Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The April/May zero-day exploitations of Ivanti's mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT — and history will probably repeat itself.

Contrarians No More: AI Skepticism Is on the Rise

Concerns about an economic bubble bursting, along with doubts regarding return on investment, suggest the tide may be turning for the artificial intelligence industry.

Cybersecurity Predictions 2026: An AI Arms Race and Malware Autonomy

The year ahead will see an intensified AI-driven cybersecurity arms race, with attackers leveraging autonomous malware and advanced AI technologies to outpace defenders, while security teams adopt increasingly sophisticated AI tools to combat evolving threats amidst growing vendor consolidation and platformization in the industry.

New Tech Deployments Cyber Insurers Recommend for 2026

An analysis of cyber-insurance claims data shows which cyber defenses actually work for policyholders. Here are six technologies that will pay off for companies in 2026.

Dark Reading Confidential: Stop Secrets Creep Across Developer Platforms

Dark Reading Confidential Episode 13: Developers are exposing their organizations' most sensitive information; our guests explain why it's happening and how to stop it.

5 Threats That Defined Security in 2025

2025 included a number of monumental threats, from the global attacks of Salt Typhoon to dangerous vulnerabilities like React2Shell.

Mentorship and Diversity: Shaping the Next Generation of Cyber Experts

Patricia Voight, CISO at Webster Bank, shares her expertise on advancing cybersecurity careers, combating financial crimes, and championing diversity in a rapidly changing industry.

As More Coders Adopt AI Agents, Security Pitfalls Lurk in 2026

Developers are leaning more heavily on AI for code generation, but in 2026, the development pipeline and security need to be prioritized.

Dark Reading Opens The State of Application Security Survey

Take part in the new survey from Dark Reading and help uncover trends, challenges, and solutions shaping the future of application security.

ServiceNow Buys Armis for $7.75B, Gets 'AI Control Tower'

The latest cybersecurity acquisition will help further ServiceNow's plans for autonomous cybersecurity and building a security stack to proactively manage AI.

Sprawling 'Operation Sentinel' Neutralizes African Cybercrime Syndicates

Interpol said law enforcement across 19 countries made 574 arrests and recovered $3 million, against a backdrop of spiraling cybercrime in the region, including business email compromise, digital extortion, and ransomware schemes.

Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices

With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks.

Uzbek Users Under Attack by Android SMS Stealers

Telegram users in Uzbekistan are being targeted with Android SMS stealer malware, and what's worse, the attackers are improving their methods.

Cisco VPNs, Email Services Hit in Separate Threat Campaigns

The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart.

LongNosedGoblin Caught Snooping on Asian Governments

New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan.

Identity Fraud Among Home Care Workers Puts Patients at Risk

Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication.

A Good Year for North Korean Cybercriminals

North Korea shifted its strategy to patiently target "bigger fish" for larger payouts, using sophisticated methods to execute attacks at opportune times.

SonicWall Edge Access Devices Hit by Zero-Day Attacks

In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year.

"Fake Proof" and AI Slop Hobble Defenders

In the React2Shell saga, non-working and trivial proof-of-concept exploits led to confusion and perhaps a false sense of security. Can the onslaught of PoCs be tamed?

Critical Fortinet Flaws Under Active Attack

Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and other sensitive information.

In Cybersecurity, Claude Leaves Other LLMs in the Dust

Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.

'Cellik' Android RAT Leverages Google Play Store

The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.

Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation

Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.

Russia Hits Critical Orgs Via Misconfigured Edge Devices

Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector.

Browser Extension Harvests 8M Users' AI Chatbot Data

Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot and other AI assistants.

Enterprises Gear Up for 2026’s IT Transformation

Experts predict big changes are coming for IT infrastructure in 2026 driven by AI adoption, hybrid cloud strategies, and evolving security demands.

How Cyber Insurance MGAs Shape Policies for Evolving Cyber Risks

Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with.

Apple Patches More Zero-Days Used in 'Sophisticated' Attack

Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.

Think Like an Attacker: Cybersecurity Tips From Cato Networks' CISO

Etay Mayor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity.

Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files

A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.

Microsoft Will Bundle Security Copilot with M365 Enterprise Licenses

The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.

Are Trade Concerns Trumping US Cybersecurity?

The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.

Encouraging Industry Voices to Write for the Commentary Section

Dark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.

Hamas-Linked Hackers Probe Middle Eastern Diplomats

Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.

Attackers Exploited Gogs Zero-Day Flaw for Months

Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.

AI in OT Sparks Cascade of Complex Challenges

Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.

Copilot's No-Code AI Agents Liable to Leak Company Data

Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.

Storm-0249 Abuses EDR Processes in Stealthy Attacks

The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.

ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery

A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' computers.

Japanese Firms Suffer Long Tail of Ransomware Damage

Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.

Microsoft Fixes Exploited Zero Day in Light Patch Tuesday

Proof-of-concept exploit code is publicly available for two other flaws in this month's Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year.

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target.

Analysts Warn of Cybersecurity Risks in Humanoid Robots

Think "Blade Runner," but the robots can be hacked more easily than your home computer.

Gemini Enterprise No-Click Flaw Exposes Sensitive Data

Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information.

Exploitation Activity Ramps Up Against React2Shell

Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw.

US Treasury Tracks $4.5B in Ransom Payments since 2013

The US Treasury's Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time.

‘Broadside’ Mirai Variant Targets Maritime Logistics Sector

'Broadside' is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.

A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

When hiring a CISO, understand the key difference between engineering and holistic security leaders.

India Rolls Back App Mandate Amid Surveillance Concerns

Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn't a good idea.

CISOs Should Be Asking These Quantum Questions Today

As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.

How Agentic AI Can Boost Cyber Defense

Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference.

CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks

State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.

CISA Publishes Security Guidance for Using AI in OT

Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.

GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event

Arizona AG Sues Temu Over 'Stealing' User Data

The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.

New Raptor Framework Uses Agentic Workflows to Create Patches

Researchers utilized prompts and large language models to develop an open-source AI framework capable of generating both vulnerability exploits and patches.

China Researches Ways to Disrupt Satellite Internet

While satellite constellations — such as Starlink — are resilient, 2,000 drones could cut communications to a region the size of Taiwan, researchers find.

Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor

New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations.

Researchers Use Poetry to Jailbreak AI Models

When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase.

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.

Tomiris Unleashes 'Havoc' With New Tools, Tactics

The Russian-speaking group is targeting government and diplomatic entities in CIS member states and Central Asia in its latest cyber-espionage campaign.

CodeRED Emergency Alert Platform Shut Down Following Cyberattack

The Inc ransomware gang took responsibility for the attack earlier this month and claimed it stole sensitive subscriber data.

Police Disrupt 'Cryptomixer,' Seize Millions in Crypto

Multiple European law enforcement agencies recently disrupted Cryptomixer, a service allegedly used by cybercriminals to launder ill-gotten gains from ransomware and other cyber activities.

Shai-hulud 2.0 Variant Threatens Cloud Ecosystem

The latest attack from the self-replicating, npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure.

How Malware Authors Are Incorporating LLMs to Evade Detection

Cyberattackers are integrating large language models (LLMs) into the malware, running prompts at runtime to evade detection and augment their code on demand.

'Dark LLMs' Aid Petty Criminals, But Underwhelm Technically

As in the wider world, AI is not quite living up to the hype in the cyber underground. But it's definitely helping low-level cybercriminals do competent work.

DPRK's FlexibleFerret Tightens macOS Grip

The actor behind the "Contagious Interview" campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users.

Advanced Security Isn't Stopping Ancient Phishing Tactics

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures.

As Gen Z Enters Cybersecurity, Jury Is Out on AI's Impact

Despite possibly supplanting some young analysts, one Gen Z cybersecurity specialist sees AI helping teach those willing to learn and removing drudge work.

Infamous Shai-hulud Worm Resurfaces From the Depths

This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said.

CISOs Get Real About Hiring in the Age of AI

Dark Reading Confidential Episode 12: Experts help cyber job seekers get noticed, make an argument for a need to return to the hacker ethos of a bygone era, and have a stark conversation about keeping AI from breaking the sector's talent pipeline for years to come.

Cloudflare's One-Stop-Shop Convenience Takes Down Global Digital Economy

Even the most advanced systems like Cloudflare can fall victim to software issues and become a global point of failure, Dr. David Utzke argues, adding that the recent outage should be a warning for enterprises.

Hack the Hackers: 6 Laws for Staying Ahead of the Attackers

A new security framework responds to a shift in attackers' tactics, one that allows them to infiltrate enterprises 'silently' through their own policies.

Inside Iran's Cyber Objectives: What Do They Want?

The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.

Chinese APT Infects Routers to Hijack Software Updates

A unique take on the software update gambit has allowed "PlushDaemon" to evade attention as it mostly targets Chinese organizations.

Same Old Security Problems: Cyber Training Still Fails Miserably

Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and phishing attacks.

