The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories.
The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody reads about. Companies that raise the
Today, that buffer is gone.
AI didn’t make your team slower. It changed the other side of the
The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack
The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code using npm lifecycle hooks. “Npm install” is used to download and install all the necessary
“The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale,” Lumen’s
The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026-25089 (CVSS score: 9.1).
“An
It’s a statistic that sends a shiver down the backs of SME owners, managers and employees.
According to the FBI’s 2025 Internet Crime Report, business email compromise (BEC) cost US businesses more than $3 billion last year.
This makes it one of the most financially damaging cybercrimes on record.
AI has made these attacks harder to detect. The question for AP teams is no longer whether they can identify suspicious requests. It is whether the processes around payments make fraud difficult regardless of how convincing it looks.
Accounts payable sits at the intersection of trust and timing. AP teams process invoices, manage supplier details, and execute payments, often under pressure to keep operations running smoothly.
For attackers, that combination is ideal.
Most successful fraud does not involve breaking into systems.
The FBI’s Internet Crime Complaint Center (IC3) has consistently found that BEC attacks rely on impersonation. This involves posing as a trusted executive, supplier, or internal colleague to redirect payments or update bank details before anyone notices.
AI has made that impersonation dramatically more scalable.
Where it once required skill and time to craft a convincing request, tools are now widely available that automate the research, writing, and contextual tailoring that make fraud blend into normal AP workflows.
By mid-2024, an estimated 40% of BEC phishing emails were already AI-generated, with that share expected to grow significantly.
Traditional phishing relied on volume and imperfection. AI has changed that.
Modern BEC emails are grammatically correct and written in the specific tone of the executive or supplier being impersonated. They reference active projects, current invoice numbers, and upcoming payment runs.
For AP teams processing high volumes of routine communications, that level of familiarity is exactly what lowers the guard.
One of the most common AP fraud patterns involves payment redirection.
Attackers may intercept a legitimate invoice exchange and quietly alter the destination account. They then send a short message claiming a supplier has updated its banking details, or re-issue a real invoice with minor modifications.
The surrounding content looks entirely legitimate because, in many cases, it is drawn from real correspondence.
Email isn’t the only channel being exploited.
AI voice-cloning tools can replicate a person’s voice from a short audio sample. That makes it possible to leave convincing voicemails or place calls that sound like a known executive.
For AP teams accustomed to verbal approvals on high-value or urgent payments, this removes one of the few remaining verification methods that email security alone cannot address.
Security awareness training still matters, and investing in it remains worthwhile. But AI has changed what AP teams are up against.
Attacks no longer contain the signals that training programs once focused on: awkward phrasing, mismatched logos, odd sender addresses, or generic greetings.
Modern fraud emails can reference the recipient’s organization, active suppliers, and current invoice values drawn from publicly available or previously intercepted sources.
When a fraudulent request is indistinguishable from a legitimate one, placing the burden of detection on the AP team puts it in the wrong place.
The organizations that reduce risk are not asking staff to be more suspicious. They are building verification processes that work independent of how a message looks.
The most effective defense is not sharper instincts. It is removing ambiguity from high-risk actions.
Any request to change supplier bank details or approve an urgent payment outside the normal cycle should require secondary confirmation through a known, independent channel — not a reply to the same email thread. Calling a supplier on a number already on file, or confirming with a colleague directly, breaks the impersonation chain regardless of how convincing the original request appeared. This step does not require technology. It requires a written procedure and the team’s habit of following it.
Restricting access to financial systems and enforcing multi-factor authentication limits the damage a compromised account can cause. If an attacker gains access to a vendor’s email, MFA requirements on the receiving end create friction that can slow or stop a fraudulent change before any money moves.
Fraud prevention improves when staff feel safe questioning requests, including from senior leadership.
A team member who pauses a payment to verify it is not being obstructive. They are doing exactly what good process requires.
Building that culture starts with leadership modeling the behavior and making clear that slowing down on high-risk actions is always the right call.
The FBI’s 2025 Internet Crime Report included a dedicated AI section for the first time, logging more than $893 million in AI-enabled scam losses across more than 22,000 complaints.
When verification is standard and questioning is encouraged, AI-enhanced fraud loses much of its advantage.
The technology attackers use is advancing quickly, but the process controls that contain the damage do not have to be complicated. They have to be consistent.
Concerned about AI-enhanced fraud targeting your finance teams or clients?
Contact us or schedule a consultation to review your current controls and identify where the most important gaps are.
—
This Article has been Republished with Permission from The Technology Press.
Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads “stable” as “secure.” It usually isn’t. The work slows down. The risk does not.
That gap is what a The Hacker News webinar with Picus Security sets out to close.
Autumn
Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber
“On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” the company revealed in an advisory that requires customer access. “The update concerned a security issue that could allow an unauthenticated user, in