IT security | Breaking Cybersecurity News | The Hacker News

Generative AI is not arriving with a bang, it's slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting summaries, and office suites such as Microsoft 365 contain AI assistance in writing and analysis. This trend of AI usage implies that the majority of businesses are awakening to a new reality: AI capabilities have spread across their SaaS stack overnight, with no centralized control. A recent survey found 95% of U.S. companies are now using generative AI, up massively in just one year. Yet this unprecedented usage comes tempered by growing anxiety. Business leaders have begun to worry about where all this unseen AI activity might lead. Data security and privacy have quickly emerged as top concerns, with many fearing that sensitive information could le...

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309 , carries a CVSS score of 10.0. "This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development," Cisco said in an advisory released Wednesday. "An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user." Hard-coded credentials like this usually come from testing or quick fixes during development, but they should never make it into live systems. In tools lik...

Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page - Those that save collected data to a local file accessible over the internet Those that immediately send the collected data to an external server The Russian cybersecurity vendor said the attacks have targeted 65 victims in 26 countries worldwide, and marks a continuation of a campaign that was first documented in May 2024 as targeting entities in Africa and the Middle East. At that time, the company said it had detected no less than 30 victims spanning government agencies, banks, IT companies, and educational institutions, with evidence of the first compromise dating back to 2021. The attack chains involve exploiting known flaws in M...

At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole . The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in November 2024. The campaign involved a "sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software," security researchers Sojun Ryu and Vasily Berdnikov said . "A one-day vulnerability in Innorix Agent was also used for lateral movement." The attacks have been observed paving the way for variants of known Lazarus tools such as ThreatNeedle , AGAMEMNON , wAgent , SIGNBT , and COPPERHEDGE . What makes these intrusions particularly effective is the likely exploitation of a security vulnerability in Cross EX, a legi...

"A boxer derives the greatest advantage from his sparring partner…" — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn't Blue's first day and despite his solid defense in front of the mirror, he feels the pressure. But something changed in the ring; the variety of punches, the feints, the intensity – it's nothing like his coach's simulations. Is my defense strong enough to withstand this? He wonders, do I even have a defense? His coach reassures him "If it weren't for all your practice, you wouldn't have defended those first jabs. You've got a defense—now you need to calibrate it. And that happens in the ring." Cybersecurity is no different. You can have your hands up—deploying the right architecture, policies, and security measures—but the smallest gap in your defense could let an attacker land a kn...

Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security challenges. Recent data shows there are approximately 33.3 million SMBs in the U.S., and 60% or more are not fully compliant with at least one regulatory standard. That means nearly 20 million SMBs could be at risk of fines, security breaches, and reputational damage. For Managed Service Providers (MSPs), this presents a huge opportunity to expand your service offerings by providing continuous compliance monitoring—helping your clients stay compliant while strengthening their own business. The Role of Continuous Compliance Monitoring Traditional compliance audits have been conducted periodically—ofte...

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn't have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security   Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no longer provide sufficient protection as attackers shift their focus to lateral movement within enterprise networks. With over 70% of successful breaches involving attackers moving laterally, organizations are rethinking how they secure internal traffic.  Microsegmentation has emerged as a key strategy in achieving Zero Trust security by restricting access to critical assets based on identity rather than network location. However, traditional microsegmentation approaches—often involving VLAN reconfigurations, agent deployments, or complex firewall rules—tend to be slow, operationally disrupt...

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy infrastructure in South Asia and Africa, as well as telecommunication, consulting, IT service companies, real estate agencies, and hotels. In what appears to be a wider expansion of its victimology footprint, SideWinder has also targeted diplomatic entities in Afghanistan, Algeria, Bulgaria, China, India, the Maldives, Rwanda, Saudi Arabia, Turkey, and Uganda. The targeting of India is significant as the threat actor was previously suspected to be of Indian origin. "It is worth noting that SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend per...

Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to defend against them. Brute force attack Brute force attacks are straightforward yet highly effective techniques for cracking passwords. These attacks involve malicious actors using automated tools to systematically try every possible password combination through repeated login attempts. While such tools have existed for years, the advent of affordable computing power and storage has made them even more efficient today, especially when weak passwords are used. How it works When it comes to brute force attacks, malicious actors employ a range of tactics—from simple brute force attacks that test ev...

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a spear-phishing email with an [sic] PDF attachment," the Microsoft Threat Intelligence team said in a series of posts shared on X. To read the purported PDF document, victims are persuaded to click a URL containing a list of steps to register their Windows system. The registration link urges them to launch PowerShell as an administrator and copy/paste the displayed code snippet into the terminal, and execute it. Should the victim follow through, the malicious code downloads and installs a browser-based remote desktop tool, along with a certificate file with a hardcoded PIN from a rem...

Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it's undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels like too much of a good thing. Here are a few reasons why MFA isn't implemented more universally. 1. Businesses see MFA as a cost center MFA for businesses isn't free, and the costs of MFA can add up over time. Third-party MFA solutions come with subscription costs, typically charged per user. Even built-in options like Microsoft 365's MFA features can cost extra depending on your Microsoft Entra license. Plus, there's the cost of training employees to use MFA and the time IT takes to enroll them. If MFA increases help desk calls, support costs go up too. While these expenses are far less t...

Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical applications and websites. The identified vulnerabilities are listed below - CVE-2024-56131 , CVE-2024-56132 , CVE-2024-56133 , and CVE-2024-56135 (CVSS scores: 8.4) - A set of improper input validation vulnerabilities that allows remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate to execute arbitrary system commands via a carefully crafted HTTP request CVE-2024-56134 (CVSS score: 8.4) - An improper input validation vulnerability that allows remote malicious actors who gain access to the management interface of LoadMaster and...

As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams remain one step ahead of potential cyber-risks. The Kaseya Cybersecurity Survey Report 2024 navigates this new frontier of cyber challenges. The data is clear: Organizations are becoming increasingly reliant on vulnerability assessments and plan to prioritize these investments in 2025. Companies are increasing the frequency of vulnerability assessments  In 2024, 24% of respondents said they conduct vulnerability assessments more than four times per year, up from 15% in 2023. This shift highlights a growing recognition of the need for continuous monitoring and quick response to emerging t...