‘Matrix Push’ C2 Tool Hijacks Browser Notifications

Have you ever given two seconds of thought to a browser notification? No? That's what hackers bent on phishing are counting on.

US Creates 'Strike Force' to Take Out SE Asian Scam Centers

The collaborative effort combines multiple federal departments, along with private companies to reduce, if not eliminate, billions lost annually to fraud.

The AI Attack Surface: How Agents Raise the Cyber Stakes

Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks.

Can a Global, Decentralized System Save CVE Data?

As vulnerabilities in the Common Vulnerabilities and Exposures ecosystem pile up, one Black Hat Europe presenter hopes for a global, distributed alternative.

Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam

A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.

Bug Bounty Programs Rise as Key Strategic Security Solutions

Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.

US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns

Four individuals admitted to assisting foreign IT workers in gaining employment at US companies by providing false identities and remote access to employer-owned laptops.

Cursor Issue Paves Way for Credential-Stealing Attacks

Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.

150,000 Packages Flood NPM Registry in Token Farming Campaign

A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz protocol.

Shadow Program Gives AWS Exec New Security Lens

Sara Duffer highlights the top lessons she brought back to her security role following three years in Amazon's shadow program.

Identity Governance and Administration, App Proliferation, and the App Integration Chasm

Most enterprises use more than 1,000 apps, according to ESG research, yet about half are integrated with IGA. Industry innovations enable teams to expand app coverage and get more IGA value.

How CISOs Can Best Work with CEOs and the Board: Lessons from the Field

To build an effective relationship with the CEO and the Board, CISOs must translate technical risks into business terms and position cybersecurity as a strategic business enabler rather than just a business function.

[Dark Reading Virtual Event] Cybersecurity Outlook 2026

Kenya Kicks Off 'Code Nation' With a Nod to Cybersecurity

The African country aims to train 1 million workers in tech skills in the short term, with a focus on software engineering, cybersecurity, and data science.

Google Looks to Dim 'Lighthouse' Phishing-as-a-Service Op

The phishing kit, run by a group known as the "Smishing Triad," has powered massive amounts of unpaid tolls and package tracking texts.

Microsoft Exchange 'Under Imminent Threat', Act Now

Threats against Microsoft Exchange continue to mount, but there are steps both organizations and Microsoft can take.

Phishing Tool Uses Smart Redirects to Bypass Detection

A campaign against Microsoft 365 users leverages Quantum Route Redirection, which simplifies previously technical attack steps and has affected victims across 90 countries.

Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs

Security teams may have a less burdensome rollout in November after October's Goliath Patch Tuesday, but shouldn't wait on a few top-priority fixes.

Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity

Cybercriminals are weaponizing AI voice cloning and publicly available data to craft social engineering scams that emotionally manipulate senior citizens—and drain billions from their savings.

Kimsuky APT Takes Over South Korean Androids, Abuses KakaoTalk

Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices.

Bridging the Skills Gap: How Military Veterans Are Strengthening Cybersecurity

From intelligence analysts to surface warfare officers, military veterans of all backgrounds are successfully pivoting to cybersecurity careers and strengthening the industry's defense capabilities.

GlassWorm Returns, Slices Back into VS Code Extensions

GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices around the world.

ClickFix Campaign Targets Hotels, Spurs Secondary Customer Attacks

Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch a phishing attacks against customers via both email and WhatsApp.

'Landfall' Malware Targeted Samsung Galaxy Users

The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices.

Microsoft Backs Massive AI Push in UAE, Raising Security Concerns

In partnership with Emirates tech company G42, Microsoft is building the first stage of a 5-gigawatt US-UAE AI campus using Nvidia GPUs.

Ollama, Nvidia Flaws Put AI Infrastructure at Risk

Security researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code execution.

Sora 2 Makes Videos So Believable, Reality Checks Are Required

Threat actors will continue to abuse deepfake technology to conduct fraudulent activity, so organizations need to implement strong security protocols – even if it adds to user friction.

SonicWall Firewall Backups Stolen by Nation-State Actor

The network security vendor said the MySonicWall breach was unrelated to the recent wave of Akira ransomware attacks targeting the company's devices.

Multiple ChatGPT Security Bugs Allow Rampant Data Theft

Attackers can use them to inject arbitrary prompts, exfiltrate personal user information, bypass safety mechanisms, and take other malicious actions.

APT 'Bronze Butler' Exploits Zero-Day to Root Japan Orgs

A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses.

Nikkei Suffers Breach Via Slack Compromise

The Japanese media giant said thousands of employee and business partners were impacted by an attack that compromised Slack account data and chat histories.

Elusive Iranian APT Phishes Influential US Policy Wonks

Iran is spying on American foreign policy influencers. But exactly which of its government's APTs is responsible remains a mystery.

Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users

The well-known North Korean threat group continues to improve the obfuscation and anti-analysis features of its attack toolchain.

Europe Sees Increase in Ransomware, Extortion Attacks

European organizations face an escalating cyber threat landscape as attackers leverage geopolitical tensions and AI-enhanced social engineering for attacks.

SesameOp Backdoor Uses OpenAI API for Covert C2

Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways.

Android Malware Mutes Alerts, Drains Crypto Wallets

Android/BankBot-YNRK is currently targeting users in Indonesia by masquerading as legitimate applications.

Hackers Weaponize Remote Tools to Hijack Cargo Freight

Researchers uncovered a new threat campaign in which attackers use RMM tools to steal physical cargo out of the supply chain.

‘TruffleNet’ Attack Wields Stolen Credentials Against AWS

Reconnaissance and BEC are among the malicious activities attackers commit after compromising cloud accounts, using a framework based on the TruffleHog tool.

Let's Get Physical: A New Convergence for Electrical Grid Security

The power grid is being attacked online and IRL. Increasingly, regulators and industry experts agree: Security teams need to focus on both cyber and physical threats, together.

AI Developed Code: 5 Critical Security Checkpoints for Human Oversight

To write secure code with LLMs developers must have the skills to use AI as a collaborative assistant rather than an autonomous tool, Madou argues.

Ribbon Communications Breach Marks Latest Telecom Attack

The US telecom company disclosed that suspected nation-state actors first gained access to its network in December of last year, though it's unclear if attackers obtained sensitive data.

Cyber's Role in the Rapid Rise of Digital Authoritarianism

Dark Reading Confidential Episode 11: Enterprise cyber teams are in prime position to push back against our current "Golden Age of Surveillance," according to our guests Ronald Deibert from Citizen Lab and David Greene from the EFF.

LotL Attack Hides Malware in Windows Native AI Stack

Security programs trust AI data files, but they shouldn't: they can conceal malware more stealthily than most file types.

The AI Trust Paradox: Why Security Teams Fear Automated Remediation

Security teams invest in AI for automated remediation but hesitate to trust it fully due to fears of unintended consequences and lack of transparency.

AI Search Tools Easily Fooled by Fake Content

New research shows AI crawlers like Perplexity, Atlas, and ChatGPT are surprisingly easy to fool.

Dentsu Subsidiary Breached, Employee Data Stolen

A subsidiary of Japanese marketing and PR giant Dentsu lost sensitive data to unidentified threat actors, the parent company said.

Microsoft Security Change for Azure VMs Creates Pitfalls

Firms using Azure infrastructure gained a reprieve from a security-focused switch that could have broken apps that relied on public Internet access.

From Power Users to Protective Stewards: How to Tune Security Training for Specialized Employees

How the best security training programs build strong security culture by focusing on high-risk groups like developers, executives, finance pros and more.

Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa

Africa becomes a proving ground for AI-driven phishing, deepfakes, and impersonation, with attackers testing techniques against governments and enterprises.

From Chef to CISO: An Empathy-First Approach to Cybersecurity Leadership

Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership.

Oracle EBS Attack Victims May Be More Numerous Than Expected

Numerous organizations have been attacked via Oracle EBS zero-day CVE-2025-61882, and evidence suggests more like Schneider Electric could be on that list.

Attackers Sell Turnkey Remote Access Trojan 'Atroposia'

Atroposia, a new RAT malware, offers low-level cybercriminal affiliates the ability to utilize sophisticated stealth and persistence capabilities.

'Jingle Thief' Highlights Retail Cyber Threats

A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season.

Memento Spyware Tied to Chrome Zero-Day Attacks

While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team.

CISOs Finally Get a Seat at the Board's Table — But There's a Catch

AI's explosive growth has lifted cybersecurity to the top of the board's agenda. Here's how CISOs can seize the moment, according to Diana Kelley.

Qilin Targets Windows Hosts With Linux-Based Ransomware

The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats.

How CISA Layoffs Weaken Civilian Cyber Defense

Cyber teams need to get to work backfilling diminishing federal resources, according to Alexander Garcia-Tobar, who shares clear steps on a path forward for protecting enterprises with less CISA help.

