Malware | Breaking Cybersecurity News | The Hacker News

For years, cybersecurity has operated on a simple premise: detect malware, stop the attack. That model is starting to break down. Attackers are no longer relying primarily on malicious files or obvious payloads. Instead, they're increasingly turning to what already exists inside your environment — trusted tools, native binaries, and legitimate administrative utilities. These are used to move laterally, escalate privileges, and maintain persistence, often without triggering traditional security alerts. The problem? Most organizations don't recognize this exposure until after the damage is already done. To better understand how this risk manifests in real environments, Bitdefender offers a complimentary free Internal Attack Surface Assessment — a practical, low-friction way to uncover where trusted tools may be working against you. Here's what's really happening inside modern environments — and why attackers prefer to use your own tools against you. 1. Attacks Are Designed Not to ...

While working on the Transparent Tribe's vibeware research, we have encountered two distinct camps, the optimists and the skeptics. What makes the current dialogue unique is that both sides can be right at the same time. There is, however, a clear operational reason why we encounter "AI attacks" primarily on professional social media feeds rather than within our own telemetry logs. In this article, we analyze the factors explaining why Skynet is not here yet, and how, much like a shark, AI does not need to be innovative to be dangerous. LLM Architecture Bias LLMs are mathematically optimized to predict the most likely outcome, while hacking is the art of identifying the statistical anomaly. LLMs are designed to predict the most statistically probable next token. They are excellent at the average, but poor at the exceptional. A hacker, by contrast, is a practitioner of statistical anomaly, actively seeking the low-pro...

Telegram entered 2025 under unprecedented pressure. Public scrutiny, regulatory attention, and leadership turmoil forced the platform to do something it had long resisted, enforce at scale. Moderation volumes surged, automation expanded, and millions of channels and groups were removed in a single year. On paper, this looks like a turning point.  In practice, it wasn't the collapse of cyber criminal activity on Telegram; it was an evolution, for sure, but not a collapse.  What we are seeing in 2026 is not a mass exodus from the platform, nor a meaningful decline in threat actor coordination. Instead, Telegram's crackdown has triggered a familiar pattern. Criminal ecosystems adapt faster than platforms can reform. Read the just released Telegram report, by Tal Samra and Or Shichrur for evasion methods, statistics and monitoring recommendations: https://checkpoint.cyberint.com/telegrams-crackdown-criminal-resilience Over 43 Million & Channels Blocked  Tele...

Browser extensions have evolved over the years into powerful productivity platforms to streamline workflows, integrate business tools, and optimize how work is done. Now in the age of AI, extensions are once again evolving to enable advanced automation and data-driven decision-making directly in the browser. And as these extensions continue to mature, so will the cyberattacks. Today's extension-based attacks do not discriminate; they target every traditional browser, including Chrome, Edge, Firefox, and more, as well as the new AI-powered browsers like ChatGPT's Atlas and Perplexity's Comet. They adapt to each environment's security nuances. Most enterprises assume that if they secure one browser, it's enough.  The reality is that cross-platform extension threats are becoming increasingly common, and organizations must take broader vigilance. In this article, you'll learn why leveraging a Secure Enterprise Browsing (SEB) platform is critical for organizations to keep up with tod...

Artificial Intelligence (AI) has served as a great resource for cyber defenders by enabling real-time detection and response through advanced pattern recognition and predictive analysis that traditional methods weren't able to achieve. However, AI has recently become a dangerous and widely available enabler for attackers to leverage. CISOs now face adversaries who easily scale large-scale cyberattacks like spear-phishing and polymorphic malware at machine speed.  This article examines the rising AI-driven cyberthreat landscape and presents the browser, the enterprises' new endpoint, as the most strategic control plane for defense. By adopting a Secure Enterprise Browser (SEB) into the security stack, enterprises can reduce their attack surface, contain incidents at scale, and future-proof themselves against these advanced attacks.  Why Traditional Defenses Struggle Against AI  Most organizations have robust defense in place against cyberattacks, such as firewalls, EDR...

You're jolted awake by a 2:46 AM critical alert: ransomware in production. Customer data's compromised, systems are locked, and $1 million Bitcoin demand stares back at you. Your SIEM lit up. EDR flagged unusual file access. ITDR surfaced account anomalies. But it's too late. The attacker got in with stolen credentials, likely from a phishing email. Once authenticated, they slipped past your defenses, escalated privileges, and detonated ransomware. The post-incident report reveals what your tools missed: the initial login. If authentication had tapped real-time signals from your existing security stack — device compliance, threat intelligence, or login anomalies — the stolen credential could have been blocked at the login prompt, stopping the attack cold. Why Identity Is the New Perimeter Adversaries are increasingly focused on identities and credentials rather than fortified perimeters or servers. After all, why bother cracking a vault when you can stroll in with the keys?  ...

Imagine joining a video call with your CEO, only to find out later the CEO participant was actually an AI-generated fake. Welcome to the new digital battlefield.  Adversarial AI and deepfakes have created an identity attack surface that is not just digital, but is also based on reality itself . These technologies are no longer science fiction or theoretical. They are actively being used to spoof identities, manipulate political perceptions, and circumvent even the best cybersecurity training initiatives. , and circumvent even the best cybersecurity training initiatives.  If your cybersecurity defenses rely solely on human perception, voice recognition, or even visual evidence, you are vulnerable to an attack.  From Cat and Mouse to Machine vs. Machine Cybersecurity has always been a game of cat and mouse. As defenders (mice), we have historically been able to adapt our defenses for phishing, malware , ransomware, and insider threats . Today, we're also strategizing ...

The Perfect Recipe for Endpoint Security Calls for Privilege Control Today's most effective ransomware attacks don't require malware; they require a login. Modern threat actors don't need to break in. They can leverage legitimate identities and their privileges to gain a foothold, then continue to capitalize on them, moving laterally to probe for more opportunities and manipulate vulnerabilities and exploits to spread ransomware and spyware. A vulnerable identity or account tied to an endpoint can quickly become an attacker's ticket to your most valuable assets and controls.  With legitimate identities being used as the initial foothold in more attacks, we're seeing less 'anomalous' activity and far more seemingly normal actions performed by a trusted, privileged user. And attackers are keenly aware of how easily they can 'hide' behind these legitimate user accounts.  This is why Endpoint Detection and Response (EDR) is really only one piece of the endpoint protection puzz...