#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Incident Response | Breaking Cybersecurity News | The Hacker News

Category — Incident Response
Breach Transparency Remains Cybersecurity's Toughest Governance Problem

Breach Transparency Remains Cybersecurity's Toughest Governance Problem

Jul 06, 2026
Cybersecurity is entering a new phase. It's one where the gap between awareness and operational execution is becoming the industry's biggest challenge. That's what stood out to me most after reviewing the results of the 2026 Bitdefender Cybersecurity Assessment , which found that organizations have never had greater insight into the risks they face, yet turning that understanding into meaningful action remains a persistent challenge. Nowhere is that gap more visible, in my view, than in how organizations handle breach transparency. We surveyed 1,200 IT and cybersecurity professionals across six countries: France, Germany, Italy, Singapore, the United Kingdom, and the United States. Respondents ranged from frontline employees to IT managers to CISOs, all working within organizations with 500 or more employees. A Governance Problem, Not an Attacker Problem One of the most troubling findings in our report is not about attacker behavior. It's about internal respons...
AI-Speed Attacks Are Forcing a Rethink of Incident Response

AI-Speed Attacks Are Forcing a Rethink of Incident Response

Jul 06, 2026 Cyber Risk / AI Security
The most important cybersecurity impact of artificial intelligence is not that attackers can write better phishing emails or automate parts of their workflow. It is that AI is changing the speed, scale, and decision-making dynamics of cyberattacks.  That creates a problem many organizations have not yet fully confronted: most cyber governance and incident response models were designed for human-speed attacks.  For years, security teams operated under a familiar sequence. Detect suspicious activity. Investigate. Validate the threat. Escalate to leadership. Decide on containment. Communicate with stakeholders. That model still has value, but it assumes defenders have enough time to build confidence before taking material action.  AI-enabled attacks challenge that assumption.  Adversaries can now use AI to accelerate reconnaissance, generate highly personalized social engineering, modify malware, test payloads, summarize stolen data, identify vulnerabilities, a...
Building a Security Strategy for AI-Powered Ransomware Attacks

Building a Security Strategy for AI-Powered Ransomware Attacks

Jun 22, 2026
Launching a ransomware attack used to take real effort. Now, thanks to AI, almost anyone can launch a sophisticated attack, which changes the game for everyone responsible for protecting businesses. Reconnaissance that once took hours now takes minutes. Phishing emails that used to require careful crafting can now be generated at scale and sent to hundreds of targets simultaneously. IBM's 2025 Cost of a Data Breach Report found that AI reduced the time required to create phishing emails from 16 hours to just 5 minutes. For MSPs managing dozens or hundreds of clients, and for internal IT teams holding the line across an entire organization, understanding how AI is changing ransomware is key to staying ahead of the threat and minimizing disruption when attacks occur. The attack that starts in the inbox Before attackers can encrypt files or demand a ransom, they first need a way into the organization. One of the easiest ways to get that access is by tricking someone into cli...
7 Signs Your Organization Is Vulnerable to Business Email Compromise

7 Signs Your Organization Is Vulnerable to Business Email Compromise

May 18, 2026
BEC accounted for over $3 billion in reported losses last year alone. Most organizations don't realize they're exposed until it's too late. Here's how to tell if your defenses have gaps. Business email compromise doesn't announce itself. There's no ransomware splash screen, no locked files, no dramatic system outage. Instead, a finance team member processes what looks like a routine vendor payment update. A controller wires funds based on what appears to be a CFO's direct request. By the time anyone notices, the money is gone. The FBI IC3's 2024 Internet Crime Report documented $55 billion in cumulative BEC losses over the past decade, with $3 billion in 2024 alone — making it the most financially destructive enterprise-targeted cyber threat in the country. The challenge with BEC is that it exploits trust, not technology. These attacks carry no malicious payload for a gateway to catch — just carefully crafted messages designed to manipulate human judgment. That makes traditional de...
Time-to-Revoke: The Metric CISOs Need in the AI Exploit Era