Shutdown Sparks 85% Increase in US Government Cyberattacks

Attackers are pouncing on financially strapped US government agencies and furloughed employees. And the effects of this period might be felt for a long time hereafter.

US Crypto Bust Offers Hope in Battle Against Cybercrime Syndicates

A $14 billion seizure by US investigators presents a warning for cybercriminals' reliance on bitcoin but is still a positive development for the cryptocurrency industry.

Tired of Unpaid Toll Texts? Blame the 'Smishing Triad'

Chinese smishers — the bane of every American with a phone — have been shifting to lower-frequency, possibly higher-impact government impersonation attacks.

Asian Nations Ramp Up Pressure on Cybercrime 'Scam Factories'

After a particularly gruesome murder, South Korea issues "code black" travel ban for several regions in Cambodia, while other nations urge more raids.

Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl

Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.

WhatsApp Secures Ban on NSO Group After 6-Year Legal Battle

NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.

MuddyWater Targets 100+ Gov Entities in MEA with Phoenix Backdoor

The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros.

Verizon: Mobile Blindspot Leads to Needless Data Breaches

People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.

Electronic Warfare Puts Commercial GPS Users on Notice

Interference with the global positioning system (GPS) isn't just a problem for airlines, but for shipping, trucking, car navigation, agriculture, and even the financial sector.

Self-Propagating GlassWorm Attacks VS Code Supply Chain

The sophisticated worm — which uses invisible code to steal credentials and turn developer systems into criminal proxies — has so far infected nearly 36k machines.

Flawed Vendor Guidance Exposes Enterprises to Avoidable Risk

Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues.

Cyber Academy Founder Champions Digital Safety for All

Aliyu Ibrahim Usman, founder of the Cyber Cadet Academy in Nigeria, shares his passion for raising cybersecurity awareness in the wake of mounting security concerns worldwide.

Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates

Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks.

AI Agent Security: Whose Responsibility Is It?

The shared responsibility model of data security, familiar from cloud deployments, is key to agentic services, but cybersecurity teams and corporate users often struggle with awareness and managing that risk.

AI Chat Data Is History’s Most Thorough Record of Enterprise Secrets, Secure it Wisely

AI interactions are becoming one of the most revealing records of human thinking; and we're only beginning to understand what that means for law enforcement, accountability, and privacy.

Cyberattackers Target LastPass, Top Password Managers

Be aware: a rash of phishing campaigns are leveraging the anxiety and trust employees have in password vaults securing all of their credentials.

Leaks in Microsoft VS Code Marketplace Put Supply Chain at Risk

Researchers discovered more than 550 unique secrets exposed in Visual Studio Code marketplaces, prompting Microsoft to bolster security measures.

China Hackers Test AI-Optimized Attack Chains in Taiwan

AI might help some threat actors in certain respects, but one group is proving that its use for cyberattacks has its limits.

LevelBlue Announces Plans to Acquire XDR Provider Cybereason

The deal, which builds on LevelBlue’s recent acquisition of Trustwave and Aon, aims to provide customers with a broad portfolio of extended detection and response (XDR), managed detection and response (MDR), and forensic services.

'Mysterious Elephant' Moves Beyond Recycled Malware

The cyber-espionage group has been using sophisticated custom tools to target government and diplomatic entities in South Asia since early 2025.

F5 BIG-IP Environment Breached by Nation-State Actor

F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information.

Africa Remains Top Global Target, Even as Attacks Decline

Organizations across the continent saw 10% fewer attacks in September, but Africa remains the most attacked region in the world, leading the Global South.

Microsoft Drops Terrifyingly Large October Patch Update

October 2025's enormous Patch Tuesday offers plenty of nightmares for admins, including actively exploited zero-days and insidious high-severity privilege-escalation bugs — and it spells curtains for Windows 10 updates.

China's Flax Typhoon Turns Geo-Mapping Server into a Backdoor

Chinese APT threat actors compromised an organization's ArcGIS server, modifying the widely used geospatial mapping software for stealth access.

Pixnapping Attack Lets Attackers Steal 2FA on Android

The proof-of-concept exploit allows an attacker to steal sensitive data from Gmail, Google Accounts, Google Authenticator, Google Maps, Signal, and Venmo.

Financial, Other Industries Urged to Prepare for Quantum Computers

Despite daunting technical challenges, a quantum computer capable of breaking public-key encryption systems may only be a decade or two off.

Critical infrastructure CISOs Can't Ignore 'Back-Office Clutter' Data

OT and ICS systems indeed hold the crown jewels of critical infrastructure organizations, but unmonitored data sprawl is proving to be pure gold for increasingly brazen nation-state threat actors like Volt Typhoon, Pearce argues.

Generation AI: Why Today's Tech Graduates Are At a Disadvantage

With artificial intelligence supplanting entry-level security jobs, new cyber professionals will have to up their game to stay competitive in the industry.

The Fight Against Ransomware Heats Up on the Factory Floor

Ransomware gangs continue to set their sights on the manufacturing industry, but companies are taking steps to protect themselves, starting with implementing timely patch management protocols.

RondoDox Botnet: an 'Exploit Shotgun' for Edge Vulns

RondoDox takes a hit-and-run, shotgun approach to exploiting bugs in consumer edge devices around the world.

Microsoft Adds Agentic AI Capabilities to Sentinel

Microsoft previewed the Sentinel security graph and MCP server at its annual Microsoft Secure virtual event earlier this month.

Feds Shutter ShinyHunters Salesforce Extortion Site

The group warned that law-enforcement crackdowns are imminent in the wake of the takedown, but its extortion threats against Salesforce victims remain active.

Deepfake Awareness High at Orgs, But Cyber Defenses Badly Lag

The vast majority of organizations are encountering AI-augmented threats, but remain confident in their defenses, despite inadequate detection investment and more than half falling to successful attacks.

Commentary Section Launches New, More Opinionated Era

Dark Reading is looking for leading industry experts with a point of view they want to share with the rest of the cybersecurity community for our new Commentary section.

GitHub Copilot 'CamoLeak' AI Attack Exfiltrates Data

While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot.

SonicWall: 100% of Firewall Backups Were Breached

SonicWall said a breach it disclosed last month affected firewall configuration files for all customers who have used SonicWall’s cloud backup service — up from its previous 5% estimate.

Red Hat Hackers Team Up With Scattered Lapsus$ Hunters

Crimson Collective, which recently breached the GitLab instance of Red Hat Consulting, has teamed up with the notorious cybercriminal collective.

LockBit, Qilin & DragonForce Join Forces in Ransomware 'Cartel'

The three extortion gangs also invited other e-crime attackers to join their collaboration to share attack information and resources, in the wake of LockBit 5.0 being released.

Figma MCP Server Opens Orgs to Agentic AI Compromise

Patch now: A bug (CVE-2025-53967) in the popular Web design tool's option for talking to agentic AI can lead to remote code execution (RCE).

Cyberattack Leads to Beer Shortage as Asahi Recovers

A ransomware last week left the Asahi brewery in Japan struggling to take orders and deliver its products domestically, as manufacturers become a favored target.

Attackers Season Spam With a Touch of 'Salt'

Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms.

Security Concerns Shadow Vibe Coding Adoption

In a recent poll, readers shared how they're using vibe coding in AppDev (if they are at all). While some found success, others found the risks too great.

Medusa Ransomware Actors Exploit Critical Fortra GoAnywhere Flaw

Researchers say exploitation of CVE-2025-10035 requires a private key, and it's unclear how Storm-1175 threat actors pulled this off.

Patch Now: ‘RediShell’ Threatens Cloud Via Redis RCE

A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed.

Cyberattackers Exploit Zimbra Zero-Day Via ICS

A threat actor purporting to be from the Libyan Navy's Office of Protocol targeted Brazil's military earlier this year using the rare tactic.

Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw

The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability.

Self-Propagating Malware Hits WhatsApp Users in Brazil

The enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud financial institutions in the region.

Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage

Dutch Prime Minister Dick Schoof described the incident as part of a broader pattern of Russian hybrid attacks against Europe.

BCI: The Thing of Nightmare or Dreams?

Brain computer interface technology looks to provide users with hands-free device control, but could security ever keep up with the risks?

Microsoft's Voice Clone Becomes Scary & Unsalvageable

An attacker's dream: Windows Speak for Me could integrate into apps, creating perfect voice replicas for Teams calls and AI agent interactions across multiple SaaS platforms.

There Are More CVEs, But Cyber Insurers Aren't Altering Policies

With nearly 47,000 CVEs expected by the end of the year, organizations must balance comprehensive vulnerability management with strategic cyber insurance policy selection to effectively navigate this rapidly evolving threat landscape.

'Confucius' Cyberspy Evolves From Stealers to Backdoors in Pakistan

The long-running South Asian advanced persistent threat (APT) group is advancing its objectives against Pakistani targets, with a shift to deploying Python-based surveillance malware.

Android Spyware in the UAE Masquerades as ... Spyware

In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app.

