Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection

Exploitation of the flaw, tracked as CVE-2025-10035, is highly dependent on whether systems are exposed to the Internet, according to Fortra.

'ShadowLeak' ChatGPT Attack Allows Hackers to Invisibly Steal Emails

The loophole allows cyberattackers to exfiltrate company data via OpenAI's infrastructure, leaving no trace at all on enterprise systems.

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks.

7 Lessons for Securing AI Transformation From Former CIA Digital Guru

Jennifer Ewbank, former CIA deputy director of digital innovation, discusses resilience, cultural shifts, and cyber fundamentals in the AI era.

TikTok Deal Won't End Enterprise Risks

The proposed restructuring plan would address many concerns related to the social media platform, but risks remain for security teams.

SonicWall Breached, Firewall Backup Data Exposed

Threat actors breached the MySonicWall service and accessed backup firewall configuration files belonging to "fewer than 5%" of its install base, according to the company.

Mastering Digital Breadcrumbs to Stay Ahead of Evolving Threats

Digital forensics offers a challenging but rewarding career path for cybersecurity professionals willing to invest in specialized knowledge and continuous learning.

The Cloud Edge Is The New Attack Surface

The cloud now acts as the connecting infrastructure for many companies' assets — from IoT devices to workstations to applications and workloads — exposing the edge to threats.

Microsoft Disrupts 'RaccoonO365' Phishing Service

Phishing-as-a-service (PhaaS) kits have become an increasingly popular way for lower-skill individuals who want to get into cybercrime.

'Scattered Lapsus$ Hunters,' Others Announce End of Hacking Spree

Though the groups have shared their decision to go dark, threat researchers say there are signs that it's business as usual.

North Korean Group Targets South With Military ID Deepfakes

The North Korea-linked group Kimsuky used ChatGPT to create deepfakes of military ID documents in an attempt to compromise South Korean targets.

Critical Bugs in Chaos Mesh Enable Cluster Takeover

"Chaotic Deputy" is a set of four vulnerabilities in the chaos engineering platform that many organizations use to test the resilience of their Kubernetes environments.

'Vane Viper' Threat Group Tied to PropellerAds, Commercial Entities

Researchers say the commercial adtech platform and several other companies form the infrastructure of a massive cybercrime operation.

'HybridPetya' Ransomware Bypasses Secure Boot

The malware, which has traits of Petya ransomware and the infamous NotPetya wiper, is designed to target UEFI-based systems, according to researchers.

SecurityScorecard Buys AI Automation Capabilities, Boosts Vendor Risk Management

The company acquired HyperComply to help enterprises automate vendor security reviews and gain a real-time picture of the security of their entire supply chain.

FBI Warns of Threat Actors Hitting Salesforce Customers

The FBI's IC3 recently warned of two threat actors, UNC6040 and UNC6395, targeting Salesforce customers, separately and in tandem.

'Lies-in-the-Loop' Attack Defeats AI Coding Agents

Researchers convince Anthropic's AI-assisted coding tool to engage in dangerous behavior by lying to it, paving the way for a supply chain attack.

French Advisory Sheds Light on Apple Spyware Activity

CERT-FR's advisory follows last month's disclosure of a zero-day flaw Apple said was used in "sophisticated" attacks against targeted individuals.

'Gentlemen' Ransomware Abuses Vulnerable Driver to Kill Security Gear

By weaponizing the ThrottleStop.sys driver, attackers are disrupting antivirus and endpoint detection and response (EDR) systems.

AI-Enhanced Malware Sports Super-Stealthy Tactics

With legit sounding names, EvilAI's "productivity" apps are reviving classic threats like Trojans while adding new evasion capabilities against modern antivirus defenses.

Vidar Infostealer Back with a Vengeance

The pervasive Vidar infostealer has evolved with a suite of new evasion techniques and covert data exfiltration methods, according to researchers.

'K2 Think' AI Model Jailbroken Mere Hours After Release

Researchers discovered that measures designed to make AI more transparent to users and regulators can also make it easier for bad actors to abuse.

Russian APT Attacks Kazakhstan's Largest Oil Company

Researchers say a likely Russian APT used a compromised employee email account to attack Kazakhstan's biggest company, though the oil and gas firm claims it was a pen test.

Students Pose Inside Threat to Education Sector

The threats may not be malicious, but they are more than many security teams can handle.

Chinese Hackers Allegedly Pose as US Lawmaker

Chinese state-backed threat actors are suspected of posing as Michigan congressman John Moolenaar in a series of spearphishing attacks.

EoP Flaws Again Lead Microsoft Patch Day

Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.

Qantas Reduces Executive Pay Following Cyberattack

The data breach, which occurred earlier this year, saw threat actors compromise a third-party platform to obtain Qantas customers' personal information.

Huge NPM Supply-Chain Attack Goes Out With Whimper

Threat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads.

Salty2FA Takes Phishing Kits to Enterprise Level

Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.

SentinelOne Announces Plans to Acquire Observo AI

The combined company will help customers separate data ingestion from SIEM, to improve detection and performance.

'MostereRAT' Malware Blends In, Blocks Security Tools

A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems.

Salesloft Breached via GitHub Account Compromise

The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.

45 New Domains Linked to Salt Typhoon, UNC4841

The China-backed threat actors have used the previously undiscovered infrastructure to obtain long-term, stealthy access to targeted organizations.

Scammers Are Using Grok to Spread Malicious Links on X

It's called "grokking," and gives spammers a way to skirt X's ban on links in promoted posts and reach larger audiences than ever before.

Anyone Using Agentic AI Needs to Understand Toxic Flows

The biggest vulnerabilities may lie at the boundaries of where the AI agent connects with the enterprise system.

ISC2 Aims to Bridge DFIR Skill Gap with New Certificate

The Nonprofit organization launched the Threat Handling Foundations Certificate amid mounting incident and breach disclosures.

Czech Warning Highlights China Stealing User Data

Czech cyber agency NÚKIB warned of the risks of using products and software that send data back to China.

Blast Radius of Salesloft Drift Attacks Remains Uncertain

Many high-profile Salesloft Drift customers have disclosed data breaches as a result of a recent supply-chain attack, but the extent and severity of this campaign are unclear.

Japan, South Korea Take Aim at North Korean IT Worker Scam

With the continued success of North Korea's IT worker scams, Asia-Pacific nations are working with private firms to blunt the scheme's effectiveness.

Cloudflare Holds Back the Tide on 11.5Tbps DDoS Attack

It's the equivalent of watching more than 9,350 full-length HD movies or streaming 7,480 hours of high-def video nonstop in less than a minute.

Hacked Routers Linger on the Internet for Years, Data Shows

While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked.

Amazon Stymies APT29 Credential Theft Campaign

A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.

Zscaler, Palo Alto Networks Breached via Salesloft Drift

Two major security firms suffered downstream compromises as part of a large-scale supply chain attack involving Salesloft Drift, a marketing SaaS application from Salesforce.

Jaguar Land Rover Shuts Down in Scramble to Secure 'Cyber Incident'

The luxury automaker said its retail and production activities have been "severely disrupted."

JSON Config File Leaks Azure ActiveDirectory Credentials

In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments.

Hackers Are Sophisticated & Impatient — That Can Be Good

You can't negotiate with hackers from a place of fear — but you can turn their urgency against them with the right playbook, people, and preparation.

NIST Enhances Security Controls for Improved Patching

The U.S. National Institute of Standards and Technology released Security and Privacy Control version 5.2.0 to help organizations be more proactive regarding patching.

Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups

Flashpoint published its 2025 midyear ransomware report that highlighted the top five most prolific groups currently in operation.

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

One of the most sophisticated supply chain attacks to date caused immense amounts of data to leak to the Web in a matter of hours.

Dark Reading Confidential: A Guided Tour of Today's Dark Web

Dark Reading Confidential Episode 9: Join us for a look around today's Dark Web, and find out how law enforcement, AI, nation-state activities, and more are reshaping the way cybercriminals conduct their dirty business online. Keith Jarvis, senior security researcher at Sophos' Counter Threat Unit joins Dark Reading's Alex Culafi for a conversation you don't want to miss.

'ZipLine' Phishers Flip Script as Victims Email First

"ZipLine" appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors.

China Hijacks Captive Portals to Spy on Asian Diplomats

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.

Google: Salesforce Attacks Stemmed From Third-Party App

A group tracked as UNC6395 engaged in "widespread data theft" via compromised OAuth tokens from a third-party app called Salesloft Drift.

Malicious Scanning Waves Slam Remote Desktop Services

Researchers say the huge spike of coordinated scanning for Microsoft RDP services could indicate the existence of a new, as-yet-undisclosed vulnerability.

Data I/O Becomes Latest Ransomware Attack Victim

The "incident" led to outages affecting a variety of the tech company's operations, though the full scope of the breach is unknown.

Hook Android Trojan Now Delivers Ransomware-Style Attacks

New features to take over smartphones and monitor user activity demonstrate the continued evolution of the malware, which is now being spread on GitHub.

