Threat Detection | Breaking Cybersecurity News | The Hacker News

For security leaders, the inbox remains the front door for attackers. Here's why the smartest teams are adding adaptive, AI-driven protection to their cloud email security, not replacing them. Email is still the number-one attack vector for enterprises, and it is not even close. The FBI's Internet Crime Complaint Center reported that business email compromise alone generated $3 billion in losses in 2024 , with AI-enabled attacks accelerating the trend ( FBI IC3 Report ). The attacks that succeed today don't carry obvious malicious payloads. They rely on trust, tone, and timing; a spoofed vendor sending a "routine" invoice update, or a convincing impersonation of a CEO with an urgent request. No malware. No suspicious links. Just words, carefully chosen. Microsoft 365 is the backbone of productivity for most organizations, and Microsoft Defender and Exchange Online Protection do solid work catching known spam, malware, and co...

How session cookie theft bypasses MFA — and what you can do about it When you check into a hotel, you show your ID at the front desk. The clerk verifies who you are, maybe checks a secondary piece of information, and hands you a key card. From that point on, that key card is what gets you into your room. It doesn't matter that you proved your identity at check-in. What matters is who has the key. Your applications work the same way. When a user logs into a web application — entering their password, completing an MFA challenge — the application issues them a session token, typically stored as a cookie in their browser. That token is their key card. Every subsequent request the user makes, the application checks for the token, not the credentials. If the token is valid, access is granted. And if someone steals that token? They get in, too. No username required. No password required. No MFA prompt. They simply ...

We recently worked with an organization that had invested heavily in advanced security tooling, including AI-driven detection and monitoring capabilities. From a technical perspective, the environment appeared mature: alerts were firing, dashboards were populated, and risks were clearly identified.  Yet progress had stalled.  The security team and IT disagreed on ownership. Business leadership perceived cyber risk as "under control," while the security team felt increasingly exposed and unheard. AI surfaced the signals, but no one could agree on what to do with them.  The turning point did not come from additional tooling or deeper analysis. It came from reframing the conversation.  By aligning stakeholders around clear business impact, contextualizing the findings against industry peers, and translating technical gaps into credible, board-level risk narratives that reinforced the internal security team's concerns rather than questioning their judgment, decisions were finally ma...

The conversation around AI in the SOC has mostly centered on efficiency: closing alerts faster, reducing queue backlog, and automating repetitive work that burns out L1 analysts. That framing is directionally right, and it matters because analyst fatigue is real. For teams dealing with high alert volume, analysts are often asked to make good decisions under a fragmented context and time pressure. But that framing is still incomplete. The bigger shift is not just workflow automation or orchestration of predefined playbooks. It is AI's ability to perform contextual, hypothesis-driven investigation across multiple telemetry sources, work that has traditionally depended on experienced L2 or L3 analysts and limited human time. When that capability can be applied consistently across every alert, it changes the operating model, not just the speed of the existing one. Two recent investigations at Prophet Security make that real. In both cases, the attacks were not obvious from signature-bas...

AI hype is everywhere. Every security vendor claims their platform is "AI-powered." Dashboards promise automation. Generative AI is positioned as the solution to staffing shortages. For small and mid-sized organizations with lean IT and cybersecurity teams, these messages are understandably compelling. But this leads to a critical question: Can AI realistically strengthen your security program — and is it worth the effort? The Current Reality: Under-Resourced and Overwhelmed Small and midsized organizations face a difficult equation. Threat actors are becoming more sophisticated. Attack surfaces continue to expand. Compliance pressures are rising. Meanwhile, security teams are small — often just a few professionals wearing multiple hats. AI sounds like a relief. In theory, it can accelerate detection, reduce alert fatigue, automate triage, improve response times, and surface hidden threats buried in large volumes of data. But AI is not plug-and-play magic for defenders. For l...

Every few years, a breach happens that security teams study for the wrong reasons. SolarWinds is a good example. When the compromised Orion update started reaching customer environments in early 2020, the signals were already there: unusual DNS requests, unexpected authentication behavior in Azure AD, odd SAML token activity, and lateral movement from on-premises Active Directory into cloud environments.  None of it looked like an attack. Each signal sat at low or medium severity, and they were scattered across domains. The attackers had close to a year of dwell time before FireEye, a victim itself, discovered the breach while investigating a stolen red-team toolkit. We tend to call SolarWinds a one-off. It wasn't.  The real lesson from that breach, and from the ones that have followed it, is structural.  SOCs are designed, staffed, and measured around routine work: phishing, endpoint detections, and user anomalies. The people, processes, dashboards, and tools are ...

A 2024 Gartner® survey of 162 large enterprises shows organizations running an average of 45 cybersecurity tools. It's no surprise, then, that 52% of executives cite complexity as the biggest barrier to effective security operations. While mid-market organizations typically run fewer tools, smaller IT and security teams mean they often face equal—or greater—operational complexity. Why Security Platforms Emerged The industry's answer to tool sprawl has been the security platform: a consolidated approach designed to reduce complexity by replacing multiple point products. In principle, platforms promise tighter integration, improved visibility across the attack surface, better alert correlation, and faster response. Research supports this direction. The 2025 IBM Institute for Business Value report notes that organizations with higher security platform maturity identify and contain incidents more quickly. Consolidation Doesn't Always Equal a Platform Vendor consolidation is accelera...

In November 2025, Anthropic revealed a cyber espionage campaign dubbed GTG-1002, the first documented case of an AI agent orchestrating real-world intrusions with minimal human input. A Chinese state-sponsored group manipulated Anthropic's Claude Code assistant into executing about 80% of a multi-target hacking campaign autonomously. Instead of merely advising cybercriminals, the AI took control of key steps: reconnaissance, vulnerability discovery, exploitation, credential theft, and data exfiltration across dozens of organizations. The result was an operation running at machine tempo. Claude performed tasks in a fraction of the time a human team would need, even identifying sensitive databases and writing exploits in seconds. Figure 1: The distinct phases of the Claude cyberattack At the peak of the attack, the AI made thousands of requests (often several per second), an onslaught of activity impossible for humans to match. This speed and scale of automation is a game changer: a...

As SaaS ecosystems expand, not every user is human anymore. AI assistants, automation bots, integration services, and API tokens now perform countless actions across business cloud applications, often with the same or greater access privileges as employees. These non-human identities (NHIs) are silently driving productivity while introducing a new class of risk: unmonitored, long-lived, and often misunderstood access. These machine credentials (service accounts, API keys, OAuth tokens, etc.) are essential for automation and integrations, but their growth far outpaces the oversight and security controls applied to them. The result is a widening visibility gap. A lot of NHI types enjoy broad permissions within SaaS apps, sometimes more privileges than a human user, yet they rarely get the same scrutiny as employee accounts. Over-privilege is common: about one-third of SaaS app integrations have access to sensitive data that exceeds their needs. Let's examine a few notable data brea...