Shutdown Threatens US Intel Sharing, Cyber Defense

Lapse of critical information sharing and mass furloughs at CISA are just some of the concerns.

China Imposes One-Hour Reporting Rule for Major Cyber Incidents

The sweeping new regulations show that China's serious about hardening its own networks after launching widespread attacks on global networks.

New China APT Strikes With Precision and Persistence

Phantom Taurus demonstrates a deep understanding of Windows environments, including advanced components like IIServerCore, a fileless backdoor that executes in memory to evade detection.

'Klopatra' Trojan Makes Bank Transfers While You Sleep

A sophisticated new banking malware is hard to detect, capable of stealing lots of money, and infecting thousands of people in Italy and Spain.

China Exploited New VMware Bug for Nearly a Year

A seemingly benign privilege-escalation process in VMware and other software has likely benefited attackers and other malware strains for years, researchers noted.

AI-Powered Voice Cloning Raises Vishing Risks

A researcher-developed framework could enable attackers to conduct real-time conversations using simulated audio to compromise organizations and extract sensitive information.

Akira Hits SonicWall VPNs in Broad Ransomware Campaign

Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year.

Ukrainian Cops Spoofed in Fileless Phishing Attacks on Kyiv

Attackers impersonate the National Police of Ukraine to deploy Amatera Stealer and PureMiner, using malicious Scalable Vector Graphics to trick victims.

Volvo Employee SSNs Stolen in Supplier Ransomware Attack

Three international vehicle manufacturers have fallen to supply chain cyberattacks in the past month alone.

Iranian State Hackers Use SSL.com Certificates to Sign Malware

Security researchers say multiple threat groups, including Iran's Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company.

Prep is Underway, But 2026 FIFA World Cup Poses Significant Cyber Challenges

The world's most-popular sports contest starts in June 2026 across 16 venues in three countries: Securing the event infrastructure from cyber threats will require massive collaboration.

Salesforce AI Agents Forced to Leak Sensitive Data

Yet again researchers have uncovered an opportunity (dubbed "ForcedLeak" for indirect prompt injection against autonomous agents lacking sufficient security controls — but this time the risk involves PII, corporate secrets, physical location data, and so much more.

Chinese APT Drops 'Brickstorm' Backdoors on Edge Devices

The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the "Brickstorm" backdoor.

CISA: Attackers Breach Federal Agency via Critical GeoServer Flaw

Threat actors exploited CVE-2024-36401 less than two weeks after it was initially disclosed and used it to gain access to a large federal civilian executive branch (FCEB) agency that uses the geospatial mapping data.

Russia Targets Moldovan Election in Disinformation Play

Researchers have tracked a Russian disinformation campaign against upcoming Moldovan elections, linking it to a previous campaign that began in 2022.

Npm Package Hides Malware in Steganographic QR Codes

The poisoned package, purporting to be a JavaScript utility, threatens the software supply chain with a highly obsfuscated credential stealer.

Exposed Docker Daemons Fuel DDoS Botnet

The for-hire platform leverages legitimate cloud-native tools to make detection and disruption harder for defenders and SOC analysts.

From FBI to CISO: Unconventional Paths to Cybersecurity Success

Cybersecurity leader Jason Manar shares insights on diverse career paths, essential skills, and practical advice for entering and thriving in the high-stress yet rewarding field of cybersecurity.

Dark Reading Confidential: Battle Space: Cyber Pros Land on the Front Lines of Protecting US Critical Infrastructure

Dark Reading Confidential Episode 10: It’s past time for a comprehensive plan to protect vital US systems from nation-state cyberattacks, and increasingly, that responsibility is falling to asset owners across a vast swath of organizations, who likely never bargained for an international cyber conflict playing out in their environments. But here we are. And here’s what comes next, according to Frank Cilluffo from the McCrary Institute and Booz Allen’s Dave Forbes.

Zero Trust: Strengths and Limitations in the AI Attack Era

Zero Trust could help organizations fight back against attackers who use artificial intelligence, but new threats will require the architecture to evolve.

Attackers Use Phony GitHub Pages to Deliver Mac Malware

Threat actors are using a large-scale SEO poisoning campaign and fake GitHub repositories to deliver Atomic infostealers to Mac users.

Airport Chaos Shows Human Impact of 3rd-Party Attacks

Major EU airports such as Heathrow were disrupted over the weekend after a cyberattack hit the provider of check-in kiosk software, which caused delays and flight cancellations.

15 Years of Zero Trust: Why It Matters More Than Ever

With the emergence of AI-driven attacks and quantum computing, and the explosion of hyperconnected devices, zero trust remains a core strategy for security operations.

Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection

Exploitation of the flaw, tracked as CVE-2025-10035, is highly dependent on whether systems are exposed to the Internet, according to Fortra.

'ShadowLeak' ChatGPT Attack Allows Hackers to Invisibly Steal Emails

The loophole allows cyberattackers to exfiltrate company data via OpenAI's infrastructure, leaving no trace at all on enterprise systems.

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks.

7 Lessons for Securing AI Transformation From Former CIA Digital Guru

Jennifer Ewbank, former CIA deputy director of digital innovation, discusses resilience, cultural shifts, and cyber fundamentals in the AI era.

TikTok Deal Won't End Enterprise Risks

The proposed restructuring plan would address many concerns related to the social media platform, but risks remain for security teams.

SonicWall Breached, Firewall Backup Data Exposed

Threat actors breached the MySonicWall service and accessed backup firewall configuration files belonging to "fewer than 5%" of its install base, according to the company.

Mastering Digital Breadcrumbs to Stay Ahead of Evolving Threats

Digital forensics offers a challenging but rewarding career path for cybersecurity professionals willing to invest in specialized knowledge and continuous learning.

The Cloud Edge Is The New Attack Surface

The cloud now acts as the connecting infrastructure for many companies' assets — from IoT devices to workstations to applications and workloads — exposing the edge to threats.

Microsoft Disrupts 'RaccoonO365' Phishing Service

Phishing-as-a-service (PhaaS) kits have become an increasingly popular way for lower-skill individuals who want to get into cybercrime.

'Scattered Lapsus$ Hunters,' Others Announce End of Hacking Spree

Though the groups have shared their decision to go dark, threat researchers say there are signs that it's business as usual.

North Korean Group Targets South With Military ID Deepfakes

The North Korea-linked group Kimsuky used ChatGPT to create deepfakes of military ID documents in an attempt to compromise South Korean targets.

Critical Bugs in Chaos Mesh Enable Cluster Takeover

"Chaotic Deputy" is a set of four vulnerabilities in the chaos engineering platform that many organizations use to test the resilience of their Kubernetes environments.

'Vane Viper' Threat Group Tied to PropellerAds, Commercial Entities

Researchers say the commercial adtech platform and several other companies form the infrastructure of a massive cybercrime operation.

'HybridPetya' Ransomware Bypasses Secure Boot

The malware, which has traits of Petya ransomware and the infamous NotPetya wiper, is designed to target UEFI-based systems, according to researchers.

SecurityScorecard Buys AI Automation Capabilities, Boosts Vendor Risk Management

The company acquired HyperComply to help enterprises automate vendor security reviews and gain a real-time picture of the security of their entire supply chain.

FBI Warns of Threat Actors Hitting Salesforce Customers

The FBI's IC3 recently warned of two threat actors, UNC6040 and UNC6395, targeting Salesforce customers, separately and in tandem.

'Lies-in-the-Loop' Attack Defeats AI Coding Agents

Researchers convince Anthropic's AI-assisted coding tool to engage in dangerous behavior by lying to it, paving the way for a supply chain attack.

French Advisory Sheds Light on Apple Spyware Activity

CERT-FR's advisory follows last month's disclosure of a zero-day flaw Apple said was used in "sophisticated" attacks against targeted individuals.

'Gentlemen' Ransomware Abuses Vulnerable Driver to Kill Security Gear

By weaponizing the ThrottleStop.sys driver, attackers are disrupting antivirus and endpoint detection and response (EDR) systems.

AI-Enhanced Malware Sports Super-Stealthy Tactics

With legit sounding names, EvilAI's "productivity" apps are reviving classic threats like Trojans while adding new evasion capabilities against modern antivirus defenses.

Vidar Infostealer Back with a Vengeance

The pervasive Vidar infostealer has evolved with a suite of new evasion techniques and covert data exfiltration methods, according to researchers.

'K2 Think' AI Model Jailbroken Mere Hours After Release

Researchers discovered that measures designed to make AI more transparent to users and regulators can also make it easier for bad actors to abuse.

Russian APT Attacks Kazakhstan's Largest Oil Company

Researchers say a likely Russian APT used a compromised employee email account to attack Kazakhstan's biggest company, though the oil and gas firm claims it was a pen test.

Students Pose Inside Threat to Education Sector

The threats may not be malicious, but they are more than many security teams can handle.