Hackers Lay In Wait, Then Knocked Out Iran Ship Comms

Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list.

ClickFix Attack Tricks AI Summaries Into Pushing Malware

Because instructions appear to come from AI-generated content summaries and not an external source, the victim is more likely to follow them without suspicion.

Fast-Spreading, Complex Phishing Campaign Installs RATs

Attackers not only steal credentials but also can maintain long-term, persistent access to corporate networks through the global campaign.

Securing the Cloud in an Age of Escalating Cyber Threats

As threats intensify and cloud adoption expands, organizations must leave outdated security models behind.

Silk Typhoon Attacks North American Orgs in the Cloud

A Chinese APT is going where most APTs don't: deep into the cloud, compromising supply chains and deploying uncommon malware.

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds

Music tastes, location information, even encrypted messages — Apple's servers are gathering a "surprising" amount of personal data through Apple Intelligence, Lumia Security's Yoav Magid warns in his new analysis.

Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0'

The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds.

Why Video Game Anti-Cheat Systems Are a Cybersecurity Goldmine

Sam Collins and Marius Muench of the University of Birmingham, UK, join the Black Hat USA 2025 News Desk to explain how anti-cheat systems in video games provide valuable lessons on defending against threat actors' techniques and strategies.

Hackers Abuse VPS Infrastructure for Stealth, Speed

New research highlights how threat actors abuse legitimate virtual private server offerings in order to spin up infrastructure cheaply, quietly, and fast.

Tree of AST: A Bug-Hunting Framework Powered by LLMs

Teenaged security researchers Sasha Zyuzin and Ruikai Peng discuss how their new vulnerability discovery framework leverages LLMs to address limitations of the past.

FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw

In the past year, "Static Tundra," aka "Energetic Bear," has breached thousands of end-of-life Cisco devices unpatched against a 2018 flaw, in a campaign targeting enterprises and critical infrastructure.

Hacker Finds Flaws in McDonald’s Staff, Partner Hubs

Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up.

'RingReaper' Sneaks Right Past Linux EDRs

The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.

AI Agents Access Everything, Fall to Zero-Click Exploit

Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" —and what that means for cyber risk.

Millions Allegedly Affected in Allianz Insurance Breach

Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.

PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain

Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.

'DripDropper' Hackers Patch Their Own Exploit

An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.

Secure AI Use Without the Blind Spots

Why every company needs a clear, enforceable AI policy — now.

Noodlophile Stealer Hides Behind Bogus Copyright Complaints

Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures.

Workday Breach Likely Linked to ShinyHunters Salesforce Attacks

The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system, but did not gain access to customer information; only 'commonly available' business contact info was exposed.

Internet-wide Vulnerability Enables Giant DDoS Attacks

A good chunk of all websites today have been affected by the biggest DDoS risk on the Web since 2023.

Defending Against Cloud Threats Across Multicloud Environments

The vast majority of companies are using more than one cloud platform, yet struggle to establish and monitor security across different environments giving attackers an opening.

New Quantum-Safe Alliance Aims to Accelerate PQC Implementation

The new Quantum-Safe 360 Alliance will provide road maps, technology, and services to help organizations navigate the post-quantum cryptography transition before the 2030 deadline.

New Crypto24 Ransomware Attacks Bypass EDR

While several cybercrime groups have embraced "EDR killers," researchers say the deep knowledge and technical skills demonstrated by Crypto24 signify a dangerous escalation.

Colt Telecommunications Struggles in Wake of Cyber Incident

The UK telco said it temporarily took some systems offline as a "protective" measure in its investigation.

How Maclaren Racing Gets From the Browser to the Track

In a conversation with Dark Reading's Terry Sweeney, Dr. Lisa Jarman from McLaren Racing says cutting-edge innovation must coexist with rigorous security protocols.

Cybersecurity Spending Slows & Security Teams Shrink

Security budgets are lowest in healthcare, professional and business services, retail, and hospitality, but budget growth remained above 5% in financial services, insurance, and tech.

Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web

Dark Reading's Terry Sweeney and Google Cloud Security's Jason Kemmerer discuss how organizations can secure the modern workplace with zero trust browser protection for remote and hybrid teams.

Whispers of XZ Utils Backdoor Live on in Old Docker Images

Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," given the improbability they'd be exploited.

How an AI-Based 'Pen Tester' Became a Top Bug Hunter on HackerOne

AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform's US leaderboard.

Patch Now: Attackers Target OT Networks via Critical RCE Flaw

Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development.

What the LockBit 4.0 Leak Reveals About RaaS Groups

The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.

China Questions Security of AI Chips From Nvidia, AMD

The US banned the sale of AI chips to China and then backed off. Now, Chinese sources are calling on NVIDIA to prove its AI chips have no backdoors.

Elevation-of-Privilege Vulns Dominate Microsoft's Patch Tuesday

The company's August security update consisted of patches for 111 unique Common Vulnerabilities and Exposures (CVEs).

Black Hat NOC Expands AI Implementation Across Security Operations

Corelight's James Pope gave Dark Reading an inside look at this year's Black Hat Network Operations Center, detailing security challenges and rising trends — many related to increased AI use.

BlackSuit Ransomware Takes an Infrastructure Hit From Law Enforcement

A swarm of US agencies joined with international partners to take down servers and domains and seize more than $1 million associated with BlackSuit (Royal) ransomware operations, a group that has been a chronic, persistent threat against critical infrastructure.

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack

REvil affiliate Yaroslav Vasinskyi, who was convicted last year for his role in the 2021 Kaseya ransomware supply chain attack, said the Russian government was instrumental to the attack's execution.

Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours

Researchers paired the jailbreaking technique with storytelling in an attack flow that used no inappropriate language to guide the LLM into producing directions for making a Molotov cocktail.

Utilities, Factories at Risk From Encryption Holes in Industrial Protocol

The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways.

Will Secure AI Be the Hottest Career Path in Cybersecurity?

Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional demands.

860K Compromised in Columbia University Data Breach

While no data has yet to be misused, the university doesn't rule out the possibility of that occurring in the future, prompting it to warn affected individuals to remain vigilant in the wake of the breach.

BigID Launches Shadow AI Discovery to Uncover Rogue Models and Risky AI Data

PwC Announces Addition of Morgan Adamski to Leadership of Cyber, Data & Technology Risk Platform

Ransomware Attacks Fall by Almost Half in Q2

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.

Citizen Lab Founder Flags Rise of US Authoritarianism

Citizen Lab director and founder Ron Deibert explained how civil society is locked in "vicious cycle," and human rights are being abused as a result, covering Israeli spyware, the Khashoggi killing, and an erosion of democratic norms in the US.

Payback: 'ShinyHunters' Clocks Google via Salesforce

In 2024, it was Snowflake. In 2025, it's Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international megaliths like Google, Cisco, and Adidas.

Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults

Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.

'ReVault' Security Flaws Impact Millions of Dell Laptops

The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.

Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights

Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.

Pandora Confirms Third-Party Data Breach, Warns of Phishing Attempts

The jewelry retailer is warning customers that their data can and might be used maliciously.

Cisco User Data Stolen in Vishing Attack

The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including email addresses and phone numbers.

Google Chrome Enterprise: More Than an Access Point to the Web

In a conversation with Dark Reading's Terry Sweeney, Lauren Miskelly from Google explains that Chrome Enterprise is the same Chrome browser that consumers use, but with additional enterprise-grade controls, reporting capabilities, and administrative features.

Threat Actors Increasingly Leaning on GenAI Tools

From "eCrime" actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations.

42% of Developers Using AI Say Their Codebase is Now Mostly AI-Generated

Akira Ramps Up Assault on SonicWall Firewalls, Suggesting Zero-Day

An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation.

Turning Human Vulnerability Into Organizational Strength

Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.

What Is the Role of Provable Randomness in Cybersecurity?

Random numbers are the cornerstone of cryptographic security — cryptography depends on generating random keys. As organizations adopt quantum-resistant algorithms, it's equally important to examine the randomness underpinning them

Dark Reading News Desk Turns 10, Back at Black Hat USA for 2025

Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on the latest research from Black Hat — no trip to Las Vegas required.

ISC2 Launches New Security Certificate for AI Expertise

ISC2 is launching a 6-course certification program to address the growing demand for AI security expertise. Courses cover topics such as AI fundamentals, ethics, and risks.

Gen Z Falls for Scams 2x More Than Older Generations

Forget gullible old people — Gen Z is the most at-risk age group on the Web. Older folks might want to ignore it, but employers are likely to feel the brunt.

DragonForce Ransom Cartel Profits Off Rivals' Demise

The fall of RansomHub led to a major consolidation of the ransomware ecosystem last quarter, which was a boon for the DragonForce and Qilin gangs.

SafePay Claims Ingram Micro Breach, Sets Ransom Deadline

The ransomware gang claims to have stolen 3.5TB of data, and told the technology distributor to pay up or suffer a data breach.

3 Things CFOs Need to Know About Mitigating Threats

To reposition cybersecurity as a strategic, business-critical investment, CFOs and CISOs play a critical role in articulating the significant ROI that robust security measures can deliver.

