Cloud security | Breaking Cybersecurity News | The Hacker News

Every day, security teams face the same problem—too many risks, too many alerts, and not enough time. You fix one issue, and three more show up. It feels like you're always one step behind. But what if there was a smarter way to stay ahead—without adding more work or stress? Join The Hacker News and Bitdefender for a free cybersecurity webinar to learn about a new approach called Dynamic Attack Surface Reduction (DASR) —a method that helps security teams close gaps before attackers even find them. Most tools today only tell you what's wrong. They scan, report, and give you long lists of problems. But they don't help you fix them fast enough. The truth is, the attack surface keeps changing—new apps, cloud systems, remote devices, misconfigurations. It never stops. Attackers only need one open door. And that's why traditional defenses often fail—they react too slowly. Meet DASR: A Smarter Way to Stay Safe Dynamic Attack Surface Reduction (DASR) changes how we defend. Instead o...

Google on Tuesday unveiled a new privacy-enhancing technology called Private AI Compute to process artificial intelligence (AI) queries in a secure platform in the cloud. The company said it has built Private AI Compute to "unlock the full speed and power of Gemini cloud models for AI experiences, while ensuring your personal data stays private to you and is not accessible to anyone else, not even Google." Private AI Compute has been described as a "secure, fortified space" for processing sensitive user data in a manner that's analogous to on-device processing but with extended AI capabilities. It's powered by Trillium Tensor Processing Units (TPUs) and Titanium Intelligence Enclaves (TIE), allowing the company to use its frontier models without sacrificing on security and privacy. In other words, the privacy infrastructure is designed to take advantage of the computational speed and power of the cloud while retaining the security and privacy assuran...

Cyber threats didn't slow down last week—and attackers are getting smarter. We're seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that's just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week's roundup highlights a clear shift: cybercrime is evolving fast, and the lines between technical stealth and strategic coordination are blurring. It's worth your time. Every story here is about real risks that your team needs to know about right now. Read the whole recap. ⚡ Threat of the Week Curly COMrades Abuses Hyper-V to Hide Malware in Linux VMs — Curly COMrades, a threat actor supporting Russia's geopolitical interests, has been observed abusing Microsoft's Hyper-V hypervisor in compromised Windows machines to create a hidden Alpine Linux-based virtual machine and deploy malicious payloads. This method allows the malware to run completel...

According to the new Browser Security Report 2025 , security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user's browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What's emerging isn't just a blindspot. It's a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI tools accessed through personal accounts, sensitive data copy/pasted directly into prompt fields, and sessions that bypass SSO altogether. This article unpacks the key findings from the report and what they reveal about the shifting locus of control in enterprise security. GenAI Is Now the Top Data Exfiltration Channel The rise of GenAI in enterprise workflows has created a massive governance gap. Nearly half of employees use GenAI tools, but most do so through unmanaged accounts, outside of IT visibility. Key stats from the report: 77% of employees paste data into GenAI prompts 82% of...

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization's cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she's just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web marketplace, where they'll sell her credentials for about $15. Not much as a one-off, but a serious money-making operation when scaled up. The credential compromise lifecycle Users create credentials: With dozens of standalone business apps (each with its own login) your employees must create numerous accounts. But keeping track of multiple unique usernames/passwords is a pain, so they reuse passwords or make tiny variations. Hackers compromise credentials: Attackers snag these credentials through phishing, brute force attacks, third-party breaches, or exposed API keys. And many times, no...

Cybercrime has stopped being a problem of just the internet — it's becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political leverage. Understanding these links is no longer optional — it's survival. For a full look at the most important security news stories of the week, keep reading. Hidden flaws resurface in Windows core Security Flaws in Windows GDI Details have emerged about three now-patched security vulnerabilities in Windows Graphics Device Interface (GDI) that could enable remote code execution and information disclosure. These issues – CVE-2025-30388 , CVE-2025-53766 , and CVE-2025-47984 – involve out-of-bounds memory access triggered through malformed e...

