The Hacker News | Expert Insights

Here's what keeps me up at night. Not zero-days. Not sophisticated nation-state attacks. What worries me is the backlog. Every MSP has one. The list of security configurations that need fixing. The policies have been sitting in "report only" mode since last year. The E5 features that clients are paying for but nobody's turned on because it might break something. The app registrations with excessive permissions from three years ago that nobody's audited. The conditional access policies that need updating but keep getting pushed to next quarter. We all know this backlog exists. We tell ourselves we'll get to it. But quarters turn into years, and that backlog just grows. Meanwhile, AI attackers don't have a backlog. They have automation. Most breaches in Microsoft 365 won't start with a zero-day. They'll start with a setting that's been in "report only" for two years. Example tenant: critical Conditional Access policies exist but a...

Every few years, a breach happens that security teams study for the wrong reasons. SolarWinds is a good example. When the compromised Orion update started reaching customer environments in early 2020, the signals were already there: unusual DNS requests, unexpected authentication behavior in Azure AD, odd SAML token activity, and lateral movement from on-premises Active Directory into cloud environments.  None of it looked like an attack. Each signal sat at low or medium severity, and they were scattered across domains. The attackers had close to a year of dwell time before FireEye, a victim itself, discovered the breach while investigating a stolen red-team toolkit. We tend to call SolarWinds a one-off. It wasn't.  The real lesson from that breach, and from the ones that have followed it, is structural.  SOCs are designed, staffed, and measured around routine work: phishing, endpoint detections, and user anomalies. The people, processes, dashboards, and tools are ...

Security teams have never had more telemetry. They have also never been more behind. In 2025, organizations faced an average of 1,968 cyber attacks per week , an 18% YoY increase, and nearly a 70% increase since 2023 . That’s not just “more noise.” It’s a signal that attacker throughput is scaling faster than human response models can. At the same time, the attacker playbook shifted in ways that punish slow cycles. Social engineering moved beyond email into multi-channel, cross-platform operations, including new interaction-led techniques like ClickFix, which manipulates users into executing the attack themselves. ClickFix activity increased by roughly 500% and appeared in nearly half of documented malware campaigns. And while humans remain a primary target, attackers are finding even easier traction in unpatched, unmanaged, and inherited exposures. These gaps give adversaries durable footholds long before exposure remediation is implemented. Couple that with automation, and expo...

The market is flooded with chatbots that summarize requirements, GenAI that drafts policies, and AI assistants that extract provisions from contracts. And these tools undoubtedly make existing workflows better. But when it comes to transformational technology, different is better than better.  These AI for GRC capabilities are the direct result of practitioners and vendors alike asking, "How can AI make our current workflows better?" What they should be asking is "Does AI make a completely new way of operating possible?” Agentic GRC doesn’t improve GRC workflows; it replaces them with agents. For something to earn the title agentic, it needs to take an entire workflow, including the decision-making between each step, and execute it from start to finish. Whether teams are ready for the future or not (and they should be), they need to start thinking about their workflows in an entirely new way. Here's a framework for them to do so. Why the Distinction Between AI f...

Secure Service Edge (SSE) has somehow become the default answer to a very real problem: how do you secure access in a world of GenAI, hybrid work, SaaS sprawl, unmanaged devices, and third-party users, without rebuilding your entire network? On paper, SSE looks like the modern solution. Consolidation. Centralized policy. One pane of glass. In practice, many teams discover something uncomfortable after rollout: the POC proved the architecture, not the risk reduction. The demo worked. Production didn’t. Why is this? Network “rip and replace.” - Most SSE deployments still require traffic steering, tunnels, PAC files, certificate gymnastics, and coordination across networking, identity, security, and IT just to reach baseline enforcement. That’s a lot of moving parts before you’ve reduced a single real risk. Limited browser and session visibility. - SSE platforms primarily see connections , not actions . URLs, IPs, flows. But modern risk lives inside the browser and SaaS session:...

