Deepfake | Breaking Cybersecurity News | The Hacker News

Microsoft Teams' cross-tenant collaboration feature, which allows external accounts to message employees directly, is enabled by default in most enterprise deployments . Most organizations have never audited or restricted it. That default setting has become one of the more reliable social engineering entry points security teams are managing today. The base attack is straightforward. An attacker creates an external Teams account, identifies a target through LinkedIn or a company directory, and sends a message posing as IT helpdesk staff. The message cites an urgent account issue (an MFA problem, a security alert, a failed login) and asks the employee to open Quick Assist, a built-in Microsoft remote assistance tool, and approve a session. What has changed recently is the layer added on top of that initial contact: an AI-generated voice that sounds like someone the target already knows. How the Base Attack Chain Unfolds Once Quick Assist access is established, the attack fol...

Deepfakes aren't just viral clips or political media anymore — they're appearing in enterprise workflows where a camera feed is treated as proof: onboarding, account recovery, remote hiring, privileged access, and partner verification. That shift forces security teams to ask not just, "Does this look fake?" but, "Can we verify in real time that the capture is authentic and the channel isn't compromised — without disrupting the workflow?" A new benchmark from Purdue University addresses that question. Instead of testing detectors on clean, lab-style samples, Purdue evaluated tools on real incident content pulled from social platforms — the kind of compressed, low-resolution, post-processed material that tends to break models tuned to ideal conditions. What Purdue tested — and why it matters Purdue built its benchmark around the Political Deepfakes Incident Database (PDID), which focuses on deepfake incidents circulating on X/Twitter, YouTube, TikTok, and Instagram. Real-world distri...

Imagine joining a video call with your CEO, only to find out later the CEO participant was actually an AI-generated fake. Welcome to the new digital battlefield.  Adversarial AI and deepfakes have created an identity attack surface that is not just digital, but is also based on reality itself . These technologies are no longer science fiction or theoretical. They are actively being used to spoof identities, manipulate political perceptions, and circumvent even the best cybersecurity training initiatives. , and circumvent even the best cybersecurity training initiatives.  If your cybersecurity defenses rely solely on human perception, voice recognition, or even visual evidence, you are vulnerable to an attack.  From Cat and Mouse to Machine vs. Machine Cybersecurity has always been a game of cat and mouse. As defenders (mice), we have historically been able to adapt our defenses for phishing, malware , ransomware, and insider threats . Today, we're also strategizing ...

Cybercriminals don't just hack systems—they hack people. They've figured out that humans are wired to trust, empathize, and help, and they're using that against us in ingenious ways. Take this jaw-dropper: In 2024, a company lost over $25 million because an employee fell for a deepfake during a video call. Yep, a fake video of "trusted colleagues" tricked someone into handing over the keys to the kingdom—all kicked off by a phishing email. Ouch. If we want to stay one step ahead, we need to understand the psychology behind these attacks. Let's break it down—the human vulnerabilities, the identity and access management (IAM) fixes, and how to make tech work with (not against) our brains. Why Humans Are the Weakest Link Here's the deal: Humans evolved to trust and empathize. It's why we have friends, families, and functional societies. Mirror neurons in our brains make us feel what others feel, which is awesome for bonding… but terrible when a scammer shows up. Cybercrimi...