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) — marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative assessment, we believe it underscores Bitdefender's human-driven approach to MDR and our continued alignment with Gartner's rigorous inclusion standards. To be included, must demonstrate consistent visibility through Gartner client inquiries or Peer Insights reviews, focus on delivering end-user–oriented services rather than purely technological solutions, and represent a variety of company sizes and geographies. We believe independent analyst research like the Gartner Market Guide for Managed Detection and Response is a valuable resource for organizations assessing MDR providers. The rep...

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files. "The malicious activity – carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call," the company said in a statement released this week. "The incident is unrelated to ongoing global Akira ransomware attacks on firewalls and other edge devices." SonicWall, however, did not disclose which country was behind the incident or provide any indicators linking it to any known threat actor or group. The disclosure comes nearly a month after the company said an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. In September, it claimed that the threat actors accessed the backup files stored in the cloud for less than ...

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test. Keep reading for the full list of the biggest cyber news from this week—clearly explained and easy to follow. ⚡ Threat of the Week Motex Lanscope Flaw Exploited to Drop Gokcpdoor — A suspected Chinese cyber espionage actor known as Tick has been attributed to a target campaign that has leveraged a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager (CVE-2025-61932, CVSS score: 9.3) to infiltrate target networks and deploy a backdoor called Gokcpdoor. Sophos, which disclosed details of the activity, said it was "limited to sectors aligned with their intelligence...

The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week's findings show how that shrinking margin of safety is redrawing the threat landscape. Here's what's making headlines. Hijack Loader expands its reach in Latin America LATAM Targeted by PureHVNC Phishing emails containing SVG file attachments targeting Colombian, Spanish-speaking individuals with themes relating to the Attorney General's office of Colombia have been used to deliver PureHVNC RAT . "The emails entice the user to download an 'official document' from the judicial information system, which starts the infection chain of executing a Hijack Loader executable that leads to the PureHVNC Remote Access Trojan (RAT)," IBM X-Force said . The activity w...

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai , Gafgyt , and Mozi . "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report shared with The Hacker News. The cybersecurity company said PHP servers have emerged as the most prominent targets of these attacks owing to the widespread use of content management systems like WordPress and Craft CMS . This, in turn, creates a large attack surface as many PHP deployments can suffer from misconfigurations, outdated plugins and themes, and insecure file storage. Some of the prominent weaknesses in PHP frameworks that have been exploited by threat actors are listed below - CVE-2017-9841 - A Remote code execution vulnerability in PHPUnit CVE-2021-3129 - A Re...

The New Reality for Lean Security Teams If you're the first security or IT hire at a fast-growing startup, you've likely inherited a mandate that's both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, and constant integrations make life easy for employees—and equally easy for attackers. The good news is that Google Workspace provides an excellent security foundation. The challenge lies in properly configuring it, maintaining visibility, and closing the blind spots that Google's native controls leave open. This article breaks down the key practices every security team—especially small, lean ones—should follow to harden Google Workspace and defend against modern cloud threats. 1. Lock Down the Basics Enforce Multi-Factor Authentication (MFA) MFA is the single most effective way to stop account compromise. In ...

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here's how that false sense of security was broken again this week. ⚡ Threat of the Week Newly Patched Critical Microsoft WSUS Flaw Comes Under Attack — Microsoft released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability that has since come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week. According to Eye Security and Huntress, the security flaw is being weaponized to drop a .N...

AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you're in security, that excitement often comes with a sinking feeling. Because while everyone else is racing ahead, you're left trying to manage a growing web of AI agents you didn't create, can't fully see, and weren't designed to control. Join our upcoming webinar and learn how to make AI security work with you, not against you . The Quiet Crisis No One Talks About Did you know most companies now have 100 AI agents for every one human employee? Even more shocking? 99% of those AI identities are completely unmanaged. No oversight. No lifecycle controls. And every one of them could be a backdoor waiting to happen. It's not your fault. Traditional tools weren't built for this new AI world. But the risks are real—and growing. Let's Change That. Together. In our free webinar, " Turning Controls into Accelerators of AI Adoption ," we'll help you flip the script. Th...