The world of identity security is in constant motion. What was once a straightforward matter of usernames and passwords has evolved into a complex ecosystem of biometrics, hardware tokens, and zero-trust architectures. As we look toward 2026, the pace of change is only accelerating. The lines between our digital and physical identities are blurring, and the threat landscape is becoming more sophisticated. Chief Information Security Officers spend their days on the front lines of this evolution. Staying ahead isn't just about reacting to threats; it's about anticipating them to reduce risk. Based on the trends I'm seeing today, here are 9 identity security predictions for where we'll be in 2026. 1. AI will become the primary identity governance tool. Manual access reviews and role-based access control (RBAC) models are already showing their age. By 2026, AI-driven identity governance and administration (IGA) will be standard. These systems will continuously analyze u...

Brand impersonation in e-commerce has evolved beyond isolated scam websites into a repeatable, industrialized fraud model operating at global scale . CTM360’s latest threat intelligence research analyzes a coordinated campaign—referred to as FraudWear —that demonstrates how attackers are systematically exploiting consumer trust in well-known fashion brands through tens of thousands of fraudulent online stores. Unlike traditional phishing operations, these campaigns do not rely on simple deception or low-effort spoofing. Instead, they replicate the full structure and behavior of legitimate e-commerce platforms , including storefront design, product catalogs, checkout workflows, localized marketing, and payment processing. Each site functions as a disposable asset within a broader, resilient fraud ecosystem. Read the full report here: https://www.ctm360.com/reports/fraudwear-brand-impersonating-online-stores Scale and Targeting Patterns CTM360 identified more than 30,000 malicio...

According to research by IBM, organizations use an average of 83 separate security solutions. It is hardly surprising that 52% of security professionals identify complexity as the biggest impediment to effective operations. For IT and security leaders in mid-market organizations, who know they have gaps in security coverage, this challenge can feel particularly difficult to solve. At Bitdefender , we see this challenge play out consistently across mid-market environments. Most organizations have the fundamentals in place, such as Endpoint Protection Platforms (EPP), email filtering, and patch management. However, many are not fully realizing the capabilities of these existing tools. This creates security gaps and, when combined with a lack of preventative exposure management controls, severely limits visibility across attack surfaces. Maximize Your ROI: Exploit Underused Tools Many mid-market organizations already have powerful Endpoint Detection and Response (EDR) in place as part...

AI-powered browsers are changing how we use the web, but they're also creating some serious new security risks. Tools like Perplexity's Comet and Opera's Neon can summarize pages and automate tasks for you. The problem is that researchers have found these agentic copilots can be hijacked by malicious prompts hidden in ordinary webpages, essentially turning your browser against you. In August 2025, Brave's security team disclosed an indirect prompt injection against Perplexity's Comet using hidden instructions in a Reddit spoiler tag, leading Comet to extract an email address and a one-time passcode. No memory corruption, no code execution exploit. The browser simply followed instructions it couldn't distinguish from legitimate user intent. In this post, we'll look at how these attacks work, why they slip past traditional defenses, and what security teams can do to keep data safe from compromised AI agents. AI Browsers: Powerful, But a New Target AI-ena...

OT incidents rarely start with “OT attacks.” They start with ordinary enterprise weaknesses: shared credentials, remote access shortcuts, management systems that bridge zones too easily, and monitoring that stops short of operations.  When those weaknesses line up, an initial IT compromise becomes an OT event, and the deciding factor is no longer whether the activity is detected, but whether the environment can be contained and recovered without extended outage. What matters is that these failure patterns repeat across industries, which means they can be anticipated and solved - but only if recovery is treated as a security control, not an afterthought. Recurring OT Security Patterns Across Industries Sygnia is a premier cyber technology and services company, with extensive experience helping organisations' IT/OT environments respond to cyber incidents and strengthen enterprise-wide cyber security..  Across numerous OT security assessments, adversary simulations, and inc...