The Hacker News | Expert Insights

Most application security (AppSec) teams know their OWASP Top 10, the industry-standard list of the most critical software security risks. Fewer know which of those categories their organization actually fixes. In conversations with security teams, I hear the same story: "We prioritize criticals, so the important stuff gets handled." The data tells a different story. Fix rates vary dramatically by OWASP vulnerability class, and not in the ways most teams expect. The data comes from Semgrep's Remediation at Scale report , which analyzed anonymized remediation patterns across 50,000+ repositories and hundreds of organizations during 2025. The methodology is straightforward: group organizations into two cohorts by fix rate (top 15% as "leaders," remaining 85% as "field"), then compare what each group actually does differently. The gap between leaders and the field isn't about detection quality or prioritization frameworks. Both cohorts apply the s...

While AI reduces some coding flaws, credential sprawl accelerates, expanding the non-human identity attack surface, and making remediation the new security bottleneck. AI is changing software development faster than most security teams can adapt. As coding assistants and autonomous agents become embedded in daily workflows, many assume traditional application security controls will steadily lose relevance. If machines can scan code, catch flaws, and even suggest safer alternatives in real time, then software risk should start to shrink. But that’s not what is happening in the real world, according to GitGuardian’s security research. The battle isn’t in the code anymore, because AI is shifting where the control point is. It’s in the credentials, tokens, service accounts, and machine identities that AI systems need in order to access data and take action. This matters because the attack surface has fundamentally changed. AI-assisted commits grew exponentially in 2025 and leaked secr...

Telegram entered 2025 under unprecedented pressure. Public scrutiny, regulatory attention, and leadership turmoil forced the platform to do something it had long resisted, enforce at scale. Moderation volumes surged, automation expanded, and millions of channels and groups were removed in a single year. On paper, this looks like a turning point.  In practice, it wasn’t the collapse of cyber criminal activity on Telegram; it was an evolution, for sure, but not a collapse.  What we are seeing in 2026 is not a mass exodus from the platform, nor a meaningful decline in threat actor coordination. Instead, Telegram’s crackdown has triggered a familiar pattern. Criminal ecosystems adapt faster than platforms can reform. Read the just released Telegram report, by Tal Samra and Or Shichrur for evasion methods, statistics and monitoring recommendations: https://checkpoint.cyberint.com/telegrams-crackdown-criminal-resilience Over 43 Million & Channels Blocked  Tele...

Higher education institutions operate some of the most complex identity environments of any industry. Universities often struggle to balance open access for learning and research with strong security controls to protect students, faculty, and sensitive institutional data. This contrast creates unique identity security and management challenges that require specialized strategies and tools. A Highly Complex Identity Ecosystem Unlike corporate businesses, the ecosystem that is common at universities requires them to manage a variable and highly diverse population of users. Churn is a constant challenge, with students, faculty, alumni, researchers, contractors, and affiliate colleges and labs, and other contributors enrolling, changing roles or status, tracks or departments, and leaving frequently.  This dynamic ecosystem results in an identity lifecycle that is far more fluid than most corporate environments. “Joiners”, or new identities, are created continuously, while “movers a...

When Shai-Hulud 2.0 hit in late 2025, it was a brutal, expensive wake-up call for DevSecOps teams. It showed that the industry's direction of shifting left, where teams pass security onto developers, wasn't the silver bullet everyone hoped for. Pushing that responsibility was fine in theory, but it crumbled quickly because the foundation it was built on was inherently flimsy. As we move further into 2026, we need a more definitive fix to the structural weakness in the pipelines in light of a potential Shai-Hulud 3.0. A major lesson from 2.0 was that internal CI/CD runners were easily hijacked and turned into attack botnets. Teams need to take that finding and come back with a truly proactive defense. A curated catalog is a way for security teams to control exactly what code and components enter their environment, while still giving engineering teams a fast, secure way to build - it is the key to creating a sustainable solution. More on a curated catalog later. The Anatomy o...

As identity-based attacks continue to rise, the most damaging breaches increasingly begin with valid credentials rather than vulnerability exploits. That’s why identity resilience will define the maturity of your cybersecurity in 2026.  A unified identity defense layer, combining privileged access management (PAM) with identity threat detection and response (ITDR), is emerging as the foundation of that resilience. This article explores why integrating these capabilities into your security strategy is no longer optional and how, together, they form the backbone of modern organizational security. The shift to identity-centric security Traditional PAM solutions that allow you to safely authenticate users are no longer enough to protect your business against modern threats. Instead of breaking through technical barriers, threat actors are now using compromised credentials to sign in as legitimate users. According to IBM’s X-Force 2025 Threat Intelligence Index, identity-driven intr...

For decades, the firewall was the most trusted enforcement point in enterprise security. Every packet crossed it. Every policy lived on it. If you wanted to secure the network, you started there. Then work moved somewhere the firewall couldn't follow. Today, the average enterprise employee spends most of their day inside a browser — navigating SaaS applications, collaborating in cloud platforms, running queries through AI tools, and sharing files through web interfaces. All of it travels over HTTPS. All of it looks identical at the network layer: port 443, encrypted, and opaque. The firewall sees a connection. It doesn't see a ChatGPT prompt containing customer PII. It doesn't see a browser extension silently harvesting credentials. It doesn't see the SaaS file-sharing that just moved sensitive data outside the organization's control. This is the visibility gap that defines enterprise security in 2026. SSE Was the Right Answer — Deployed the Wrong Way Securi...

In most security operations centers, CVSS quietly dictates remediation priorities. Dashboards are sorted by severity. “Critical” vulnerabilities float to the top. Quarterly summaries celebrate how many 9.0+ findings were closed. On paper, it looks rational. In practice, it’s often wrong. CVSS was designed to standardize how vulnerabilities are scored. Its origins and main purpose have been to measure technical severity, including exploit complexity, required privileges, impact on confidentiality, integrity, and availability. It provides a shared language. But where it has perpetually struggled is measuring context within, like whether the asset is internet-facing, how critical it is to the business, and whether attackers are actively exploiting the vulnerability. And context is where real risk lives. How Abstract Scores Turn Vulnerability Management Into “Severity Theater” A vulnerability scored 9.8 in a non-production environment with no external access may demand immediate atten...

The conversation around AI in the SOC has mostly centered on efficiency: closing alerts faster, reducing queue backlog, and automating repetitive work that burns out L1 analysts. That framing is directionally right, and it matters because analyst fatigue is real. For teams dealing with high alert volume, analysts are often asked to make good decisions under a fragmented context and time pressure. But that framing is still incomplete. The bigger shift is not just workflow automation or orchestration of predefined playbooks. It is AI’s ability to perform contextual, hypothesis-driven investigation across multiple telemetry sources, work that has traditionally depended on experienced L2 or L3 analysts and limited human time. When that capability can be applied consistently across every alert, it changes the operating model, not just the speed of the existing one. Two recent investigations at Prophet Security make that real. In both cases, the attacks were not obvious from signature-bas...