Time-to-Revoke: The Metric CISOs Need in the AI Exploit Era

May 18, 2026
The conversation around Anthropic's Claude Mythos Preview has understandably centered on zero-days. If AI systems can identify and exploit vulnerabilities across every operating system and browser at scale, defenders have to assume that exploit timelines will keep compressing. But for CISOs, the harder question is how long exposed access credentials remain valid after defenders discover the exposure. Credentials determine how far an attacker can move, how long they can persist, and how difficult containment becomes. A vulnerability just gets them in the door. That gap between time-to-exploit and time-to-revoke is where many organizations are most exposed. GitGuardian's State of Secret Sprawl report shows 64% of valid secrets detected in 2022 were still active and exploitable four years later in an environment where exploitation now collapses to hours. Vulnerabilities get attackers in the door, but credentials decide how far they go. The Mythos-ready briefing , developed b...
Mythos is Coming: What the Next Six Months Require

Mythos is Coming: What the Next Six Months Require

May 04, 2026
Most of the commentary on Anthropic's Claude Mythos Preview has gone in one of two directions: one camp treats it as the civilizational inflection point, the other as marketing dressed up as a research result. Neither read is particularly useful for a security leader who still has a program to run on Monday. The AISLE team's technical response to the Mythos announcement made a fair point worth sitting with: much of what was demonstrated is recoverable on smaller, open-weight models, particularly on the discovery side. Early testing results of OpenAI's GPT 5.5 show CTF performance close to or slightly superior to Mythos; the exclusivity framing is arguable, but the accelerated model improvement in offensive security is undisputable. The UK AI Security Institute found that Mythos can autonomously execute a complete corporate network takeover, succeeding in 30% of its attempts on a complex attack range — a task AISI estimates would require roughly 20 hours for a human e...
AI Will Change Cybersecurity. Humans Will Define Its Success. A Lesson No Algorithm Can Teach

AI Will Change Cybersecurity. Humans Will Define Its Success. A Lesson No Algorithm Can Teach

Apr 06, 2026
We recently worked with an organization that had invested heavily in advanced security tooling, including AI-driven detection and monitoring capabilities. From a technical perspective, the environment appeared mature: alerts were firing, dashboards were populated, and risks were clearly identified.  Yet progress had stalled.  The security team and IT disagreed on ownership. Business leadership perceived cyber risk as "under control," while the security team felt increasingly exposed and unheard. AI surfaced the signals, but no one could agree on what to do with them.  The turning point did not come from additional tooling or deeper analysis. It came from reframing the conversation.  By aligning stakeholders around clear business impact, contextualizing the findings against industry peers, and translating technical gaps into credible, board-level risk narratives that reinforced the internal security team's concerns rather than questioning their judgment, decisions were finally ma...
AI SOC Investigation Has Moved Beyond Triage: Two Cases That Show Where It Actually Matters

AI SOC Investigation Has Moved Beyond Triage: Two Cases That Show Where It Actually Matters

Mar 02, 2026 Artificial Intelligence / Threat Detection
The conversation around AI in the SOC has mostly centered on efficiency: closing alerts faster, reducing queue backlog, and automating repetitive work that burns out L1 analysts. That framing is directionally right, and it matters because analyst fatigue is real. For teams dealing with high alert volume, analysts are often asked to make good decisions under a fragmented context and time pressure. But that framing is still incomplete. The bigger shift is not just workflow automation or orchestration of predefined playbooks. It is AI's ability to perform contextual, hypothesis-driven investigation across multiple telemetry sources, work that has traditionally depended on experienced L2 or L3 analysts and limited human time. When that capability can be applied consistently across every alert, it changes the operating model, not just the speed of the existing one. Two recent investigations at Prophet Security make that real. In both cases, the attacks were not obvious from signature-bas...
The Riskiest Alert Types and Why Enterprise SOC Doesn’t Triage Them

The Riskiest Alert Types and Why Enterprise SOC Doesn't Triage Them

Feb 23, 2026
Every few years, a breach happens that security teams study for the wrong reasons. SolarWinds is a good example. When the compromised Orion update started reaching customer environments in early 2020, the signals were already there: unusual DNS requests, unexpected authentication behavior in Azure AD, odd SAML token activity, and lateral movement from on-premises Active Directory into cloud environments.  None of it looked like an attack. Each signal sat at low or medium severity, and they were scattered across domains. The attackers had close to a year of dwell time before FireEye, a victim itself, discovered the breach while investigating a stolen red-team toolkit. We tend to call SolarWinds a one-off. It wasn't.  The real lesson from that breach, and from the ones that have followed it, is structural.  SOCs are designed, staffed, and measured around routine work: phishing, endpoint detections, and user anomalies. The people, processes, dashboards, and tools are ...
Cybersecurity Resources