Threat Intelligence | Breaking Cybersecurity News | The Hacker News

Government impersonation scams have evolved into a large, highly coordinated fraud ecosystem targeting citizens across the globe. CTM360 's latest threat intelligence research analyzes a widespread campaign, referred to as GovTrap, that demonstrates how attackers systematically exploit public trust in government institutions through thousands of fraudulent digital platforms. Unlike traditional phishing attacks that rely on simple deceptions, GovTrap campaigns replicate entire government service environments. These fraudulent platforms mimic official portals with high accuracy, including branding, language, workflows, and service structures. From tax portals and licensing systems to fine payment services, each fake site is designed to appear legitimate while functioning as part of a broader, scalable fraud operation. Read the full report here:  https://www.ctm360.com/reports/government-impersonation-phishing-govtrap-scams Scale and Targeting Patterns CTM360 identified mo...

Continuous Threat Exposure Management (CTEM) has moved well past buzzword status. We've talked about this before . It's true that in the past years, Gartner has been making these grand predictions about its benefits: organizations prioritizing CTEM investments will suffer two-thirds fewer breaches by 2026 … Well, we're now in 2026 and, in reality, SOC teams are still facing the same dilemma: more exposure data than they can act on, and no reliable way to decide what actually matters. 96% of security teams face challenges trying to validate whether their security risks are exploitable, while 2 in 3 state that they don't have a consolidated view of their cyber risk exposure. - Filigran-comissioned third-party market survey on exposure validation  It's pretty clear now that to actually benefit from CTEM, organizations needs to first utilize their cyber threat intelligence better. It is not just about better asset, vulnerability management or dealing with a single CTI provider, b...

While working on the Transparent Tribe's vibeware research, we have encountered two distinct camps, the optimists and the skeptics. What makes the current dialogue unique is that both sides can be right at the same time. There is, however, a clear operational reason why we encounter "AI attacks" primarily on professional social media feeds rather than within our own telemetry logs. In this article, we analyze the factors explaining why Skynet is not here yet, and how, much like a shark, AI does not need to be innovative to be dangerous. LLM Architecture Bias LLMs are mathematically optimized to predict the most likely outcome, while hacking is the art of identifying the statistical anomaly. LLMs are designed to predict the most statistically probable next token. They are excellent at the average, but poor at the exceptional. A hacker, by contrast, is a practitioner of statistical anomaly, actively seeking the low-pro...

Vulnerability management is the continuous process of identifying, assessing, prioritizing, and addressing security weaknesses across systems, applications, and infrastructure. It extends beyond periodic scanning; it includes validating findings, understanding exposure in real-world environments, and tracking remediation over time. Effective vulnerability management combines asset visibility, vulnerability intelligence, and operational context to determine which flaws present actual risk rather than theoretical exposure. Modern IT environments further complicate the process of vulnerability management. Hybrid IT infrastructure, third-party dependencies, and internet-facing services increase the attack surface while generating large volumes of vulnerability data. Security teams must balance operational constraints, such as out-of-support legacy systems and uptime requirements, with the need to quickly reduce exposure. As a result, vulnerability management is no longer limited to coun...

Telegram entered 2025 under unprecedented pressure. Public scrutiny, regulatory attention, and leadership turmoil forced the platform to do something it had long resisted, enforce at scale. Moderation volumes surged, automation expanded, and millions of channels and groups were removed in a single year. On paper, this looks like a turning point.  In practice, it wasn't the collapse of cyber criminal activity on Telegram; it was an evolution, for sure, but not a collapse.  What we are seeing in 2026 is not a mass exodus from the platform, nor a meaningful decline in threat actor coordination. Instead, Telegram's crackdown has triggered a familiar pattern. Criminal ecosystems adapt faster than platforms can reform. Read the just released Telegram report, by Tal Samra and Or Shichrur for evasion methods, statistics and monitoring recommendations: https://checkpoint.cyberint.com/telegrams-crackdown-criminal-resilience Over 43 Million & Channels Blocked  Tele...

When Shai-Hulud 2.0 hit in late 2025, it was a brutal, expensive wake-up call for DevSecOps teams. It showed that the industry's direction of shifting left, where teams pass security onto developers, wasn't the silver bullet everyone hoped for. Pushing that responsibility was fine in theory, but it crumbled quickly because the foundation it was built on was inherently flimsy. As we move further into 2026, we need a more definitive fix to the structural weakness in the pipelines in light of a potential Shai-Hulud 3.0. A major lesson from 2.0 was that internal CI/CD runners were easily hijacked and turned into attack botnets. Teams need to take that finding and come back with a truly proactive defense. A curated catalog is a way for security teams to control exactly what code and components enter their environment, while still giving engineering teams a fast, secure way to build - it is the key to creating a sustainable solution. More on a curated catalog later. The Anatomy o...

In most security operations centers, CVSS quietly dictates remediation priorities. Dashboards are sorted by severity. "Critical" vulnerabilities float to the top. Quarterly summaries celebrate how many 9.0+ findings were closed. On paper, it looks rational. In practice, it's often wrong. CVSS was designed to standardize how vulnerabilities are scored. Its origins and main purpose have been to measure technical severity, including exploit complexity, required privileges, impact on confidentiality, integrity, and availability. It provides a shared language. But where it has perpetually struggled is measuring context within, like whether the asset is internet-facing, how critical it is to the business, and whether attackers are actively exploiting the vulnerability. And context is where real risk lives. How Abstract Scores Turn Vulnerability Management Into "Severity Theater" A vulnerability scored 9.8 in a non-production environment with no external access may demand immediate atten...