Chinese Hackers Allegedly Pose as US Lawmaker

Chinese state-backed threat actors are suspected of posing as Michigan congressman John Moolenaar in a series of spearphishing attacks.

EoP Flaws Again Lead Microsoft Patch Day

Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.

Qantas Reduces Executive Pay Following Cyberattack

The data breach, which occurred earlier this year, saw threat actors compromise a third-party platform to obtain Qantas customers' personal information.

Huge NPM Supply-Chain Attack Goes Out With Whimper

Threat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads.

Salty2FA Takes Phishing Kits to Enterprise Level

Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.

SentinelOne Announces Plans to Acquire Observo AI

The combined company will help customers separate data ingestion from SIEM, to improve detection and performance.

'MostereRAT' Malware Blends In, Blocks Security Tools

A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems.

Salesloft Breached via GitHub Account Compromise

The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.

45 New Domains Linked to Salt Typhoon, UNC4841

The China-backed threat actors have used the previously undiscovered infrastructure to obtain long-term, stealthy access to targeted organizations.

Scammers Are Using Grok to Spread Malicious Links on X

It's called "grokking," and gives spammers a way to skirt X's ban on links in promoted posts and reach larger audiences than ever before.

Anyone Using Agentic AI Needs to Understand Toxic Flows

The biggest vulnerabilities may lie at the boundaries of where the AI agent connects with the enterprise system.

ISC2 Aims to Bridge DFIR Skill Gap with New Certificate

The Nonprofit organization launched the Threat Handling Foundations Certificate amid mounting incident and breach disclosures.

Czech Warning Highlights China Stealing User Data

Czech cyber agency NÚKIB warned of the risks of using products and software that send data back to China.

Blast Radius of Salesloft Drift Attacks Remains Uncertain

Many high-profile Salesloft Drift customers have disclosed data breaches as a result of a recent supply-chain attack, but the extent and severity of this campaign are unclear.

Japan, South Korea Take Aim at North Korean IT Worker Scam

With the continued success of North Korea's IT worker scams, Asia-Pacific nations are working with private firms to blunt the scheme's effectiveness.

Cloudflare Holds Back the Tide on 11.5Tbps DDoS Attack

It's the equivalent of watching more than 9,350 full-length HD movies or streaming 7,480 hours of high-def video nonstop in less than a minute.

Hacked Routers Linger on the Internet for Years, Data Shows

While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked.

Amazon Stymies APT29 Credential Theft Campaign

A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.

Zscaler, Palo Alto Networks Breached via Salesloft Drift

Two major security firms suffered downstream compromises as part of a large-scale supply chain attack involving Salesloft Drift, a marketing SaaS application from Salesforce.

Jaguar Land Rover Shuts Down in Scramble to Secure 'Cyber Incident'

The luxury automaker said its retail and production activities have been "severely disrupted."

JSON Config File Leaks Azure ActiveDirectory Credentials

In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate Azure cloud environments.

Hackers Are Sophisticated & Impatient — That Can Be Good

You can't negotiate with hackers from a place of fear — but you can turn their urgency against them with the right playbook, people, and preparation.

NIST Enhances Security Controls for Improved Patching

The U.S. National Institute of Standards and Technology released Security and Privacy Control version 5.2.0 to help organizations be more proactive regarding patching.

Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups

Flashpoint published its 2025 midyear ransomware report that highlighted the top five most prolific groups currently in operation.

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

One of the most sophisticated supply chain attacks to date caused immense amounts of data to leak to the Web in a matter of hours.

Dark Reading Confidential: A Guided Tour of Today's Dark Web

Dark Reading Confidential Episode 9: Join us for a look around today's Dark Web, and find out how law enforcement, AI, nation-state activities, and more are reshaping the way cybercriminals conduct their dirty business online. Keith Jarvis, senior security researcher at Sophos' Counter Threat Unit joins Dark Reading's Alex Culafi for a conversation you don't want to miss.

'ZipLine' Phishers Flip Script as Victims Email First

"ZipLine" appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors.

China Hijacks Captive Portals to Spy on Asian Diplomats

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.

Google: Salesforce Attacks Stemmed From Third-Party App

A group tracked as UNC6395 engaged in "widespread data theft" via compromised OAuth tokens from a third-party app called Salesloft Drift.

Malicious Scanning Waves Slam Remote Desktop Services

Researchers say the huge spike of coordinated scanning for Microsoft RDP services could indicate the existence of a new, as-yet-undisclosed vulnerability.

Data I/O Becomes Latest Ransomware Attack Victim

The "incident" led to outages affecting a variety of the tech company's operations, though the full scope of the breach is unknown.

Hook Android Trojan Now Delivers Ransomware-Style Attacks

New features to take over smartphones and monitor user activity demonstrate the continued evolution of the malware, which is now being spread on GitHub.

Hackers Lay In Wait, Then Knocked Out Iran Ship Comms

Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list.

ClickFix Attack Tricks AI Summaries Into Pushing Malware

Because instructions appear to come from AI-generated content summaries and not an external source, the victim is more likely to follow them without suspicion.

Fast-Spreading, Complex Phishing Campaign Installs RATs

Attackers not only steal credentials but also can maintain long-term, persistent access to corporate networks through the global campaign.

Securing the Cloud in an Age of Escalating Cyber Threats

As threats intensify and cloud adoption expands, organizations must leave outdated security models behind.

Silk Typhoon Attacks North American Orgs in the Cloud

A Chinese APT is going where most APTs don't: deep into the cloud, compromising supply chains and deploying uncommon malware.

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds

Music tastes, location information, even encrypted messages — Apple's servers are gathering a "surprising" amount of personal data through Apple Intelligence, Lumia Security's Yoav Magid warns in his new analysis.

Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0'

The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds.

Why Video Game Anti-Cheat Systems Are a Cybersecurity Goldmine

Sam Collins and Marius Muench of the University of Birmingham, UK, join the Black Hat USA 2025 News Desk to explain how anti-cheat systems in video games provide valuable lessons on defending against threat actors' techniques and strategies.

Hackers Abuse VPS Infrastructure for Stealth, Speed

New research highlights how threat actors abuse legitimate virtual private server offerings in order to spin up infrastructure cheaply, quietly, and fast.

Tree of AST: A Bug-Hunting Framework Powered by LLMs

Teenaged security researchers Sasha Zyuzin and Ruikai Peng discuss how their new vulnerability discovery framework leverages LLMs to address limitations of the past.

FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw

In the past year, "Static Tundra," aka "Energetic Bear," has breached thousands of end-of-life Cisco devices unpatched against a 2018 flaw, in a campaign targeting enterprises and critical infrastructure.

Hacker Finds Flaws in McDonald’s Staff, Partner Hubs

Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up.

'RingReaper' Sneaks Right Past Linux EDRs

The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.

AI Agents Access Everything, Fall to Zero-Click Exploit

Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" —and what that means for cyber risk.

Millions Allegedly Affected in Allianz Insurance Breach

Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.

PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain

Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.

'DripDropper' Hackers Patch Their Own Exploit

An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.

Secure AI Use Without the Blind Spots

Why every company needs a clear, enforceable AI policy — now.

Noodlophile Stealer Hides Behind Bogus Copyright Complaints

Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures.

Workday Breach Likely Linked to ShinyHunters Salesforce Attacks

The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system, but did not gain access to customer information; only 'commonly available' business contact info was exposed.

Internet-wide Vulnerability Enables Giant DDoS Attacks

A good chunk of all websites today have been affected by the biggest DDoS risk on the Web since 2023.

Defending Against Cloud Threats Across Multicloud Environments

The vast majority of companies are using more than one cloud platform, yet struggle to establish and monitor security across different environments giving attackers an opening.

New Quantum-Safe Alliance Aims to Accelerate PQC Implementation

The new Quantum-Safe 360 Alliance will provide road maps, technology, and services to help organizations navigate the post-quantum cryptography transition before the 2030 deadline.

New Crypto24 Ransomware Attacks Bypass EDR

While several cybercrime groups have embraced "EDR killers," researchers say the deep knowledge and technical skills demonstrated by Crypto24 signify a dangerous escalation.

Colt Telecommunications Struggles in Wake of Cyber Incident

The UK telco said it temporarily took some systems offline as a "protective" measure in its investigation.

How Maclaren Racing Gets From the Browser to the Track

In a conversation with Dark Reading's Terry Sweeney, Dr. Lisa Jarman from McLaren Racing says cutting-edge innovation must coexist with rigorous security protocols.

Cybersecurity Spending Slows & Security Teams Shrink

Security budgets are lowest in healthcare, professional and business services, retail, and hospitality, but budget growth remained above 5% in financial services, insurance, and tech.

Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web

Dark Reading's Terry Sweeney and Google Cloud Security's Jason Kemmerer discuss how organizations can secure the modern workplace with zero trust browser protection for remote and hybrid teams.

Whispers of XZ Utils Backdoor Live on in Old Docker Images

Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," given the improbability they'd be exploited.

