#incident-response
26 stories taggedincident-response.

When Attacks Take Minutes, Not Days: The AI Speed Problem Defenders Now Face
Criminals using AI models can now write phishing bait, pick targets and hop between machines faster than most security teams can read the first alert.

One Person, 72 Hours, One Wrecked AWS Account: How AI Handed a Lone Criminal the Keys to a Global Enterprise
Security firm Sygnia says a single attacker used artificial intelligence to tear through a major cloud environment at a pace that would normally require a full criminal crew. The unnamed victim was extorted.

Accenture Confirms Data Breach After Hacker Claims Source Code Was Stolen
The consulting giant says the incident is contained and caused no disruption, but a hacker has publicly claimed to have taken internal source code.

Your Threat Feed Said One Thing. The Malware Said Another.
A former incident responder spent two years learning that intelligence reports, federal advisories, and foreign government bulletins all share the same quiet flaw: the copy most people read is rarely the full story.

The Gentlemen Ransomware Gang Turns Your Own IT Tools Against You
A fast-spreading criminal group is using the software your IT team trusts every day to take over company networks. The real test is not whether they got in. It is what happens next.

Chris Inglis on the Snowden Era: What NSA Got Wrong, and What CISOs Should Still Be Asking
The former NSA Deputy Director reflects on institutional failures, insider threat detection, and why 'enculturation' may matter more than access controls.

Twenty Years of Getting It Wrong: The Breaches and Blunders That Defined Modern Cybersecurity
From MGM's identity disaster to MOVEit's patch pile-up, the same failure modes keep appearing in postmortems. That's the problem.

The 2026 Vendor Survey Nobody Asked For, Except The Findings Actually Track
A survey of 1,200 practitioners says awareness is up and resilience is flat. Anyone running production already knew that.

Why SOCs Still Can't Answer 'What Happened?' — The Case for Network Detection
Alert-driven triage keeps missing context. NDR proponents argue packet truth is the only ground truth left.

Double Trouble: Two Unrelated Attacks Thrive on Unpatched SharePoint
Microsoft DART uncovers dual intrusions on same server, complicating response efforts.

War Room Debrief: How a Fictional Grocery Chain Got Crushed by APT 64
A tabletop exercise at Infosecurity Europe put ransomware, AI poisoning, and deepfake CEO videos inside a simulated supermarket attack. The blue team held the line. The red team shorted the stock anyway.

Tailscale and OpenSSH Became a Junior Operator's Back Door After His Havoc C2 Went Dark
An intrusion at a small French auto-sector firm shows how commodity remote-access tooling defeats the assumption that killing the C2 ends the incident.

Behavioral AI Pitched as Triage Layer for Phishing and ATO Floods
A vendor webinar argues that pattern-learning models can cut investigation time on BEC and account takeover incidents. The harder question: what does that mean for breach-notification timelines?

MDR's AI Reckoning: When the Old Service Model Stops Keeping Up
Managed detection and response solved a staffing problem. It is not, by itself, an answer to adversaries who automate reconnaissance and intrusion at machine speed.

Six Things SRE Teams Demand Before Handing Anything to an AI Agent
Observability gaps, missing guardrails, and opaque reasoning are the real blockers — not the AI itself.