities, ShinyHunters now exploits human trust, targeting the underbelly of third-party SaaS platforms through impersonation and phishing. In mid-2025, a wave of breaches struck companies like Google, Workday, Pandora, Cisco, Chanel, and others, all tied together by one common thread: the attackers leveraged access to these firms' Salesforce CRM or similar cloud systems. Below, we look at what happened in the Google and Workday breaches, examine techniques ShinyHunters used, and demonstrate how a dynamic SaaS security approach (like Reco's) could have...

Device and software vulnerabilities pose an increasing risk to modern security. However, patch management is an infamously difficult (and downright Sisyphean) task for IT and security teams, who are faced with an ever-growing list of CVEs to remediate. This task was difficult enough in the days of on-premise environments, but a modern distributed workforce has to contend with all the users, devices, and applications that may exist outside the purview of traditional security solutions, like MDM. Overall, with the ever-growing number of CVEs and the ever-growing sprawl of shadow IT, patch management has become both more urgent and more daunting than ever. IT and security teams need to adopt zero trust methods to ensure that only healthy and patched devices are able to access their critical systems. With the help of SaaS management and employee-remediation tactics, teams can do even more to improve efficacy and support for their company-wide patch management programs.  French philo...