How an AI-Based 'Pen Tester' Became a Top Bug Hunter on HackerOne

AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform's US leaderboard.

Patch Now: Attackers Target OT Networks via Critical RCE Flaw

Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development.

What the LockBit 4.0 Leak Reveals About RaaS Groups

The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.

China Questions Security of AI Chips From Nvidia, AMD

The US banned the sale of AI chips to China and then backed off. Now, Chinese sources are calling on NVIDIA to prove its AI chips have no backdoors.

Elevation-of-Privilege Vulns Dominate Microsoft's Patch Tuesday

The company's August security update consisted of patches for 111 unique Common Vulnerabilities and Exposures (CVEs).

Black Hat NOC Expands AI Implementation Across Security Operations

Corelight's James Pope gave Dark Reading an inside look at this year's Black Hat Network Operations Center, detailing security challenges and rising trends — many related to increased AI use.

BlackSuit Ransomware Takes an Infrastructure Hit From Law Enforcement

A swarm of US agencies joined with international partners to take down servers and domains and seize more than $1 million associated with BlackSuit (Royal) ransomware operations, a group that has been a chronic, persistent threat against critical infrastructure.

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack

REvil affiliate Yaroslav Vasinskyi, who was convicted last year for his role in the 2021 Kaseya ransomware supply chain attack, said the Russian government was instrumental to the attack's execution.

Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours

Researchers paired the jailbreaking technique with storytelling in an attack flow that used no inappropriate language to guide the LLM into producing directions for making a Molotov cocktail.

Utilities, Factories at Risk From Encryption Holes in Industrial Protocol

The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways.

Will Secure AI Be the Hottest Career Path in Cybersecurity?

Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional demands.

860K Compromised in Columbia University Data Breach

While no data has yet to be misused, the university doesn't rule out the possibility of that occurring in the future, prompting it to warn affected individuals to remain vigilant in the wake of the breach.

BigID Launches Shadow AI Discovery to Uncover Rogue Models and Risky AI Data

PwC Announces Addition of Morgan Adamski to Leadership of Cyber, Data & Technology Risk Platform

Ransomware Attacks Fall by Almost Half in Q2

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.

Citizen Lab Founder Flags Rise of US Authoritarianism

Citizen Lab director and founder Ron Deibert explained how civil society is locked in "vicious cycle," and human rights are being abused as a result, covering Israeli spyware, the Khashoggi killing, and an erosion of democratic norms in the US.

Payback: 'ShinyHunters' Clocks Google via Salesforce

In 2024, it was Snowflake. In 2025, it's Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international megaliths like Google, Cisco, and Adidas.

Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults

Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.

'ReVault' Security Flaws Impact Millions of Dell Laptops

The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.

Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights

Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.

Pandora Confirms Third-Party Data Breach, Warns of Phishing Attempts

The jewelry retailer is warning customers that their data can and might be used maliciously.

Cisco User Data Stolen in Vishing Attack

The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including email addresses and phone numbers.

Google Chrome Enterprise: More Than an Access Point to the Web

In a conversation with Dark Reading's Terry Sweeney, Lauren Miskelly from Google explains that Chrome Enterprise is the same Chrome browser that consumers use, but with additional enterprise-grade controls, reporting capabilities, and administrative features.

Threat Actors Increasingly Leaning on GenAI Tools

From "eCrime" actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations.

42% of Developers Using AI Say Their Codebase is Now Mostly AI-Generated

Akira Ramps Up Assault on SonicWall Firewalls, Suggesting Zero-Day

An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation.

Turning Human Vulnerability Into Organizational Strength

Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.

What Is the Role of Provable Randomness in Cybersecurity?

Random numbers are the cornerstone of cryptographic security — cryptography depends on generating random keys. As organizations adopt quantum-resistant algorithms, it's equally important to examine the randomness underpinning them

Dark Reading News Desk Turns 10, Back at Black Hat USA for 2025

Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on the latest research from Black Hat — no trip to Las Vegas required.

ISC2 Launches New Security Certificate for AI Expertise

ISC2 is launching a 6-course certification program to address the growing demand for AI security expertise. Courses cover topics such as AI fundamentals, ethics, and risks.

Gen Z Falls for Scams 2x More Than Older Generations

Forget gullible old people — Gen Z is the most at-risk age group on the Web. Older folks might want to ignore it, but employers are likely to feel the brunt.

DragonForce Ransom Cartel Profits Off Rivals' Demise

The fall of RansomHub led to a major consolidation of the ransomware ecosystem last quarter, which was a boon for the DragonForce and Qilin gangs.

SafePay Claims Ingram Micro Breach, Sets Ransom Deadline

The ransomware gang claims to have stolen 3.5TB of data, and told the technology distributor to pay up or suffer a data breach.

3 Things CFOs Need to Know About Mitigating Threats

To reposition cybersecurity as a strategic, business-critical investment, CFOs and CISOs play a critical role in articulating the significant ROI that robust security measures can deliver.

Inside the FBI's Strategy for Prosecuting Ransomware

The US government is throwing the book at even mid-level cybercriminals. Is it just, and is it working?

Koreans Hacked, Blackmailed by 250+ Fake Mobile Apps

A swath of copycat Korean apps are hiding spyware, occasionally leading to highly personal, disturbing extortions.

Silk Typhoon Linked to Powerful Offensive Tools, PRC-Backed Companies

An unsealed indictment associated with the Chinese threat group shows its members worked for companies closely aligned with the PRC as part of a larger contractor ecosystem.

The CrowdStrike Outage Was Bad, but It Could Have Been Worse

A year after the largest outage in IT history, organizations need to make an active effort to diversify their technology and software vendors and create a more resilient cyber ecosystem moving forward.

Attackers Can Use Browser Extensions to Inject AI Prompts

A proof-of-concept attack shows how threat actors can use a poisoned browser extension to inject malicious prompts into a generative AI tool.

African Orgs Fall to Mass Microsoft SharePoint Exploits

The National Treasury of South Africa is among the half-dozen known victims in South Africa — along with other nations — of the mass compromise of on-premises Microsoft SharePoint servers.

Nimble 'Gunra' Ransomware Evolves With Linux Variant

The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption.

New Risk Index Helps Organizations Tackle Cloud Security Chaos

Enterprises can use the IaC Risk Index to identify vulnerable cloud resources in their infrastructure-as-code environment which are not managed or governed.

Insurance Giant Allianz Life Grapples With Breach Affecting 'Majority' of Customers

The company has yet to report an exact number of how many individuals were impacted by the breach and plans to start the notification process around Aug. 1.

Chaos Ransomware Rises as BlackSuit Gang Falls

Researchers detailed a newer double-extortion ransomware group made up of former members of BlackSuit, which was recently disrupted by international law enforcement.

Sophisticated Shuyal Stealer Targets 19 Browsers, Demonstrates Advanced Evasion

A new infostealing malware making the rounds can exfiltrate credentials and other system data even from browsing software considered more privacy-focused than mainstream options.

How to Spot Malicious AI Agents Before They Strike

The rise of agentic AI means the battle of the machines is just beginning. To win, we'll need our own agents — human and machine — working together.

Cyber Career Opportunities: Weighing Certifications vs. Degrees

Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry.

'Fire Ant' Cyber Spies Compromise Siloed VMware Systems

Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims' networks.

AI-Generated Linux Miner 'Koske' Beats Human Malware

AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do.

North Korea's IT Worker Rampage Continues Amid DoJ Action

Arrests and indictments keep coming, but the North Korean fake IT worker scheme is only snowballing, and businesses can't afford to assume their applicant-screening processes are up to the task of weeding the imposters out.

The Young and the Restless: Young Cybercriminals Raise Concerns

National governments warn that many hacker groups attract young people through a sense of community, fame, or the promise of money and the perception of a lack of risk of prosecution.

Can Security Culture Be Taught? AWS Says Yes

Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key.

Ransomware Actors Pile on 'ToolShell' SharePoint Bugs

Storm-2603, a China-based threat actor, is targeting SharePoint customers in an ongoing ransomware campaign.

Department of Education Site Mimicked in Phishing Scheme

An ongoing phishing campaign is using fake versions of the department's G5 grant portal, taking advantage of political turmoil associated with the DoE's 1,400 layoffs.

US Nuclear Agency Hacked in Microsoft SharePoint Frenzy

Threat actors are piling on the zero-day vulnerabilities in SharePoint, including at least three Chinese nation-state cyberespionage groups.

Microsoft Integrates Data Lake With Sentinel SIEM

Microsoft Sentinel Data Lake aims to provide inexpensive storage for large volumes of telemetry, while threat intelligence will be included with Defender XDR at no extra cost.

CISO Conversations: How IT and OT Security Worlds Are Converging

Dark Reading's Kelly Jackson Higgins interviews Carmine Valente, Deputy CISO at Con Edison, about his role at the New York-based electric utility and the state of IT and OT security. Valente highlights current threats like ransomware and supply chain attacks, as well as the impact of AI on both defense and threats.