Inside the FBI's Strategy for Prosecuting Ransomware

The US government is throwing the book at even mid-level cybercriminals. Is it just, and is it working?

Koreans Hacked, Blackmailed by 250+ Fake Mobile Apps

A swath of copycat Korean apps are hiding spyware, occasionally leading to highly personal, disturbing extortions.

Silk Typhoon Linked to Powerful Offensive Tools, PRC-Backed Companies

An unsealed indictment associated with the Chinese threat group shows its members worked for companies closely aligned with the PRC as part of a larger contractor ecosystem.

The CrowdStrike Outage Was Bad, but It Could Have Been Worse

A year after the largest outage in IT history, organizations need to make an active effort to diversify their technology and software vendors and create a more resilient cyber ecosystem moving forward.

Attackers Can Use Browser Extensions to Inject AI Prompts

A proof-of-concept attack shows how threat actors can use a poisoned browser extension to inject malicious prompts into a generative AI tool.

African Orgs Fall to Mass Microsoft SharePoint Exploits

The National Treasury of South Africa is among the half-dozen known victims in South Africa — along with other nations — of the mass compromise of on-premises Microsoft SharePoint servers.

Nimble 'Gunra' Ransomware Evolves With Linux Variant

The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption.

New Risk Index Helps Organizations Tackle Cloud Security Chaos

Enterprises can use the IaC Risk Index to identify vulnerable cloud resources in their infrastructure-as-code environment which are not managed or governed.

Insurance Giant Allianz Life Grapples With Breach Affecting 'Majority' of Customers

The company has yet to report an exact number of how many individuals were impacted by the breach and plans to start the notification process around Aug. 1.

Chaos Ransomware Rises as BlackSuit Gang Falls

Researchers detailed a newer double-extortion ransomware group made up of former members of BlackSuit, which was recently disrupted by international law enforcement.

Sophisticated Shuyal Stealer Targets 19 Browsers, Demonstrates Advanced Evasion

A new infostealing malware making the rounds can exfiltrate credentials and other system data even from browsing software considered more privacy-focused than mainstream options.

How to Spot Malicious AI Agents Before They Strike

The rise of agentic AI means the battle of the machines is just beginning. To win, we'll need our own agents — human and machine — working together.

Cyber Career Opportunities: Weighing Certifications vs. Degrees

Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry.

'Fire Ant' Cyber Spies Compromise Siloed VMware Systems

Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims' networks.

AI-Generated Linux Miner 'Koske' Beats Human Malware

AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do.

North Korea's IT Worker Rampage Continues Amid DoJ Action

Arrests and indictments keep coming, but the North Korean fake IT worker scheme is only snowballing, and businesses can't afford to assume their applicant-screening processes are up to the task of weeding the imposters out.

The Young and the Restless: Young Cybercriminals Raise Concerns

National governments warn that many hacker groups attract young people through a sense of community, fame, or the promise of money and the perception of a lack of risk of prosecution.

Can Security Culture Be Taught? AWS Says Yes

Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key.

Ransomware Actors Pile on 'ToolShell' SharePoint Bugs

Storm-2603, a China-based threat actor, is targeting SharePoint customers in an ongoing ransomware campaign.

Department of Education Site Mimicked in Phishing Scheme

An ongoing phishing campaign is using fake versions of the department's G5 grant portal, taking advantage of political turmoil associated with the DoE's 1,400 layoffs.

US Nuclear Agency Hacked in Microsoft SharePoint Frenzy

Threat actors are piling on the zero-day vulnerabilities in SharePoint, including at least three Chinese nation-state cyberespionage groups.

Microsoft Integrates Data Lake With Sentinel SIEM

Microsoft Sentinel Data Lake aims to provide inexpensive storage for large volumes of telemetry, while threat intelligence will be included with Defender XDR at no extra cost.

CISO Conversations: How IT and OT Security Worlds Are Converging

Dark Reading's Kelly Jackson Higgins interviews Carmine Valente, Deputy CISO at Con Edison, about his role at the New York-based electric utility and the state of IT and OT security. Valente highlights current threats like ransomware and supply chain attacks, as well as the impact of AI on both defense and threats.

China Introduces National Cyber ID Amid Privacy Concerns

China officially rolled out a voluntary Internet identity system to protect citizens' online identities and personal information, but critics worry about privacy and surveillance.

3 China Nation-State Actors Target SharePoint Bugs

Hackers and cybercrime groups are part of a virtual feeding frenzy, after Microsoft's recent disclosure of new vulnerabilities in on-premises editions of SharePoint Server.

Human Digital Twins Could Give Attackers a Dangerous Advantage

While this emerging technology offers many benefits, digital twins also have several drawbacks, as these convincing impersonations can be used in social engineering attacks.

China-Backed APT41 Cyberattack Surfaces in Africa

Up to now, the prolific China-sponsored cyber-espionage group has been mostly absent from the region, but a sophisticated and highly targeted attack on an African IT company shows Beijing is branching out.

Malicious Implants Are Coming to AI Components, Applications

A red teamer is publishing research next month about how weaknesses in modern security products lay the groundwork for stealthy implants in AI-powered applications.

Europol Sting Leaves Russian Cybercrime's 'NoName057(16)' Group Fractured

National authorities have issued seven arrest warrants in total relating to the cybercrime collective known as NoName057(16), which recruits followers to carry out DDoS attacks on perceived enemies of Russia.

Containment as a Core Security Strategy

We cannot keep reacting to vulnerabilities as they emerge. We must assume the presence of unknown threats and reduce the blast radius that they can affect.

'PoisonSeed' Attacker Skates Around FIDO Keys

Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.

Printer Security Gaps: A Broad, Leafy Avenue to Compromise

Security teams aren't patching firmware promptly, no one's vetting the endpoints before purchase, and visibility into potential dangers is limited — despite more and more cyberattackers targeting printers as a matter of course.

Armenian Extradited to US Over Ryuk Ransomware

The suspect faces three charges for his alleged crimes that could earn him up to five years in federal prison, and a heap of fines.

Why Cybersecurity Still Matters for America's Schools

Cyberattacks on educational institutions are growing. But with budget constraints and funding shortfalls, leadership teams are questioning whether — and how — they can keep their institutions safe.

ISC2 Finds Orgs Are Increasingly Leaning on AI

While many organizations are eagerly integrating AI into their workflows and cybersecurity practices, some remain undecided and even concerned about potential drawbacks of AI deployment.

Women Who 'Hacked the Status Quo' Aim to Inspire Cybersecurity Careers

A group of female cybersecurity pioneers will share what they've learned about navigating a field dominated by men, in order to help other women empower themselves and pursue successful cybersecurity careers.

Cognida.ai Launches Codien: An AI Agent to Modernize Legacy Test Automation and Fast-Track Test Creation

AI Is Reshaping How Attorneys Practice Law

Experts recommend enhanced AI literacy, training around the ethics of using AI, and verification protocols to maintain credibility in an increasingly AI-influenced courtroom.

AsyncRAT Spawns Concerning Labyrinth of Forks

Since surfacing on GitHub in 2019, AsyncRAT has become a poster child for how open source malware can democratize cybercrime, with a mazelike footprint of variants available across the spectrum of functionality.

Attackers Abuse AWS Cloud to Target Southeast Asian Governments

The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities.

MITRE Launches AADAPT Framework for Financial Systems

The new framework is modeled after and meant to complement the MITRE ATT&CK framework, and it is aimed at detecting and responding to cyberattacks on cryptocurrency assets and other financial targets.

Web-Inject Campaign Debuts Fresh Interlock RAT Variant

A cyber-threat campaign is using legitimate websites to inject victims with remote access Trojans belonging to the Interlock ransomware group, in order to gain control of devices.

Military Veterans May Be What Cybersecurity Is Looking For

As the field struggles with a shortage, programs that aim to provide veterans with the technical skills needed to succeed in cybersecurity may be the solution for everyone.

Google Gemini AI Bug Allows Invisible, Malicious Prompts

A prompt-injection vulnerability in the AI assistant allows attackers to create messages that appear to be legitimate Google Security alerts but instead can be used to target users across various Google products with vishing and phishing.

The Dark Side of Global Power Shifts & Demographic Decline

As global power realigns and economies falter, the rise in cybercrime is no longer hypothetical — it's inevitable.

350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE

Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be exposed to a vulnerable Bluetooth implementation called "PerfektBlue."

eSIM Bug in Millions of Phones Enables Spying, Takeover

eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards.

Ingram Micro Up and Running After Ransomware Attack

Customers were the first to notice the disruption on the distributor's website when they couldn't place orders online.

4 Arrested in UK Over M&S, Co-op, Harrods Hacks

The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.

AirMDR Tackles Security Burdens for SMBs With AI

This security startup provides managed detection and response services for small-to-midsized businesses to detect and address modern threats such as ransomware, phishing attacks, and malicious insiders.

North American APT Uses Exchange Zero-Day to Attack China

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.

