threat detection | Breaking Cybersecurity News | The Hacker News

Continuous Threat Exposure Management (CTEM) has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today's cybersecurity programs by continuously aligning security efforts with real-world risk. At the heart of CTEM is the integration of Adversarial Exposure Validation (AEV), an advanced, offensive methodology powered by proactive security tools including External Attack Surface Management (ASM), autonomous penetration testing and red teaming, and Breach and Attack Simulation (BAS). Together, these AEV tools transform how enterprises proactively identify, validate, and reduce risks, turning threat exposure into a manageable business metric. CTEM reflects a broader evolution in how security leaders measure effectiveness and allocate resources. As board expectations grow and cyber risk becomes inseparable from business risk, CISOs are leveraging CTEM to drive measurable, outcome-based security ...

Modern apps move fast—faster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done. Attackers don't wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isn't just risky—it's an open door. The problem? Security is split across silos. DevSecOps, CloudSec, and SOC teams all work separately. Their tools don't talk. Their data doesn't sync. And in those gaps, 80% of cloud exposures slip through—exploitable, avoidable, and often invisible until it's too late. This free webinar ," Breaking Down Security Silos: Why Application Security Must Span from Code to Cloud to SOC ," shows you how to fix that. Join Ory Segal, Technical Evangelist at Cortex Cloud (Palo Alto Networks), and discover a practical approach to securing your apps from code to cl...

Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT. "Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents," Qualys security researcher Akshay Thorve said in a technical report. "The attack chain leverages mshta.exe for proxy execution during the initial stage." The latest wave of attacks, as detailed by Qualys, employs tax-related lures to entice users into opening a malicious ZIP archive containing a Windows shortcut (LNK) file, which, in turn, makes use of mshta.exe, a legitimate Microsoft tool used to run HTML Applications (HTA). The binary is used to execute an obfuscated HTA file named "xlab22.hta" hosted on a remote server, which incorporates Visual Basic Script code to download a PowerShell script, a decoy PDF, and another HTA file similar to xlab22.hta called "3...

Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn't theoretical: it plays out repeatedly as organizations realize that point-in-time compliance testing can't protect against vulnerabilities introduced after the assessment. According to Verizons 2025 Data Breach Investigation Report , the exploitation of vulnerabilities rose 34% year-over-year. While compliance frameworks provide important security guidelines, companies need continuous security validation to identify and remediate new vulnerabilities before attackers can exploit them. Here's what you need to know about pen testing to meet compliance standards — and why you should adopt continuous penetratio...

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188 , has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system," the company said in a Wednesday advisory. "An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges." That said, in order for the exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It's disabled by default. The following products are affected, if they have a vulnerable release running and have the Ou...

Security Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these "invisible intruders" is driving a significant need for a multi-layered approach to detecting threats, including Network Detection and Response (NDR) solutions.  The invisible intruder problem Imagine your network has been compromised — not today or yesterday, but months ago. Despite your significant investments in security tools running 24/7, an advanced adversary has been quietly moving through your systems, carefully avoiding detection. They've stolen credentials, established backdoors, and exfiltrated sensitive data, all while your dashboards showed nothing but green. This scenario is not hypothetical. The average dwell time for attackers — the period between initial compro...

For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its place, a new reality took hold—one defined by alert fatigue and overwhelmed teams. According to OX Security's 2025 Application Security Benchmark Report , a staggering 95–98% of AppSec alerts do not require action - and may, in fact, be harming organizations more than helping. Our research, spanning over 101 million security findings across 178 organizations, shines a spotlight on a fundamental inefficiency in modern AppSec operations. Of nearly 570,000 average alerts per organization, just 202 represented true, critical issues. It's a startling conclusion that's hard to ignore: security teams are chasing shadows, wasting time, burning through budgets, and straining relations wit...

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can generate reports, comb through data, or get instant answers just by asking Copilot.  However, alongside this convenience comes serious security concerns. Copilot operates across a company's SaaS apps (from SharePoint to Teams and beyond), which means a careless prompt or a compromised user account could expose troves of sensitive information.  Security experts warn that organizations shouldn't assume default settings will keep them safe. Without proactive controls, every file in your organization could be accessible via Copilot. A malicious actor might use Copilot to discover and exfiltrate confidential data without having to manually search through systems. With the right prom...

Your employees didn't mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And by the time an alert is triggered—if it even exists—damage may already be done. This Isn't a Hypothetical Problem. It's Happening Now. AI adoption inside organizations is no longer strategic. It's spontaneous. Employees are experimenting, connecting, automating—and bypassing security while doing it. AI systems are becoming embedded in your SaaS stack without visibility or oversight. And it's creating a new class of shadow integrations—ones that don't show up in traditional threat models. If your current defenses rely on manual tracking, policy enforcement, or user education alone, you'r...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...

AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to level the playing field, but only if security professionals learn to apply it effectively. Organizations are beginning to integrate AI into security workflows, from digital forensics to vulnerability assessments and endpoint detection. AI allows security teams to ingest and analyze more data than ever before, transforming traditional security tools into powerful intelligence engines. AI has already demonstrated its ability to accelerate investigations and uncover unknown attack paths, but many companies are hesitant to fully embrace it. Many AI models are implemented with such velocity that they r...

Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term "AI" often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many existing solutions are assistant-based, requiring constant human input, while a new wave of autonomous, Agentic AI has the potential to fundamentally transform security operations. This article examines Agentic AI (sometimes also known as Agentic Security ), contrasts it with traditional assistant-based AI (commonly known as Copilots), and explains its operational and economic impacts on modern SOCs. We'll also explore practical considerations for security leaders evaluating Agentic AI solutions. Agentic AI vs. Assistant AI (aka Copilots): Clarifying the Difference Agentic AI is defined by ...