The so-called Syrian Electronic Army can add a few notches to its hacking belt — one for The Washington Post, CNN, and Time magazine. Those are just the latest media organizations to be hacked by the group that supports Syrian President Bashar al-Assad. Several others have already been hacked this year. This incident was different, though. Rather than target a specific media company, hackers apparently went after a third party service that many websites use, called Outbrain. Chester Wisniewski, of cybersecurity firm Sophos,  says Outbrain tries to keep you on a website with links related to the article you’re already reading.

Wisniewski suspects hackers may have gained access to Outbrain with a so-called “phishing” attack — getting someone to click on a bad link in an email. He says the best defense against hacking is still employee training. Also, engaging third party companies like Outbrain can pose an issue for company security.