A NVIDIA Container Bug & Chance to Harden Kubernetes

A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.

New AI Malware PoC Reliably Evades Microsoft Defender

Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.

South Korean Government Imposes Penalties on SK Telecom for Breach

Following a breach at the country's top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.

Malicious Open Source Packages Spike 188% YoY

Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.

Suspected Hacker Linked to Silk Typhoon Arrested in Milan

The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers.

DPRK macOS 'NimDoor' Malware Targets Web3, Crypto Platforms

Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests.

Ransomware Attack Triggers Widespread Outage at Ingram Micro

The outage began shortly before the July 4 holiday weekend and caused disruptions for customer ordering and other services provided by the IT distributor.

'Hunters International' RaaS Group Closes Its Doors

The announcement comes just months after security researchers observed that the group was making the transition to rebrand to World Leaks, a data theft outfit.

Chrome Store Features Extension Poisoned With Sophisticated Spyware

A color picker for Google's browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites.

US Treasury Sanctions BPH Provider Aeza Group

In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.

Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing

A Russian APT known as "Gamaredon" is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine.

ClickFix Spin-off Attack Bypasses Key Browser Safeguards

A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware.

1 Year Later: Lessons Learned From the CrowdStrike Outage

The ever-growing volume of vulnerabilities and threats requires organizations to remain resilient and anti-fragile — that is, to be able to proactively respond to issues and continuously improve.

Scope, Scale of Spurious North Korean IT Workers Emerges

Microsoft warns thousands of North Korean workers have infiltrated tech, manufacturing, and transportation sectors to steal money and data.

We've All Been Wrong: Phishing Training Doesn't Work

Teaching employees to detect malicious emails isn't really having an impact. What other options do organizations have?

DoJ Disrupts North Korean IT Worker Scheme Across Multiple US States

The US also conducted searches of 29 "laptop farms" across 16 states and seized 29 financial accounts used to launder funds.

Scattered Spider Hacking Spree Continues With Airline Sector Attacks

Microsoft has called the hacker collective one of the most dangerous current cyberthreats.

Chinese Company Hikvision Banned By Canadian Government

Though the company's video surveillance products will be prohibited for government use, individuals and private businesses can still buy the vendor's products.

Airoha Chip Vulns Put Sony, Bose Earbuds & Headphones at Risk

The vulnerabilities, which have yet to be published, could allow a threat actor to hijack not only Bluetooth earbuds and headphones but also the devices connected to them.

AI-Themed SEO Poisoning Attacks Spread Info, Crypto Stealers

Malicious websites designed to rank high in Google search results for ChatGPT and Luma AI deliver the Lumma and Vidar infostealers and other malware.

Why Cybersecurity Should Come Before AI in Schools

The sooner we integrate cybersecurity basics into school curriculum, the stronger and more resilient our children — and their futures — will be.

Top Apple, Google VPN Apps May Help China Spy on Users

Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers allege.

'CitrixBleed 2' Shows Signs of Active Exploitation

If exploited, the critical vulnerability allows attackers to maintain access for longer periods of time than the original CitrixBleed flaw, all while remaining undetected.

Scattered Spider Taps CFO Credentials in 'Scorched Earth' Attack

In a recent intrusion, the notorious cybercriminal collective accessed CyberArk vaults and obtained more 1,400 secrets, subverted Azure, VMware, and Snowflake environments, and for the first known time, actively fought back against incident response teams.

Vulnerability Debt: How Do You Put a Price on What to Fix?

Putting a vulnerability debt figure together involves work, but having vulnerability debt figures lets you measure real-world values against your overall security posture.

US Falling Behind China in Exploit Production

Cyber operations have become critical to national security, but the United States has fallen behind in one significant area — exploit production — while China has built up a significant lead.

'Cyber Fattah' Hacktivist Group Leaks Saudi Games Data

As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape.

'IntelBroker' Suspect Arrested, Charged in High-Profile Breaches

A British national arrested earlier this year in France was charged by the US Department of Justice in connection with a string of major cyberattacks.

Charming Kitten APT Tries Spying on Israeli Cybersecurity Experts

Israel's cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks.

And Now Malware That Tells AI to Ignore It?

Though rudimentary and largely non-functional, the wryly named "Skynet" binary could be a harbinger of things to come on the malware front.

Millions of Brother Printers Hit by Critical, Unpatchable Bug

A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.

CISA is Shrinking: What Does it Mean for Cyber?

Dark Reading Confidential Episode 7: Cyber experts Tom Parker and Jake Williams offer their views on the practical impact of cuts to the US Cybersecurity and Infrastructure Security Agency.

Africa Sees Surge in Cybercrime as Law Enforcement Struggles

Cybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off.

Threat Actor Trojanizes Copy of SonicWall NetExtender VPN App

A threat actor hacked a version of SonicWall's NetExtender SSL VPN application in an effort to trick users into installing a Trojanized version of the product.

China-Nexus 'LapDogs' Network Thrives on Backdoored SOHO Devices

The campaign infected devices in the US and Southeast Asia to build an operational relay box (ORB) network for use as an extensive cyber-espionage infrastructure.

Steel Giant Nucor Confirms Data Stolen in Cyberattack

America's largest steel producer initially disclosed the breach in May and took potentially affected systems offline to investigation the intrusion and contain any malicious activity.

Citrix Patches Critical Vulns in NetScaler ADC and Gateway

Citrix is recommending its customers upgrade their appliances to mitigate potential exploitation of the vulnerabilities.

'Echo Chamber' Attack Blows Past AI Guardrails

An AI security researcher has developed a proof of concept that uses subtle, seemingly benign prompts to get GPT and Gemini to generate inappropriate content.

DHS Warns of Rise in Cyberattacks in Light of US-Iran Conflict

After President's Trump decision to enter the US into the conflict in the Middle East, the Department of Homeland Security expects there to be an uptick in Iranian hacktivists and state-sponsored actors targeting US systems.

Attackers Use Docker APIs, Tor Anonymity in Stealthy Crypto Heist

The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners.

A CISO's AI Playbook

In a market where security budgets flatten while threats accelerate, improving analyst throughput is fiscal stewardship.

AWS Enhances Cloud Security With Better Visibility Features

At this week's re:Inforce 2025 conference, the cloud giant introduced new capabilities to several core security products to provide customers with better visibility and more context on potential threats.

Hackers Post Dozens of Malicious Copycat Repos to GitHub

As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.

How Cyberwarfare Changes the Face of Geopolitical Conflict

As geopolitical tensions rise, the use of cyber operations and hacktivists continues to grow, with the current conflict between Israel and Iran showing the new face of cyber-augmented war.

Telecom Giant Viasat Is Latest Salt Typhoon Victim

The communications company shared the discoveries of its investigation with government partners, but there is little information they can publicly disclose other than that there seems to be no impact to customers.

How to Lock Down the No-Code Supply Chain Attack Surface

Securing the no-code supply chain isn't just about mitigating risks — it's about enabling the business to innovate with confidence.

OpenAI Awarded $200M Contract to Work With DoD

OpenAI intends to help streamline the Defense Department's administrative processes using artificial intelligence.

New Tool Traps Jitters to Detect Beacons

Concerned by rapidly evolving evasion tactics, the new Jitter-Trap tool from Varonis aims to help organizations detect beacons that help attackers establish communication inside a victim network.

The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped

Many cybersecurity professionals still don't feel comfortable admitting when they need a break. And the impact goes beyond being overworked.

GodFather Banking Trojan Debuts Virtualization Tactic

The Android malware is targeting Turkish financial institutions, completely taking over legitimate banking and crypto apps by creating an isolated virtualized environment on a device.

Serpentine#Cloud Uses Cloudflare Tunnels in Sneak Attacks

An unidentified threat actor is using .lnk Windows shortcut files in a series of sophisticated attacks utilizing in-memory code execution and living-off-the-land cyberattack strategies.

Indian Car-Sharing Firm Zoomcar Latest to Suffer Breach

The company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails.

'HoldingHands' Acts Like a Pickpocket With Taiwan Orgs

Since at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies.

Malicious Chimera Turns Larcenous on Python Package Index

Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks.

Anubis Ransomware-as-a-Service Kit Adds Data Wiper

The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.

Washington Post Staffer Emails Targeted in Cyber Breach

Journalists' Microsoft accounts were breached, which would have given attackers access to emails of staff reporters covering national security, economic policy, and China.

'Water Curse' Targets Infosec Pros Via Poisoned GitHub Repositories

The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware.

Security Is Only as Strong as the Weakest Third-Party Link

Third-party risks are increasing dramatically, requiring CISOs to evolve from periodic assessments to continuous monitoring and treating partner vulnerabilities as their own to enhance organizational resilience.

NIST Outlines Real-World Zero-Trust Examples

SP 1800-35 offers 19 examples of how to implement zero-trust architecture (ZTA) using off-the-shelf commercial technologies.

CISA Reveals 'Pattern' of Ransomware Attacks Against SimpleHelp RMM

A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January.

