Threat Detection | Breaking Cybersecurity News | The Hacker News

Phishing emails have reached a point where they can fool both people and the tools designed to stop them. For anyone working through a packed inbox, it's easy to trust what looks familiar and click without a second thought. What's worrying is that phishing is rarely the end goal. It's usually the entry point for something much bigger: a ransomware attack. Once attackers gain access, they don't act immediately. They move through systems, map connections, and prepare the environment. By the time ransomware is deployed, it's the final step — not the first. To stay ahead, you need protection at two critical points. An advanced email security solution that catches even the most stealthy phishing attempts, and a strong BCDR strategy that lets you restore data quickly and avoid paying a ransom if something slips through. Why phishing remains so effective Phishing works because it plays on human behavior. Email may seem like a simple communication tool, but it functions as a decision-mak...

Most of the commentary on Anthropic's Claude Mythos Preview has gone in one of two directions: one camp treats it as the civilizational inflection point, the other as marketing dressed up as a research result. Neither read is particularly useful for a security leader who still has a program to run on Monday. The AISLE team's technical response to the Mythos announcement made a fair point worth sitting with: much of what was demonstrated is recoverable on smaller, open-weight models, particularly on the discovery side. Early testing results of OpenAI's GPT 5.5 show CTF performance close to or slightly superior to Mythos; the exclusivity framing is arguable, but the accelerated model improvement in offensive security is undisputable. The UK AI Security Institute found that Mythos can autonomously execute a complete corporate network takeover, succeeding in 30% of its attempts on a complex attack range — a task AISI estimates would require roughly 20 hours for a human e...

For years, cybersecurity has operated on a simple premise: detect malware, stop the attack. That model is starting to break down. Attackers are no longer relying primarily on malicious files or obvious payloads. Instead, they're increasingly turning to what already exists inside your environment — trusted tools, native binaries, and legitimate administrative utilities. These are used to move laterally, escalate privileges, and maintain persistence, often without triggering traditional security alerts. The problem? Most organizations don't recognize this exposure until after the damage is already done. To better understand how this risk manifests in real environments, Bitdefender offers a complimentary free Internal Attack Surface Assessment — a practical, low-friction way to uncover where trusted tools may be working against you. Here's what's really happening inside modern environments — and why attackers prefer to use your own tools against you. 1. Attacks Are Designed Not to ...

The event that didn't exist At 2:14 p.m. on a Tuesday, an employee clicks a link. If you reconstruct the moment from your security stack, nothing happened. A browser process opened an HTTPS connection. The certificate was valid. The destination wasn't flagged. Traffic volume was unremarkable. No detections fired. Inside the browser session, a different story was unfolding. The page that loaded looked like a routine CAPTCHA with "verify you're human" framing, a prompt to complete a quick check to continue. The instructions told the user to press Windows+R, paste what had already been copied to their clipboard, and hit Enter. In the middle of a busy work day, they did. What they pasted was a shell script. It executed in the user's own context, with the user's own permissions, as a deliberate action the user performed with their own hands. Nothing about the browser session looked unusual. The page rendered normal web content. The clipboard write happene...

For security leaders, the inbox remains the front door for attackers. Here's why the smartest teams are adding adaptive, AI-driven protection to their cloud email security, not replacing them. Email is still the number-one attack vector for enterprises, and it is not even close. The FBI's Internet Crime Complaint Center reported that business email compromise alone generated $3 billion in losses in 2024 , with AI-enabled attacks accelerating the trend ( FBI IC3 Report ). The attacks that succeed today don't carry obvious malicious payloads. They rely on trust, tone, and timing; a spoofed vendor sending a "routine" invoice update, or a convincing impersonation of a CEO with an urgent request. No malware. No suspicious links. Just words, carefully chosen. Microsoft 365 is the backbone of productivity for most organizations, and Microsoft Defender and Exchange Online Protection do solid work catching known spam, malware, and co...

How session cookie theft bypasses MFA — and what you can do about it When you check into a hotel, you show your ID at the front desk. The clerk verifies who you are, maybe checks a secondary piece of information, and hands you a key card. From that point on, that key card is what gets you into your room. It doesn't matter that you proved your identity at check-in. What matters is who has the key. Your applications work the same way. When a user logs into a web application — entering their password, completing an MFA challenge — the application issues them a session token, typically stored as a cookie in their browser. That token is their key card. Every subsequent request the user makes, the application checks for the token, not the credentials. If the token is valid, access is granted. And if someone steals that token? They get in, too. No username required. No password required. No MFA prompt. They simply ...

We recently worked with an organization that had invested heavily in advanced security tooling, including AI-driven detection and monitoring capabilities. From a technical perspective, the environment appeared mature: alerts were firing, dashboards were populated, and risks were clearly identified.  Yet progress had stalled.  The security team and IT disagreed on ownership. Business leadership perceived cyber risk as "under control," while the security team felt increasingly exposed and unheard. AI surfaced the signals, but no one could agree on what to do with them.  The turning point did not come from additional tooling or deeper analysis. It came from reframing the conversation.  By aligning stakeholders around clear business impact, contextualizing the findings against industry peers, and translating technical gaps into credible, board-level risk narratives that reinforced the internal security team's concerns rather than questioning their judgment, decisions were finally ma...

The conversation around AI in the SOC has mostly centered on efficiency: closing alerts faster, reducing queue backlog, and automating repetitive work that burns out L1 analysts. That framing is directionally right, and it matters because analyst fatigue is real. For teams dealing with high alert volume, analysts are often asked to make good decisions under a fragmented context and time pressure. But that framing is still incomplete. The bigger shift is not just workflow automation or orchestration of predefined playbooks. It is AI's ability to perform contextual, hypothesis-driven investigation across multiple telemetry sources, work that has traditionally depended on experienced L2 or L3 analysts and limited human time. When that capability can be applied consistently across every alert, it changes the operating model, not just the speed of the existing one. Two recent investigations at Prophet Security make that real. In both cases, the attacks were not obvious from signature-bas...

AI hype is everywhere. Every security vendor claims their platform is "AI-powered." Dashboards promise automation. Generative AI is positioned as the solution to staffing shortages. For small and mid-sized organizations with lean IT and cybersecurity teams, these messages are understandably compelling. But this leads to a critical question: Can AI realistically strengthen your security program — and is it worth the effort? The Current Reality: Under-Resourced and Overwhelmed Small and midsized organizations face a difficult equation. Threat actors are becoming more sophisticated. Attack surfaces continue to expand. Compliance pressures are rising. Meanwhile, security teams are small — often just a few professionals wearing multiple hats. AI sounds like a relief. In theory, it can accelerate detection, reduce alert fatigue, automate triage, improve response times, and surface hidden threats buried in large volumes of data. But AI is not plug-and-play magic for defenders. For l...

Every few years, a breach happens that security teams study for the wrong reasons. SolarWinds is a good example. When the compromised Orion update started reaching customer environments in early 2020, the signals were already there: unusual DNS requests, unexpected authentication behavior in Azure AD, odd SAML token activity, and lateral movement from on-premises Active Directory into cloud environments.  None of it looked like an attack. Each signal sat at low or medium severity, and they were scattered across domains. The attackers had close to a year of dwell time before FireEye, a victim itself, discovered the breach while investigating a stolen red-team toolkit. We tend to call SolarWinds a one-off. It wasn't.  The real lesson from that breach, and from the ones that have followed it, is structural.  SOCs are designed, staffed, and measured around routine work: phishing, endpoint detections, and user anomalies. The people, processes, dashboards, and tools are ...