China Introduces National Cyber ID Amid Privacy Concerns

China officially rolled out a voluntary Internet identity system to protect citizens' online identities and personal information, but critics worry about privacy and surveillance.

3 China Nation-State Actors Target SharePoint Bugs

Hackers and cybercrime groups are part of a virtual feeding frenzy, after Microsoft's recent disclosure of new vulnerabilities in on-premises editions of SharePoint Server.

Human Digital Twins Could Give Attackers a Dangerous Advantage

While this emerging technology offers many benefits, digital twins also have several drawbacks, as these convincing impersonations can be used in social engineering attacks.

China-Backed APT41 Cyberattack Surfaces in Africa

Up to now, the prolific China-sponsored cyber-espionage group has been mostly absent from the region, but a sophisticated and highly targeted attack on an African IT company shows Beijing is branching out.

Malicious Implants Are Coming to AI Components, Applications

A red teamer is publishing research next month about how weaknesses in modern security products lay the groundwork for stealthy implants in AI-powered applications.

Europol Sting Leaves Russian Cybercrime's 'NoName057(16)' Group Fractured

National authorities have issued seven arrest warrants in total relating to the cybercrime collective known as NoName057(16), which recruits followers to carry out DDoS attacks on perceived enemies of Russia.

Containment as a Core Security Strategy

We cannot keep reacting to vulnerabilities as they emerge. We must assume the presence of unknown threats and reduce the blast radius that they can affect.

'PoisonSeed' Attacker Skates Around FIDO Keys

Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.

Printer Security Gaps: A Broad, Leafy Avenue to Compromise

Security teams aren't patching firmware promptly, no one's vetting the endpoints before purchase, and visibility into potential dangers is limited — despite more and more cyberattackers targeting printers as a matter of course.

Armenian Extradited to US Over Ryuk Ransomware

The suspect faces three charges for his alleged crimes that could earn him up to five years in federal prison, and a heap of fines.

Why Cybersecurity Still Matters for America's Schools

Cyberattacks on educational institutions are growing. But with budget constraints and funding shortfalls, leadership teams are questioning whether — and how — they can keep their institutions safe.

ISC2 Finds Orgs Are Increasingly Leaning on AI

While many organizations are eagerly integrating AI into their workflows and cybersecurity practices, some remain undecided and even concerned about potential drawbacks of AI deployment.

Women Who 'Hacked the Status Quo' Aim to Inspire Cybersecurity Careers

A group of female cybersecurity pioneers will share what they've learned about navigating a field dominated by men, in order to help other women empower themselves and pursue successful cybersecurity careers.

Cognida.ai Launches Codien: An AI Agent to Modernize Legacy Test Automation and Fast-Track Test Creation

AI Is Reshaping How Attorneys Practice Law

Experts recommend enhanced AI literacy, training around the ethics of using AI, and verification protocols to maintain credibility in an increasingly AI-influenced courtroom.

AsyncRAT Spawns Concerning Labyrinth of Forks

Since surfacing on GitHub in 2019, AsyncRAT has become a poster child for how open source malware can democratize cybercrime, with a mazelike footprint of variants available across the spectrum of functionality.

Attackers Abuse AWS Cloud to Target Southeast Asian Governments

The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities.

MITRE Launches AADAPT Framework for Financial Systems

The new framework is modeled after and meant to complement the MITRE ATT&CK framework, and it is aimed at detecting and responding to cyberattacks on cryptocurrency assets and other financial targets.

Web-Inject Campaign Debuts Fresh Interlock RAT Variant

A cyber-threat campaign is using legitimate websites to inject victims with remote access Trojans belonging to the Interlock ransomware group, in order to gain control of devices.

Military Veterans May Be What Cybersecurity Is Looking For

As the field struggles with a shortage, programs that aim to provide veterans with the technical skills needed to succeed in cybersecurity may be the solution for everyone.

Google Gemini AI Bug Allows Invisible, Malicious Prompts

A prompt-injection vulnerability in the AI assistant allows attackers to create messages that appear to be legitimate Google Security alerts but instead can be used to target users across various Google products with vishing and phishing.

The Dark Side of Global Power Shifts & Demographic Decline

As global power realigns and economies falter, the rise in cybercrime is no longer hypothetical — it's inevitable.

350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE

Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be exposed to a vulnerable Bluetooth implementation called "PerfektBlue."

eSIM Bug in Millions of Phones Enables Spying, Takeover

eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards.

Ingram Micro Up and Running After Ransomware Attack

Customers were the first to notice the disruption on the distributor's website when they couldn't place orders online.

4 Arrested in UK Over M&S, Co-op, Harrods Hacks

The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.

AirMDR Tackles Security Burdens for SMBs With AI

This security startup provides managed detection and response services for small-to-midsized businesses to detect and address modern threats such as ransomware, phishing attacks, and malicious insiders.

North American APT Uses Exchange Zero-Day to Attack China

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.

A NVIDIA Container Bug & Chance to Harden Kubernetes

A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.

New AI Malware PoC Reliably Evades Microsoft Defender

Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.

South Korean Government Imposes Penalties on SK Telecom for Breach

Following a breach at the country's top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.

Malicious Open Source Packages Spike 188% YoY

Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.

Suspected Hacker Linked to Silk Typhoon Arrested in Milan

The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers.

DPRK macOS 'NimDoor' Malware Targets Web3, Crypto Platforms

Researchers observed North Korean threat actors targeting cryptocurrency and Web3 platforms on Telegram using malicious Zoom meeting requests.

Ransomware Attack Triggers Widespread Outage at Ingram Micro

The outage began shortly before the July 4 holiday weekend and caused disruptions for customer ordering and other services provided by the IT distributor.

'Hunters International' RaaS Group Closes Its Doors

The announcement comes just months after security researchers observed that the group was making the transition to rebrand to World Leaks, a data theft outfit.

Chrome Store Features Extension Poisoned With Sophisticated Spyware

A color picker for Google's browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites.

US Treasury Sanctions BPH Provider Aeza Group

In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.

Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing

A Russian APT known as "Gamaredon" is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine.

ClickFix Spin-off Attack Bypasses Key Browser Safeguards

A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware.

1 Year Later: Lessons Learned From the CrowdStrike Outage

The ever-growing volume of vulnerabilities and threats requires organizations to remain resilient and anti-fragile — that is, to be able to proactively respond to issues and continuously improve.

Scope, Scale of Spurious North Korean IT Workers Emerges

Microsoft warns thousands of North Korean workers have infiltrated tech, manufacturing, and transportation sectors to steal money and data.

We've All Been Wrong: Phishing Training Doesn't Work

Teaching employees to detect malicious emails isn't really having an impact. What other options do organizations have?

DoJ Disrupts North Korean IT Worker Scheme Across Multiple US States

The US also conducted searches of 29 "laptop farms" across 16 states and seized 29 financial accounts used to launder funds.

Scattered Spider Hacking Spree Continues With Airline Sector Attacks

Microsoft has called the hacker collective one of the most dangerous current cyberthreats.

Chinese Company Hikvision Banned By Canadian Government

Though the company's video surveillance products will be prohibited for government use, individuals and private businesses can still buy the vendor's products.

Airoha Chip Vulns Put Sony, Bose Earbuds & Headphones at Risk

The vulnerabilities, which have yet to be published, could allow a threat actor to hijack not only Bluetooth earbuds and headphones but also the devices connected to them.

AI-Themed SEO Poisoning Attacks Spread Info, Crypto Stealers

Malicious websites designed to rank high in Google search results for ChatGPT and Luma AI deliver the Lumma and Vidar infostealers and other malware.

Why Cybersecurity Should Come Before AI in Schools

The sooner we integrate cybersecurity basics into school curriculum, the stronger and more resilient our children — and their futures — will be.

Top Apple, Google VPN Apps May Help China Spy on Users

Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers allege.

'CitrixBleed 2' Shows Signs of Active Exploitation

If exploited, the critical vulnerability allows attackers to maintain access for longer periods of time than the original CitrixBleed flaw, all while remaining undetected.

Scattered Spider Taps CFO Credentials in 'Scorched Earth' Attack

In a recent intrusion, the notorious cybercriminal collective accessed CyberArk vaults and obtained more 1,400 secrets, subverted Azure, VMware, and Snowflake environments, and for the first known time, actively fought back against incident response teams.

Vulnerability Debt: How Do You Put a Price on What to Fix?

Putting a vulnerability debt figure together involves work, but having vulnerability debt figures lets you measure real-world values against your overall security posture.

US Falling Behind China in Exploit Production

Cyber operations have become critical to national security, but the United States has fallen behind in one significant area — exploit production — while China has built up a significant lead.

'Cyber Fattah' Hacktivist Group Leaks Saudi Games Data

As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape.