Cyberattacks on Humanitarian Orgs Jump Worldwide

These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.

New COPPA Rules to Take Effect Over Child Data Privacy Concerns

New regulations and compliance standards for the Children's Online Privacy Protection Act reflect how much technology has grown since the Federal Trade Commission last updated it in 2013.

Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'

Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.

Hacking the Hackers: When Bad Guys Let Their Guard Down

A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.

ConnectWise to Rotate Code-Signing Certificates

The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher.

Agentic AI Takes Over Gartner's SRM Summit

Agentic AI was everywhere at Gartner's Security & Risk Management Summit in Washington, DC, this year, as the AI security product engine chugs ahead at full speed.

Google Bug Allowed Brute-Forcing of Any User Phone Number

The weakness in Google's password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.

PoC Code Escalates Roundcube Vuln Threat

The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.

GitHub: How Code Provenance Can Prevent Supply Chain Attacks

Through artifact attestation and the SLSA framework, GitHub's Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.

United Natural Food's Operations Limp Through Cybersecurity Incident

It's unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company's operations.

Gartner: How Security Teams Can Turn Hype Into Opportunity

During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture.

SIEMs Missing the Mark on MITRE ATT&CK Techniques

CardinalOps' report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.

China-Backed Hackers Target SentinelOne in 'PurpleHaze' Attack Spree

Known threat groups APT15 and UNC5174 unleashed attacks against SentinelOne and more than 70 other high-value targets, as part of ongoing cyber-espionage and other malicious activity involving ShadowPad malware.

Docuseries Explores Mental, Physical Hardships of CISOs

During "CISO: The Worst Job I Ever Wanted," several chief information security officers reveal how difficult it is to be in a role that, despite being around for decades, remains undefined.

BADBOX 2.0 Targets Home Networks in Botnet Campaign, FBI Warns

Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices.

'PathWiper' Attack Hits Critical Infrastructure In Ukraine

Cisco Talos researchers observed the new wiper malware in a destructive attack against an unnamed critical infrastructure organization.

Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud

The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.

Backdoored Malware Reels in Newbie Cybercriminals

Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.

35K Solar Devices Vulnerable to Potential Hijacking

A little more than three-quarters of these exposed devices are located in Europe, followed by Asia, with 17%.

Vishing Crew Targets Salesforce Data

A group Google is tracking as UNC6040 has been tricking users into installing a malicious version of a Salesforce app to gain access to and steal data from the platform.

How Neuroscience Can Help Us Battle 'Alert Fatigue'

By understanding the neurological realities of human attention, organizations can build more sustainable security operations that protect not only their digital assets but also the well-being of those who defend them.

Researchers Bypass Deepfake Detection With Replay Attacks

An international group of researchers found that simply rerecording deepfake audio with natural acoustics in the background allows it to bypass detection models at a higher-than-expected rate.

Chrome Drops Trust for Chunghwa, Netlock Certificates

Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.

LummaC2 Fractures as Acreed Malware Becomes Top Dog

LummaC2 formerly accounted for almost 92% of Russian Market's credential theft log alerts. Now, the Acreed infostealer has replaced its market share.

LummaC2 Fractures as Acreed Malware Becomes Top Dog

LummaC2 formerly accounted for almost 92% of Russian Market's credential theft log alerts. Now, the Acreed infostealer has replaced its market share.

Beyond the Broken Wall: Why the Security Perimeter Is Not Enough

Organizations need to abandon perimeter-based security for data-centric protection strategies in today's distributed IT environments.

EMR-ISAC Shuts Down: What Happens Now?

The Emergency Management and Response - Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations.

Exploitation Risk Grows for Critical Cisco Bug

New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.

Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak

An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.

Critical Bugs Could Spark Takeover of Widely Used Fire Safety OT/ICS Platform

The unpatched security vulnerabilities in Consilium Safety's CS5000 Fire Panel could create "serious safety issues" in environments where fire suppression and safety are paramount, according to a CISA advisory.

In the AI Race With China, Don't Forget About Security

The US needs to establish a clear framework to provide reasonable guardrails to protect its interests — the quicker, the better.

'Earth Lamia' Exploits Known SQL, RCE Bugs Across Asia

A "highly active" Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.

FBI Warns of Filipino Tech Company Running Sprawling Crypto Scams

The US Treasury said cryptocurrency investment schemes like the ones facilitated by Funnull Technology Inc. have cost Americans billions of dollars annually.

SentinelOne Reports Services Are Back Online After Global Outage

The outage reportedly hit 10 commercial customer consoles for SentinelOne's Singularity platform, including Singularity Endpoint, XDR, Cloud Security, Identity, Data Lake, RemoteOps, and more.

Zscaler's Buyout of Red Canary Shows Telemetry's Value

Red Canary's MDR portfolio complements Zscaler's purchase last year of Israeli startup Avalor, which automates collection, curation, and enrichment of security data.

LexisNexis Informs 360K+ Customers of Third-Party Data Leak

While the leak affected customer data, LexisNexis said in a notification letter that its products and systems were not compromised.

PumaBot Targets Linux Devices in Latest Botnet Campaign

While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated.

CISA Issues SOAR, SIEM Implementation Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC) recommend that organizations conduct thorough testing and manage costs, which can be hefty, before implementing the platforms.

'Haozi' Gang Sells Turnkey Phishing Tools to Amateurs

The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.

Hundreds of Web Apps Have Full Access to OneDrive Files

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.

Implementing Secure by Design Principles for AI

Harnessing AI's full transformative potential safely and securely requires more than an incremental enhancement of existing cybersecurity practices. A Secure by Design approach represents the best path forward.

MathWorks, Creator of MATLAB, Confirms Ransomware Attack

The attack dirsupted MathWorks' systems and online applications, but it remains unclear which ransomware group targeted the software company and whether they stole any data.

Danabot Takedown Deals Blow to Russian Cybercrime

A multiyear investigation by a public-private partnership has resulted in the seizure of the botnet's US-based infrastructure and indictments for its key players, significantly disrupting a vast cybercriminal enterprise.

CVE Uncertainty Underlines Importance of Cyber Resilience

Organizations need to broaden their strategy to manage vulnerabilities more effectively and strengthen network cyber resilience.

Russian Threat Actor TAG-110 Goes Phishing in Tajikistan

While Ukraine remains Russia's major target for cyberattacks, TAG-110 is part of a strategy to preserve "a post-Soviet sphere of influence" by embedding itself in other countries' infrastructures.

3am Ransomware Adopts Email Bombing, Vishing Combo Attack

The emerging threat group is the latest to adopt the combo attack tactic, which Black Basta and other groups already are using to gain initial access for ransomware deployment.

Blurring Lines Between Scattered Spider and Russian Cybercrime

The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider's ties to the Russian cybercrime underground.

CISA: Russia's Fancy Bear Targeting Logistics, IT Firms

The mission is to gather information that could help Russia in its war against Ukraine.

Pandas Galore: Chinese Hackers Boost Attacks in Latin America

Vixen Panda, Aquatic Panda — both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike.

Unimicron, Presto Attacks Mark Industrial Ransomware Surge

A number of major industrial organizations suffered ransomware attacks last quarter, such as PCB manufacturer Unimicron, appliance maker Presto, and more — a harbinger of a rapidly developing and diversifying threat landscape.

Coinbase Breach Compromises Nearly 70K Customers' Information

Coinbase asserts that this number is only a small fraction of the number of its verified users, though its still offering a $20 million reward to catch the criminals.

Fake Kling AI Malvertisements Lure Victims With False Promises

Researchers noted that they found several similar websites, two of which are still operating and require the same kind of behavior on behalf of the victim.

Virgin Media 02 Vuln Exposes Call Recipient Location

A hacker exploiting the security flaw in the mobile provider's network could have potentially located a call recipient with accuracy of up to 100 square meters.

Tenable Adds Third-Party Connectors to Exposure Management Platform

TenableOne now pulls in data from AWS, Microsoft, and competitors to provide a holistic security view of the organization's attack surface.

Regeneron Pledges Privacy Protection in $256M Bid for 23andMe

Regeneron's acquisition of 23andMe raises significant privacy concerns as experts warn about the lack of comprehensive federal regulations governing the transfer of genetic information.

Why Rigid Security Programs Keep Failing

Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.

'Operation RoundPress' Targets Ukraine in XSS Webmail Attacks

A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities.

Legal Aid Agency Warns Lawyers, Defendants on Data Breach

The online service has since been shut down as the agency grapples with the cyberattack, though it assures the public that those most in need of legal assistance will still be able to access help.

CVE Disruption Threatens Foundations of Defensive Security

If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.

Australian Human Rights Commission Leaks Docs in Data Breach

An internal error led to public disclosure of reams of sensitive data that could be co-opted for follow-on cyberattacks.

Attacker Specialization Puts Threat Modeling on Defensive

Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.

Big Steelmaker Halts Operations After Cyber Incident

Nucor made it clear its investigation is still in the early stages and didn't specify the nature or scope of the breach, nor who the threat actor might be.

