Detection
How to Automate Phishing Detection to Prevent Data Theft
Phishing is no longer about badly written emails asking you to “click here.” Today’s attacks are business-grade, powered by AI and packaged in ready-to-use phishing kits. That means cybercriminals can now launch believable spearphishing campaigns in hours. For companies, this raises the stakes. A single successful phishing email can expose confidential data, disrupt operations, and…
Sophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new job
Anomaly detection in cybersecurity has long promised the ability to identify threats by highlighting deviations from expected behavior. When it comes to identifying malicious commands, however, its practical application often results in high rates of false positives – making it expensive and inefficient. But with recent innovations in AI, is there a new angle that…
An anomaly detection framework anyone can use
Sarah Alnegheimish’s research interests reside at the intersection of machine learning and systems engineering. Her objective: to make machine learning systems more accessible, transparent, and trustworthy. Alnegheimish is a PhD student in Principal Research Scientist Kalyan Veeramachaneni’s Data-to-AI group in MIT’s Laboratory for Information and Decision Systems (LIDS). Here, she commits most of her energy…
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base. This walkthrough covers what SafeLine is, how…
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and…
Why top SOC teams are shifting to Network Detection and Response
Security Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” is driving a significant need for a multi-layered approach to detecting threats, including Network Detection and…
AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case
Cybersecurity researchers have found that it’s possible to use large language models (LLMs) to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. “Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect,”…