Digital Identity | Breaking Cybersecurity News | The Hacker News

Most identity verification failures do not originate from flawless synthetic IDs or visually undetectable deepfakes. Instead, they stem from structural exposures and information loss between the point of data capture and the final automated decision. As remote identity systems evolve, trust becomes an architectural property. If a backend cannot verify the hardware provenance of an image or video, the rest of the security pipeline operates on degraded input. By the time a synthetic face reaches a visual liveness model, the most critical context may already be gone. This post examines why fragmented identity APIs drop vital signals, how identity supply chains dilute accountability, and why these gaps allow digital injection attacks to succeed. The Hidden Risk in Identity Supply Chains Modern identity verification often relies on a complex supply chain that distributes camera capture, document parsing, liveness checks, and risk scoring across multiple vendors. Rather than opera...

The employee who doesn't exist Not long ago, the idea of a fake employee sounded far-fetched. Resume fraud? Sure. Outsourced interviews? Occasionally. But a completely synthetic person (face, voice, work history, and identity) getting hired, onboarded, and trusted inside a company used to feel like science fiction. That era is over. Gartner predicts that by 2028, one in four candidate profiles worldwide could be fake . The firm also reports that 6% of job candidates admit to interview fraud, including impersonation or having someone else interview for them. Hiring teams are already seeing face-swapping and synthetic identities appear in real interview workflows. Taken together, the pattern is clear: companies are increasingly interviewing, and in some cases hiring, people who don't exist. These "employees" can pass screening, ace remote interviews, and start work with legitimate credentials. Then, once inside, they steal data, map internal systems, divert funds, or quietly set the...

Deepfakes aren't just viral clips or political media anymore — they're appearing in enterprise workflows where a camera feed is treated as proof: onboarding, account recovery, remote hiring, privileged access, and partner verification. That shift forces security teams to ask not just, "Does this look fake?" but, "Can we verify in real time that the capture is authentic and the channel isn't compromised — without disrupting the workflow?" A new benchmark from Purdue University addresses that question. Instead of testing detectors on clean, lab-style samples, Purdue evaluated tools on real incident content pulled from social platforms — the kind of compressed, low-resolution, post-processed material that tends to break models tuned to ideal conditions. What Purdue tested — and why it matters Purdue built its benchmark around the Political Deepfakes Incident Database (PDID), which focuses on deepfake incidents circulating on X/Twitter, YouTube, TikTok, and Instagram. Real-world distri...