International Crime Rings Defraud US Gov't Out of Billions

Fraudsters worldwide apply for money from the US government using stolen and forged identities, making off with hundreds of billions of dollars annually.

Attackers Target Samsung MagicINFO Server Bug, Patch Now

CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.

Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks

As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.

Using a Calculator to Take Guesswork Out of Measuring Cyber-Risk

Organizations face the complex challenge of accurately measuring their cyber-risk across multiple variables. Resilience's risk calculator tool can help organizations measure their cyber-risk based on their own factors so that they can make informed decisions about their security posture.

AI Agents May Have a Memory Problem

A new study by researchers at Princeton University and Sentient shows it's surprisingly easy to trigger malicious behavior from AI agents by implanting fake "memories" into the data they rely on for making decisions.

Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack

The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against "a very limited number of customers" — for now — and stem from open source libraries.

Chinese Actor Hit Taiwanese Drone Makers, Supply Chains

Tidrone concentrated on military entities and the satellite sector, using their associated service providers and ERP software to infect not just drones but all the entities that are part of their supply chains.

What Does EU's Bug Database Mean for Vulnerability Tracking?

The EU cyber agency ENISA has launched its vulnerability database, the EUVD; security experts shared their thoughts regarding what this means for CVEs, as well as the larger conversation around how bugs are tracked.

CISA Warns of TeleMessage Vuln Despite Low CVSS Score

Though the app claims to use end-to-end encryption, hackers have reportedly accessed archived data on the app's servers via a new vulnerability.

North Korea's TA406 Targets Ukraine for Intel

The threat group's goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more.

Attackers Lace Fake Generative AI Tools With 'Noodlophile' Malware

Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim's computer.

4 Hackers Arrested After Millions Made in Global Botnet Business

The cybercriminals infected older wireless Internet routers with Anyproxy and 5socks malware in order to reconfigure them — all without the users' knowledge.

Can Cybersecurity Keep Up In the AI Arms Race?

New research shows China is quickly catching up with the US in AI innovation. Experts weigh in on what it means for cyber defenders.

Vulnerability Detection Tops Agentic AI at RSAC's Startup Competition

Agentic-native startups threaten to reduce the zero-day problem to just a zero-hour issue. Of course, AI agents will accelerate offensive attacks as well.

New UK Security Guidelines Aims to Reshape Software Development

The voluntary Software Security Code of Practice is the latest initiative to come out of the United Kingdom to boost best practices in application security and software development.

After Pahalgam Attack, Hacktivists Unite Under #OpIndia

Cybercriminals are flocking to take part in the newly inflamed fight between India and Pakistan.

LockBit Ransomware Gang Hacked, Operations Data Leaked

Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.

Cyber Then & Now: Inside a 2-Decade Industry Evolution

On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI.

Commvault: Vulnerability Patch Works as Intended

The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.

How Security Has Changed the Hacker Marketplace

Your ultimate goal shouldn't be security perfection — it should be making exploitation of your organization unprofitable.

SonicWall Issues Patch for Exploit Chain in SMA Devices

Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.

Email-Based Attacks Top Cyber-Insurance Claims

Cyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024.

Operation PowerOFF Takes Down 9 DDoS-for-Hire Domains

Four different countries, including the United States and Germany, were included in the latest international operation alongside Europol's support.

Meta Wins Lawsuit Against Spyware Vendor NSO Group

The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.

Play Ransomware Group Used Windows Zero-Day

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

'Bring Your Own Installer' Attack Targets SentinelOne EDR

Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.

Infrastructure as Code: An IaC Guide to Cloud Security

IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.

Researcher Says Patched Commvault Bug Still Exploitable

CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.

'Easily Exploitable' Langflow Vulnerability Requires Immediate Patching

The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.

The Dark Side of Digital: Breaking The Silence on Youth Mental Health

Industry experts at RSAC 2025 call for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about internet anonymity, mental health, and the growing disconnect between generations.

'Venom Spider' Targets Hiring Managers in Phishing Scheme

Researchers from Arctic Wolf Labs detailed a new spear-phishing campaign that targets hiring managers and recruiters by posing as a job seeker.

Phony Hacktivist Pleads Guilty to Disney Data Leak

After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists' rights and ensuring they receive fair compensation for their work.

How to Prevent AI Agents From Becoming the Bad Guys

When designed with strong governance principles, AI can drive innovation while maintaining the people's trust and security.

What NYDFS Rules Mean for Businesses (in and outside of NY)

Starting this month, finance companies operating in New York must implement a variety of protections against unauthorized access to IT systems.

Enterprises Need to Beware of These 5 Threats

A panelist of SANS Institute leaders detailed current threats and provided actionable steps for enterprises to consider.

SANS Top 5: Cyber Has Busted Out of the SOC

This year's top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI's capabilities.

Experts Debate Real ID Security Ahead of May 7 Deadline

Real IDs have been in the works since 2005. Are their security standards still rigorous enough in 2025?

Getting Outlook.com Ready for Bulk Email Compliance

Microsoft has set May 5 as the deadline for bulk email compliance. In this Tech Tip, we show how organizations can still make the deadline.

Former CISA Head Slams Trump Admin Over 'Loyalty Mandate'

Jen Easterly, former director of CISA, discussed the first 100 days of the second Trump administration and criticized the president's "mandate for loyalty" during a panel at RSAC 2025.

TheWizards APT Casts a Spell on Asian Gamblers With Novel Attack

A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications.

NVIDIA's AI Security Offering Protects From Software Landmines

NVIDIA's DOCA Argus prevents attacks before they compromise AI architectures.

Many Fuel Tank Monitoring Systems Vulnerable to Disruption

Thousands of automatic tank gauge (ATG) devices are accessible over the Internet and are just "a packet away" from compromise, security researcher warns at 2025 RSAC Conference.

From Mission-Centric to People-Centric: Competitive Leadership in Cyber

Making a case for empathy in cyber-leadership roles as a strategic business advantage.

Hacking in Space: Not as Tough as You Might Think

Barbara Grofe, space asset security architect at Spartan Corp, discussed the realities of hacking in space, and the outlook is not pie-in-the-sky.

Risks of Using AI Models Developed by Competing Nations

The current offline/open source model boom is unstoppable. Its impact depends on how well the risks are managed today.

Windows Backdoor Targets Members of Exiled Uyghur Community

A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China's continued cyber-espionage activity against the ethnic minority.

Vulnerability Exploitation Is Shifting in 2024-25

The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.

SAP NetWeaver Visual Composer Flaw Under Active Exploitation

CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.

AI, Automation, and Dark Web Fuel Evolving Threat Landscape

Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.

Forget the Stack; Focus on Control

Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed.

DoJ Data Security Program Highlights Data Sharing Challenges

The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.

Digital Twins Bring Simulated Security to the Real World

By simulating business environments or running software, while incorporating real-time data from production systems, companies can model the impact of software updates, exploits, or disruptions.

'SessionShark' ToolKit Evades Microsoft Office 365 MFA

The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it's anything but.

Max-Severity Commvault Bug Alarms Researchers

Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers.

NFC-Powered Android Malware Enables Instant Cash-Outs

Researchers at security vendor Cleafy detailed a malware known as "SuperCard X" that uses the NFC reader on a victim's own phone to steal credit card funds instantly.

FBI: Cybercrime Losses Rocket to $16.6B in 2024

The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report.

North Korean Operatives Use Deepfakes in IT Job Interviews

Use of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations.

Japan Warns on Unauthorized Stock Trading via Stolen Credentials

Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they've been hacked.

Kubernetes Pods Are Inheriting Too Many Permissions

Scalable, effective — and best of all, free — securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS.

Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558

The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT's breach of its Exchange Online environment in 2023.

3 More Healthcare Orgs Hit by Ransomware Attacks

Dialysis firm DaVita, Wisconsin-based Bell Ambulance, and Alabama Ophthalmology Associates all suffered apparent or confirmed ransomware attacks this month.

'Cookie Bite' Entra ID Attack Exposes Microsoft 365

A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.

'Elusive Comet' Attackers Use Zoom to Swindle Victims

The threat actor uses sophisticated social engineering techniques to infect a victim's device, either with an infostealer or remote access Trojan (RAT).

Nation-State Threats Put SMBs in Their Sights

Cyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.

Can Cybersecurity Weather the Current Economic Chaos?

Cybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession.

Nation-State Threats Put SMBs in Their Sights

Cyberthreat groups increasingly see small and medium businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.

ASUS Urges Users to Patch AiCloud Router Vuln Immediately

The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.

The Global AI Race: Balancing Innovation and Security

The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.

Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved

Attackers and Defenders Lean on AI in Identity Fraud Battle

Identity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.

Chinese APT Mustang Panda Debuts 4 New Attack Tools

The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.

If Boards Don't Fix OT Security, Regulators Will

Around the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won't drive up security maturity for operational technology unless they're made to.

PromptArmor Launches to Help Assess, Monitor Third-Party AI Risks

The AI security startup has already made waves with critical vulnerability discoveries and seeks to address emerging AI concerns with its PromptArmor platform.

