Risk Management | Breaking Cybersecurity News | The Hacker News

Security teams have never had more telemetry. They have also never been more behind. In 2025, organizations faced an average of 1,968 cyber attacks per week , an 18% YoY increase, and nearly a 70% increase since 2023 . That's not just "more noise." It's a signal that attacker throughput is scaling faster than human response models can. At the same time, the attacker playbook shifted in ways that punish slow cycles. Social engineering moved beyond email into multi-channel, cross-platform operations, including new interaction-led techniques like ClickFix, which manipulates users into executing the attack themselves. ClickFix activity increased by roughly 500% and appeared in nearly half of documented malware campaigns. And while humans remain a primary target, attackers are finding even easier traction in unpatched, unmanaged, and inherited exposures. These gaps give adversaries durable footholds long before exposure remediation is implemented. Couple that with automation, and expo...

According to research by IBM, organizations use an average of 83 separate security solutions. It is hardly surprising that 52% of security professionals identify complexity as the biggest impediment to effective operations. For IT and security leaders in mid-market organizations, who know they have gaps in security coverage, this challenge can feel particularly difficult to solve. At Bitdefender , we see this challenge play out consistently across mid-market environments. Most organizations have the fundamentals in place, such as Endpoint Protection Platforms (EPP), email filtering, and patch management. However, many are not fully realizing the capabilities of these existing tools. This creates security gaps and, when combined with a lack of preventative exposure management controls, severely limits visibility across attack surfaces. Maximize Your ROI: Exploit Underused Tools Many mid-market organizations already have powerful Endpoint Detection and Response (EDR) in place as part...

The proliferation of AI agents in the enterprise has moved from theoretical to practical at a remarkable pace. These agents, whether developed internally or licensed, are increasingly integrated into core business workflows. While they promise substantial gains in automation and productivity, they also introduce a new and complex class of security risks that demand immediate attention.  The core challenge is not whether to adopt AI agents, but how to govern them effectively. A disciplined approach to balancing innovation with security is essential for any organization looking to leverage AI without exposing itself to unacceptable risk.  Recent research highlights the urgency of this issue. A comprehensive study found that 82% of companies are already using AI agents, with 53% acknowledging they access sensitive information daily . This rapid adoption, often occurring without adequate oversight, creates significant vulnerabilities. The imperative is clear: organizations must...

For decades, organizations operated under the assumption that vulnerability management could be slotted into predictable maintenance windows. Monthly patch cycles, quarterly review periods, and planned outages became the standard rhythm of IT operations. Yet, in today's environment, where exploit code emerges within hours of a disclosure and attackers weaponize vulnerabilities on an industrial scale, those rhythms are dangerously outdated. The modern reality is that continuous patch management and end-to-end vulnerability lifecycle governance are no longer aspirational, they are the bare minimum. Security must be measured not by the comfort of predictability, but by the ability to remediate as close to real time as possible. The Problem with Periodic Maintenance Windows Exploitation Outpaces Response: exploits are increasingly released at or before vendor patch availability. A monthly or even bi-weekly patch cadence leaves systems exposed during the critical first days when atta...

Cybersecurity is undergoing a necessary transformation from reacting to threats as they arise to proactively anticipating and addressing them through Threat-Informed Defense (TID) . This shift emphasizes operational discipline over accumulating more tools. It involves using threat intelligence to streamline existing technologies, enhance the quality of security signals, and focus efforts on the threats most relevant to each organization. The goal is to continuously identify and close security gaps by combining insights from external threat data with internal defense capabilities. How do you put TID into practice? The team at  Filigran has broken down the TID framework into a six-stage pipeline to develop actionable chunks for cybersecurity leaders. In this article, we share the details so that your security teams can leverage it too to support TID. What is Threat-Informed Defense? First advocated by  MITRE , Threat-Informed Defense (TID) leverages MITRE ATT&CK framewo...

Enterprises are spending more than ever on DDoS defense, but despite the increased investment, organizations are still suffering damaging downtime. MazeBolt's new DDoS Defense survey , produced in collaboration with Global Surveyz, quizzed 300 CISOs and security directors across the US and Europe, and uncovered some surprising perspectives. The following is a sneak preview from the report. Inside the Survey MazeBolt surveyed senior security leaders at banking, financial services, and insurance companies with between 500 and 25,000 employees and annual revenues of at least $250 million. These are organizations where business continuity is critical and where a single outage can cause severe financial and reputational damage. Attacks Keep Coming – and They're Costly Respondents reported an average of 3.85 damaging DDoS incidents in the past year. 60% said they suffered between 2 and 5 such attacks. Larger companies faced the most serious consequences, with enterprises of more than 1...

Artificial Intelligence (AI) has served as a great resource for cyber defenders by enabling real-time detection and response through advanced pattern recognition and predictive analysis that traditional methods weren't able to achieve. However, AI has recently become a dangerous and widely available enabler for attackers to leverage. CISOs now face adversaries who easily scale large-scale cyberattacks like spear-phishing and polymorphic malware at machine speed.  This article examines the rising AI-driven cyberthreat landscape and presents the browser, the enterprises' new endpoint, as the most strategic control plane for defense. By adopting a Secure Enterprise Browser (SEB) into the security stack, enterprises can reduce their attack surface, contain incidents at scale, and future-proof themselves against these advanced attacks.  Why Traditional Defenses Struggle Against AI  Most organizations have robust defense in place against cyberattacks, such as firewalls, EDR...

These days, there are plenty of ways to run DDoS simulation testing and make sure you're protected against attacks. You can do it on your own using commercial software or open-source tools—whatever works best for you. That said, there are a few must-haves when it comes to running DDoS tests. For one, you'll need a platform that allows you to easily start and stop attack simulations as needed. Plus, don't forget to notify and get approval from relevant parties, such as your cloud provider or tool vendor, before you begin testing. Beyond these basics, there are some best practices that can help you get the most out of your  DDoS testing . 1 – Plan tests to validate the protection of your most critical assets  While it may be easier to run black box testing (basically launching attacks without looking at the internal structure, architecture, and configuration of your protection), a white box testing approach is much more effective when it comes to uncovering serious vulnera...

Security teams today live in two different realities. On one side, platforms like ServiceNow create order: every vulnerability has a ticket, every incident has a workflow, and everything ties back to the CMDB. On the other side, attackers create chaos. They don't follow workflows. They look for the easiest way in, chaining together whatever exposures they can find until they reach something valuable. A vulnerability marked as "medium" in a ticketing system can still be the critical link in an attack path that leads straight to a company's crown jewels. In the ticketing system, the issue appears in isolation, yet attackers see how it connects to everything else. Without visibility into how exposures link together, teams risk wasting effort while the actual attack paths stay open. This is where ServiceNow's integration with XM Cyber comes in. By layering attack graph analysis onto VR and SIR , the platform lets teams see each issue through an attacker's eyes. Tickets and incidents ar...