Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.

Processes and Culture Top Reasons Behind Data Breaches

Government leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short.

Windows Zero-Day Barrage Continues After Patch Tuesday

YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.

CISA Exposes Secrets, Credentials in 'Private' Repo

The agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.

'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments

The now patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence.

Boulevard of Broken Dreams: 2 Decades of Cyber Fails

From the MGM and Caesars fiasco and MOVEit's patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistakes, miscalculations, systemic failures, and cringeworthy moments that still have us shaking our heads.