Android Phones Pre-Downloaded With Malware Target User Crypto Wallets

The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users' wallet addresses with their own.

GPS Spoofing Attacks Spike in Middle East, Southeast Asia

An Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border.

China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks

Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe.

Ransomware gang 'CrazyHunter' Targets Critical Taiwanese Orgs

Trend Micro researchers detailed an emerging ransomware campaign by a new group known as "CrazyHunter" that is targeting critical sectors in Taiwan.

AI-Powered Presentation Tool Leveraged in Phishing Attacks

Researchers at Abnormal Security said threat actors are using a legitimate presentation and graphic design tool named "Gamma" in phishing attacks.

Hertz Falls Victim to Cleo Zero-Day Attacks

Customer data such as birth dates, credit card numbers and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products.

Hertz Falls Victim to Cleo Zero-Day Attacks

Customer data such as birth dates, credit card numbers and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products.

Are We Prioritizing the Wrong Security Metrics?

True security isn't about meeting deadlines — it's about mitigating risk in a way that aligns with business objectives while protecting against real-world threats.

Threat Intel Firm Offers Crypto in Exchange for Dark Web Accounts

Prodaft is currently buying accounts from five Dark Web forums and offers to pay extra for administrator or moderator accounts. The idea is to infiltrate forums to boost its threat intelligence.

Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution

A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.

A New 'It RAT': Stealthy 'Resolver' Malware Burrows In

A new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it's downright difficult to count them all.

7 RSAC 2025 Cloud Security Sessions You Don't Want to Miss

Some of the brightest minds in the industry will discuss how to strengthen cloud security.

How DigitalOcean Moved Away From Manual Identity Management

DigitalOcean executives describe how they automated and streamlined many of the identity and access management functions which had been previously handled manually.

Morocco Investigates Social Security Agency Data Leak

A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.

Pall Mall Process Progresses but Leads to More Questions

Nations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.

Paper Werewolf Threat Actor Targets Flash Drives With New Malware

The threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.

Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims

The most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.

What Should the US Do About Salt Typhoon?

Security experts weigh in on the problem Salt Typhoon and its hacking of telecoms poses against the United States, including what the US should do and how defenders can protect themselves.

Open Source Poisoned Patches Infect Local Software

Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering "patches" for locally installed programs.

CrushFTP Exploitation Continues Amid Disclosure Dispute

Attacks on a critical authentication bypass flaw in CrushFTP's file transfer product continue this week after duplicate CVEs sparked confusion.

Tariffs May Prompt Increase in Global Cyberattacks

Cybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity.

Oracle Appears to Admit Breach of 2 'Obsolete' Servers

The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case.

China-Linked Hackers Continue Harassing Ethnic Groups With Spyware

Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority.

Aurascape Brings Visibility, Security Controls to Manage AI Applications

New cybersecurity startup Aurascape emerged from stealth today with an AI-native security platform to automate security policies for AI applications.

Microsoft Drops Another Massive Patch Update

A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries.

UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare

Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI's ability to supercharge attacks.

2 Android Zero-Day Bugs Under Active Exploit

Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.

Palo Alto Networks Begins Unified Security Rollout

Cortex Cloud integrates Prisma Cloud with CDR to provide a consolidated security posture management and real-time threat detection and remediation.

ToddyCat APT Targets ESET Bug to Load Silent Malware

Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems.

NIST to Implement 'Deferred' Status to Dated Vulnerabilities

The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD).

Scattered Spider's 'King Bob' Pleads Guilty to Cyber Charges

The 20-year-old was arrested in January 2024 alongside four other group members who carried out related cybercriminal acts, earning them similar charges.

Autonomous, GenAI-Driven Attacker Platform Enters the Chat

"Xanthorox AI" provides a modular GenAI platform for offensive cyberattacks, which supplies a model-agnostic, one-stop shop for developing a range of cybercriminal operations.

Intergenerational Mentoring: Key to Cybersecurity's AI Future

As threats evolve and technology changes, our ability to work together across generations will determine our success.

CISA Warns: Old DNS Trick 'Fast Flux' Is Still Thriving

An old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?

Minnesota Tribe Struggles After Ransomware Attack

Hotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care.

Disclosure Drama Clouds CrushFTP Vulnerability Exploitation

CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack.

Counterfeit Phones Carrying Hidden Revamped Triada Malware

The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.

Runtime Ventures Launches New Fund for Seed, Pre-Seed Startups

Co-founders Michael Sutton and David Endler raised $32 million to invest in early stage cybersecurity startups as well as to provide mentoring support.

New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers

Merchants and retailers will now face penalties for not being compliant with PCI DSS 4.0.1, and the increased security standards make it clear they cannot transfer compliance responsibility to third-party service providers.

Israel Enters 'Stage 3' of Cyber Wars With Iran Proxies

While Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication.

DPRK 'IT Workers' Pivot to Europe for Employment Scams

By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers.

In Salt Typhoon's Wake, Congress Mulls Potential Options

While the House Committee on Government Reform was looking for retaliatory options, cybersecurity experts pointed them toward building better defenses.

Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks

Over the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities.

As CISA Downsizes, Where Can Enterprises Get Support?

In this roundtable, cybersecurity experts — including two former CISA executives — weigh in on alternate sources for threat intel, incident response, and other essential cybersecurity services.

Japan Bolsters Cybersecurity Safeguards With Cyber Defense Bill

The bill will allow Japan to implement safeguards and strategies that have been in use by other countries for some time.

Check Point Disputes Hacker's Breach Claims

The security vendor counters that none of the information came directly from its systems but rather was acquired over a period of time by targeting individuals.

CoffeeLoader Malware Is Stacked With Viscous Evasion Tricks

Next-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns.

DoJ Seizes Over $8M from Sprawling Pig Butchering Scheme

The department was able to trace the stolen funds to three main cryptocurrency accounts after being routed through a series of other platforms.

CISA Warns of Resurge Malware Connected to Ivanti Vuln

Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.

Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware.

GSA Plans FedRAMP Revamp

The General Services Administration is planning to use automation to speed up the process to determine which cloud services federal agencies are allowed to buy.

Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations

SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks

Malaysia PM Refuses to Pay $10M Ransomware Demand

The attack hit the Kuala Lumpur airport over the weekend, and it remains unclear who the threat actors are and what kind of information they may have stolen.

Concord Orthopaedic Notifies Individuals of Security Incident

OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update

The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.

Security Tech That Can Make a Difference During an Attack

The recent report of how Volt Typhoon compromised systems at a water utility highlights security technologies and processes that helped detect the compromise and clean up the network.

DoJ Recovers $5M Lost in BEC Fraud Against Workers' Union

The union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.

Security Tech That Can Make a Difference During an Attack

The recent report of how Volt Typhoon compromised systems at a water utility highlight security technologies and processes that helped detect the compromise and clean up the network.

High-Severity Cloud Security Alerts Tripled in 2024

Attackers aren't just spending more time targeting the cloud — they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.

Security Expert Troy Hunt Lured in by Mailchimp Phish

Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened.

Cybersecurity Gaps Leave Doors Wide Open

Attackers don't always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in.

Public-Private Ops Net Big Wins Against African Cybercrime

Three cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.

South African Poultry Company Reports $1M Loss After Cyber Intrusion

The company reports that no sensitive information was breached or stolen in the cyber intrusion and that its operations are running normally again.

Accused Snowflake Attacker 'Judische' Agrees to US Extradition

Though there is no confirmation as to when this extradition will occur, Alexander Moucka agreed to be transferred in writing before a judge.

Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments

More than 40% of all Internet-facing container orchestration clusters are at risk.

China-Nexus APT 'Weaver Ant' Caught in Yearslong Web Shell Attack

The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.

FCC Investigates China-Backed Tech Suppliers for Evading US Operations Ban

FCC chairman warns these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.

Oracle Denies Claim of Oracle Cloud Breach of 6M Records

A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.

Is the Middle East's Race to Digitize a Threat to Infrastructure?

As the region continues with its ambitious road map, cybersecurity must be woven into every step of the process.

What CISA's Red Team Disarray Means for US Cyber Defenses

DOGE is making wild moves at CISA, including bringing back fired probationary employees only to put them on paid leave, and reportedly gutting the agency's red teams.

Attackers Pivot to SEMrush Spoof to Steal Google Credentials

The attackers are taking an indirect approach to targeting SEO professionals and their Google credentials, using a fake digital marketing website.

Nation-State 'Paragon' Spyware Infections Target Civil Society

Law enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers.

Why Cyber Quality Is the Key to Security

The time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security.

University Competition Focuses on Solving Generative AI Challenges

The Amazon Nova AI Challenge puts student research to the test and aims to bring a new perspective to challenges arising from the increase in AI-assisted software development.

VexTrio Using 20,000 Hacked WordPress Sites in Traffic Redirect Scheme

A massive cybercrime network known as "VexTrio" is using thousands of compromised WordPress sites to funnel traffic through a complex redirection scheme.

