The Hacker News | Expert Insights

Continuous Threat Exposure Management (CTEM) has moved well past buzzword status. We’ve talked about this before . It’s true that in the past years, Gartner has been making these grand predictions about its benefits: organizations prioritizing CTEM investments will suffer two-thirds fewer breaches by 2026 … Well, we’re now in 2026 and, in reality, SOC teams are still facing the same dilemma: more exposure data than they can act on, and no reliable way to decide what actually matters. 96% of security teams face challenges trying to validate whether their security risks are exploitable, while 2 in 3 state that they don’t have a consolidated view of their cyber risk exposure. - Filigran-comissioned third-party market survey on exposure validation  It’s pretty clear now that to actually benefit from CTEM, organizations needs to first utilize their cyber threat intelligence better. It is not just about better asset, vulnerability management or dealing with a single CTI provider, b...

For security leaders, the inbox remains the front door for attackers. Here’s why the smartest teams are adding adaptive, AI-driven protection to their cloud email security, not replacing them. Email is still the number-one attack vector for enterprises, and it is not even close. The FBI’s Internet Crime Complaint Center reported that business email compromise alone generated $3 billion in losses in 2024 , with AI-enabled attacks accelerating the trend ( FBI IC3 Report ). The attacks that succeed today don’t carry obvious malicious payloads. They rely on trust, tone, and timing; a spoofed vendor sending a “routine” invoice update, or a convincing impersonation of a CEO with an urgent request. No malware. No suspicious links. Just words, carefully chosen. Microsoft 365 is the backbone of productivity for most organizations, and Microsoft Defender and Exchange Online Protection do solid work catching known spam, malware, and co...

How session cookie theft bypasses MFA — and what you can do about it When you check into a hotel, you show your ID at the front desk. The clerk verifies who you are, maybe checks a secondary piece of information, and hands you a key card. From that point on, that key card is what gets you into your room. It doesn't matter that you proved your identity at check-in. What matters is who has the key. Your applications work the same way. When a user logs into a web application — entering their password, completing an MFA challenge — the application issues them a session token, typically stored as a cookie in their browser. That token is their key card. Every subsequent request the user makes, the application checks for the token, not the credentials. If the token is valid, access is granted. And if someone steals that token? They get in, too. No username required. No password required. No MFA prompt. They simply ...

We recently worked with an organization that had invested heavily in advanced security tooling, including AI-driven detection and monitoring capabilities. From a technical perspective, the environment appeared mature: alerts were firing, dashboards were populated, and risks were clearly identified.  Yet progress had stalled.  The security team and IT disagreed on ownership. Business leadership perceived cyber risk as “under control,” while the security team felt increasingly exposed and unheard. AI surfaced the signals, but no one could agree on what to do with them.  The turning point did not come from additional tooling or deeper analysis. It came from reframing the conversation.  By aligning stakeholders around clear business impact, contextualizing the findings against industry peers, and translating technical gaps into credible, board-level risk narratives that reinforced the internal security team’s concerns rather than questioning their judgment, decisions were finally ma...

While working on the Transparent Tribe’s vibeware research, we have encountered two distinct camps, the optimists and the skeptics. What makes the current dialogue unique is that both sides can be right at the same time. There is, however, a clear operational reason why we encounter "AI attacks" primarily on professional social media feeds rather than within our own telemetry logs. In this article, we analyze the factors explaining why Skynet is not here yet, and how, much like a shark, AI does not need to be innovative to be dangerous. LLM Architecture Bias LLMs are mathematically optimized to predict the most likely outcome, while hacking is the art of identifying the statistical anomaly. LLMs are designed to predict the most statistically probable next token. They are excellent at the average, but poor at the exceptional. A hacker, by contrast, is a practitioner of statistical anomaly, actively seeking the low-pro...

Vulnerability management is the continuous process of identifying, assessing, prioritizing, and addressing security weaknesses across systems, applications, and infrastructure. It extends beyond periodic scanning; it includes validating findings, understanding exposure in real-world environments, and tracking remediation over time. Effective vulnerability management combines asset visibility, vulnerability intelligence, and operational context to determine which flaws present actual risk rather than theoretical exposure. Modern IT environments further complicate the process of vulnerability management. Hybrid IT infrastructure, third-party dependencies, and internet-facing services increase the attack surface while generating large volumes of vulnerability data. Security teams must balance operational constraints, such as out-of-support legacy systems and uptime requirements, with the need to quickly reduce exposure. As a result, vulnerability management is no longer limited to coun...

Most application security (AppSec) teams know their OWASP Top 10, the industry-standard list of the most critical software security risks. Fewer know which of those categories their organization actually fixes. In conversations with security teams, I hear the same story: "We prioritize criticals, so the important stuff gets handled." The data tells a different story. Fix rates vary dramatically by OWASP vulnerability class, and not in the ways most teams expect. The data comes from Semgrep's Remediation at Scale report , which analyzed anonymized remediation patterns across 50,000+ repositories and hundreds of organizations during 2025. The methodology is straightforward: group organizations into two cohorts by fix rate (top 15% as "leaders," remaining 85% as "field"), then compare what each group actually does differently. The gap between leaders and the field isn't about detection quality or prioritization frameworks. Both cohorts apply the s...