Why It's So Hard to Stop Rising Malicious TDS Traffic

Cybersecurity vendors say threat actors' abuse of traffic distribution systems (TDS) is becoming more complex and sophisticated — and much harder to detect and block.

Enterprises Gain Control Over LLM Oversharing With Prompt Security's GenAI Authorization

Infosys Settles $17.5M Class Action Lawsuit After Sprawling Third-Party Breach

Several major companies in the finance sector were impacted by the third-party breach, prompting them to notify thousands of customers of their compromised data.

Women in CyberSecurity and ISC2 Announce the WiCyS + ISC2 Certified in CybersecuritySM Certification Spring Camp

AI Cloud Adoption Is Rife With Cyber Mistakes

Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments.

Google to Acquire Wiz for $32B in Multicloud Security Play

The all-cash deal offers a path for Google to better support cloud customers who have assets spread across public environments, including Azure and others.

Black Basta Leader in League With Russian Officials, Chat Logs Show

Though the chat logs were leaked a month ago, analysts are now seeing that Russian officials may have assisted Black Basta members according, to the shared messages.

Extortion Reboot: Ransomware Crew Threatens Leak to Snowden

Though the group initially stuck to classic ransomware TTPs before demanding the ransom, it went off script when it began threatening the group and detailing potential consequences the victim would face.

Denmark Warns of Increased Cyber Espionage Against Telecom Sector

A new threat assessment from the Danish Civil Protection Authority (SAMSIK) warned of cyberattacks targeting the telecommunications sector after citing a wave of incidents hitting European organizations the past few years.

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.

RansomHub Taps FakeUpdates to Target US Government Sector

A ransomware activity wave using the SocGholish MaaS framework for initial access also has affected banking and consulting firms in the US, Taiwan, and Japan since the beginning of the year.

How 'Open Innovation' Can Help Solve Problems Faster, Better & Cheaper

Cybersecurity is not just a technical challenge but also a very human one. The more humans that organizations can get involved, the more diverse perspectives and experiences that can be tapped into.

How Economic Headwinds Influence the Ransomware Ecosystem

Inflation, cryptocurrency market volatility, and the ability to invest in defenses all influence the impact and severity of a ransomware attack, according to incident response efforts and ransomware negotiators.

Intel’s Secure Data Tunnel Moves AI Training Models to Data Sources

The chip maker's Tiber Secure Federated AI service creates a secure tunnel between AI models on remote servers and data sources on origin systems.

Man-in-the-Middle Vulns Provide New Research Opportunities for Car Security

A pair of researchers plan on detailing effective tools to dig into the effectiveness of vehicle cybersecurity without breaking the bank.

Ransomware Developer Extradited, Admits Working for LockBit

Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.

Threat Actor Tied to LockBit Ransomware Targets Fortinet Users

The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.

Remote Access Infra Remains Riskiest Corp. Attack Surface

Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance.

Consumer Groups Push IoT Security Bill to Address EoL Concerns

Consumer Reports, Secure Resilient Future Foundation (SRFF) and US Public Interest Research Group (PIRG) introduced a model bill to increase transparency around Internet of Things that have reached end-of-life status.

FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow

Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to its numbers of affiliates.

NIST Finalizes Differential Privacy Rules to Protect Data

The National Institute of Standards and Technology (NIST) released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data.

Apple Drops Another WebKit Zero-Day Bug

A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.

Volt Typhoon Strikes Massachusetts Power Utility

The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data.

The CISO as Business Resilience Architect

To truly become indispensable in the boardroom, CISOs need to meet the dual demands of defending against sophisticated adversaries while leading resilience strategies.

Whopping Number of Microsoft Zero-Days Under Attack

The number of zero-day vulnerabilities getting patched in Microsoft's March update is the company's second-largest ever.

'Desert Dexter' Hot Button Facebook Ads Tag Mideast Victims

A Libya-linked threat actor has resurfaced attacking the Middle East and North Africa, using the same old political phishing tricks to deliver AsyncRAT that have worked for years.

'SideWinder' Intensifies Attacks on Maritime Sector

The likely India-based threat group is also targeting logistics companies in a continued expansion of its activities.

Google Pays Out Nearly $12M in 2024 Bug Bounty Program

The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories.

APT 'Blind Eagle' Targets Colombian Government

The South American-based advanced persistent threat group is using an exploit with a "high infection rate," according to research from Check Point.

Ex-Employee Found Guilty in Revenge Kill-Switch Scheme

Clandestine kill switch was designed to lock out other users if the developer's account in the company's Windows Active Directory was ever disabled.

GitHub-Hosted Malware Infects 1M Windows Users

Microsoft has identified a complex, malvertising-based attack chain that delivered Lumma and other infostealers to enterprise and consumer PC users; the campaign is unlikely the last of its kind.

Cybercrime's Cobalt Strike Use Plummets 80% Worldwide

Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers' most prized attack tools, with massive takedowns.

Zero-Days Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks

More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.

Taylor Swift Ticket Thieves Charged in Court for Resale Operation

The pair found a loophole through StubHub's services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars.

'EncryptHub' OPSEC Failures Reveal TTPs & Big Plans

Is EncryptHub the most prolific cybercriminal in recent history? Or, as new information suggests, a bumbling amateur?

Under Pressure: US Charges China's APT-for-Hire Hackers

The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon "secret" APT and APT27, the latter implicated in January's Treasury breach.

Enterprise AI Through a Data Security Lens: Balancing Productivity With Safety

Recently, 57 countries signed an agreement pledging an "open" and "inclusive" approach to AI's development. The US and UK were not among them, with the US vice president implying productivity should be the priority over safety. Should the opportunity for AI to drive innovation and productivity be prioritized over safety and security?

China's Silk Typhoon APT Shifts to IT Supply Chain Attacks

The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.

'Crafty Camel' APT Targets Aviation, OT With Polygot Files

The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE.

Bogus 'BianLian' Gang Sends Snail-Mail Extortion Letters

The letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren't made, though none of the organizations that received them had active ransomware attacks.

Serbian Police Hack Protester's Phone With Cellebrite Exploit Chain

Amnesty International said Serbian police used an exploit chain in tandem with legitimate mobile extraction dongle from vendor Cellebrite in an attack that brings up questions around ethical technology development.

North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds

Fraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it's not about espionage.

Pentagon, CISA Deny Change in US Cyber Policy on Russia

Media reports over the weekend suggested the Trump Administration ordered US Cyber Command and CISA to draw down cyber activities targeting Russia.

Qilin Cybercrime Ring Claims Credit for Lee Newspaper Breach

The ransomware-as-a-service (RaaS) cybercrime group intends to leak the stolen information in just two days, it claims; but oddly, it doesn't seek a ransom payment from its victim.

Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint

A complex campaign allows cyberattackers to take over Windows systems by a combining a ClickFix-style attack and sophisticated obfuscation that abuses legitimate Microsoft services.

EU's New Product Liability Directive & Its Cybersecurity Impact

By proactively addressing liabilities tied to software updates, data loss, and AI technologies, businesses can mitigate risks and achieve compliance.

Latin American Orgs Face 40% More Attacks Than Global Average

Technological adoption, demographics, politics, and uniquely Latin American law enforcement challenges have combined to make the region uniquely fertile for cyberattacks.

Cisco's SnapAttack Deal Expands Splunk's Capabilities

The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting.

Third-Party Risk Top Cybersecurity Claims

Data collected by cyber-insurers show that ransomware accounts for the majority of insurance claims, but that much of the losses stem from third-party breaches affecting policyholders.

Microsoft Busts Hackers Selling Illegal Azure AI Access

LLMjacking operation leveraged illicit access GenAI services to produce explicit celebrity images and other harmful content, Microsoft's digital crimes unit says.

US Soldier Intends to Admit Hacking 15 Telecom Carriers

The federal government views the defendant as a flight risk and danger to the community due to his ability to access sensitive and private information.

Targeted by Ransomware, Middle East Banks Shore Up Security

As the UAE financial sector finished up its annual cyberattack exercise, its worries about ransomware compromises and geopolitical attacks are on the rise.

Cleveland Municipal Court Remains Closed After Cyber Incident

No details yet on what forced the court to shut down affected systems and halt operations as of late Feb. 23.

Nakivo Fixes Critical Flaw in Backup & Replication Tool

The vendor's products fall in a category that ransomware operators like to target to circumvent victims' ability to recover from a successful attack.

Microsoft Rolls Out Fresh Outlook Fix After Faulty Windows Update

Windows 11 users can deploy a workaround or await the update rollout.

Water Utility Co. Still Paying the Breach Price a Year Later

The UK's Southern Water has been forced to shell out millions due to a Black Basta cyberattack, and it has come to light that the total could include a ransom payment.

'Silver Fox' APT Skirts Windows Blocklist in BYOVD Attack

There's an untapped universe of exploitable drivers in the wild today. By exploiting just one of them, attackers were able to defeat security tools and infect Asian citizens with Gh0stRAT.

Name That Toon: Ka-Ching!

Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.