'IntelBroker' Suspect Arrested, Charged in High-Profile Breaches

A British national arrested earlier this year in France was charged by the US Department of Justice in connection with a string of major cyberattacks.

Charming Kitten APT Tries Spying on Israeli Cybersecurity Experts

Israel's cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks.

And Now Malware That Tells AI to Ignore It?

Though rudimentary and largely non-functional, the wryly named "Skynet" binary could be a harbinger of things to come on the malware front.

Millions of Brother Printers Hit by Critical, Unpatchable Bug

A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.

CISA is Shrinking: What Does it Mean for Cyber?

Dark Reading Confidential Episode 7: Cyber experts Tom Parker and Jake Williams offer their views on the practical impact of cuts to the US Cybersecurity and Infrastructure Security Agency.

Africa Sees Surge in Cybercrime as Law Enforcement Struggles

Cybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off.

Threat Actor Trojanizes Copy of SonicWall NetExtender VPN App

A threat actor hacked a version of SonicWall's NetExtender SSL VPN application in an effort to trick users into installing a Trojanized version of the product.

China-Nexus 'LapDogs' Network Thrives on Backdoored SOHO Devices

The campaign infected devices in the US and Southeast Asia to build an operational relay box (ORB) network for use as an extensive cyber-espionage infrastructure.

Steel Giant Nucor Confirms Data Stolen in Cyberattack

America's largest steel producer initially disclosed the breach in May and took potentially affected systems offline to investigation the intrusion and contain any malicious activity.

Citrix Patches Critical Vulns in NetScaler ADC and Gateway

Citrix is recommending its customers upgrade their appliances to mitigate potential exploitation of the vulnerabilities.

'Echo Chamber' Attack Blows Past AI Guardrails

An AI security researcher has developed a proof of concept that uses subtle, seemingly benign prompts to get GPT and Gemini to generate inappropriate content.

DHS Warns of Rise in Cyberattacks in Light of US-Iran Conflict

After President's Trump decision to enter the US into the conflict in the Middle East, the Department of Homeland Security expects there to be an uptick in Iranian hacktivists and state-sponsored actors targeting US systems.

Attackers Use Docker APIs, Tor Anonymity in Stealthy Crypto Heist

The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners.

A CISO's AI Playbook

In a market where security budgets flatten while threats accelerate, improving analyst throughput is fiscal stewardship.

AWS Enhances Cloud Security With Better Visibility Features

At this week's re:Inforce 2025 conference, the cloud giant introduced new capabilities to several core security products to provide customers with better visibility and more context on potential threats.

Hackers Post Dozens of Malicious Copycat Repos to GitHub

As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.

How Cyberwarfare Changes the Face of Geopolitical Conflict

As geopolitical tensions rise, the use of cyber operations and hacktivists continues to grow, with the current conflict between Israel and Iran showing the new face of cyber-augmented war.

Telecom Giant Viasat Is Latest Salt Typhoon Victim

The communications company shared the discoveries of its investigation with government partners, but there is little information they can publicly disclose other than that there seems to be no impact to customers.

How to Lock Down the No-Code Supply Chain Attack Surface

Securing the no-code supply chain isn't just about mitigating risks — it's about enabling the business to innovate with confidence.

OpenAI Awarded $200M Contract to Work With DoD

OpenAI intends to help streamline the Defense Department's administrative processes using artificial intelligence.

New Tool Traps Jitters to Detect Beacons

Concerned by rapidly evolving evasion tactics, the new Jitter-Trap tool from Varonis aims to help organizations detect beacons that help attackers establish communication inside a victim network.

The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped

Many cybersecurity professionals still don't feel comfortable admitting when they need a break. And the impact goes beyond being overworked.

GodFather Banking Trojan Debuts Virtualization Tactic

The Android malware is targeting Turkish financial institutions, completely taking over legitimate banking and crypto apps by creating an isolated virtualized environment on a device.

Serpentine#Cloud Uses Cloudflare Tunnels in Sneak Attacks

An unidentified threat actor is using .lnk Windows shortcut files in a series of sophisticated attacks utilizing in-memory code execution and living-off-the-land cyberattack strategies.

Indian Car-Sharing Firm Zoomcar Latest to Suffer Breach

The company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails.

'HoldingHands' Acts Like a Pickpocket With Taiwan Orgs

Since at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies.

Malicious Chimera Turns Larcenous on Python Package Index

Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks.

Anubis Ransomware-as-a-Service Kit Adds Data Wiper

The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.

Washington Post Staffer Emails Targeted in Cyber Breach

Journalists' Microsoft accounts were breached, which would have given attackers access to emails of staff reporters covering national security, economic policy, and China.

'Water Curse' Targets Infosec Pros Via Poisoned GitHub Repositories

The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware.

Security Is Only as Strong as the Weakest Third-Party Link

Third-party risks are increasing dramatically, requiring CISOs to evolve from periodic assessments to continuous monitoring and treating partner vulnerabilities as their own to enhance organizational resilience.

NIST Outlines Real-World Zero-Trust Examples

SP 1800-35 offers 19 examples of how to implement zero-trust architecture (ZTA) using off-the-shelf commercial technologies.

CISA Reveals 'Pattern' of Ransomware Attacks Against SimpleHelp RMM

A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January.

Cyberattacks on Humanitarian Orgs Jump Worldwide

These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.

New COPPA Rules to Take Effect Over Child Data Privacy Concerns

New regulations and compliance standards for the Children's Online Privacy Protection Act reflect how much technology has grown since the Federal Trade Commission last updated it in 2013.

Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'

Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.

Hacking the Hackers: When Bad Guys Let Their Guard Down

A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.

ConnectWise to Rotate Code-Signing Certificates

The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher.

Agentic AI Takes Over Gartner's SRM Summit

Agentic AI was everywhere at Gartner's Security & Risk Management Summit in Washington, DC, this year, as the AI security product engine chugs ahead at full speed.

Google Bug Allowed Brute-Forcing of Any User Phone Number

The weakness in Google's password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.

PoC Code Escalates Roundcube Vuln Threat

The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.

GitHub: How Code Provenance Can Prevent Supply Chain Attacks

Through artifact attestation and the SLSA framework, GitHub's Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.

United Natural Food's Operations Limp Through Cybersecurity Incident

It's unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company's operations.

Gartner: How Security Teams Can Turn Hype Into Opportunity

During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture.

SIEMs Missing the Mark on MITRE ATT&CK Techniques

CardinalOps' report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.

China-Backed Hackers Target SentinelOne in 'PurpleHaze' Attack Spree

Known threat groups APT15 and UNC5174 unleashed attacks against SentinelOne and more than 70 other high-value targets, as part of ongoing cyber-espionage and other malicious activity involving ShadowPad malware.

Docuseries Explores Mental, Physical Hardships of CISOs

During "CISO: The Worst Job I Ever Wanted," several chief information security officers reveal how difficult it is to be in a role that, despite being around for decades, remains undefined.

BADBOX 2.0 Targets Home Networks in Botnet Campaign, FBI Warns

Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices.

'PathWiper' Attack Hits Critical Infrastructure In Ukraine

Cisco Talos researchers observed the new wiper malware in a destructive attack against an unnamed critical infrastructure organization.

Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud

The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.

Backdoored Malware Reels in Newbie Cybercriminals

Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.

35K Solar Devices Vulnerable to Potential Hijacking

A little more than three-quarters of these exposed devices are located in Europe, followed by Asia, with 17%.

Vishing Crew Targets Salesforce Data

A group Google is tracking as UNC6040 has been tricking users into installing a malicious version of a Salesforce app to gain access to and steal data from the platform.

How Neuroscience Can Help Us Battle 'Alert Fatigue'

By understanding the neurological realities of human attention, organizations can build more sustainable security operations that protect not only their digital assets but also the well-being of those who defend them.

Researchers Bypass Deepfake Detection With Replay Attacks

An international group of researchers found that simply rerecording deepfake audio with natural acoustics in the background allows it to bypass detection models at a higher-than-expected rate.

Chrome Drops Trust for Chunghwa, Netlock Certificates

Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.

LummaC2 Fractures as Acreed Malware Becomes Top Dog

LummaC2 formerly accounted for almost 92% of Russian Market's credential theft log alerts. Now, the Acreed infostealer has replaced its market share.

LummaC2 Fractures as Acreed Malware Becomes Top Dog

LummaC2 formerly accounted for almost 92% of Russian Market's credential theft log alerts. Now, the Acreed infostealer has replaced its market share.

Beyond the Broken Wall: Why the Security Perimeter Is Not Enough

Organizations need to abandon perimeter-based security for data-centric protection strategies in today's distributed IT environments.

EMR-ISAC Shuts Down: What Happens Now?

The Emergency Management and Response - Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations.

Exploitation Risk Grows for Critical Cisco Bug

New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.

Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak

An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.

Critical Bugs Could Spark Takeover of Widely Used Fire Safety OT/ICS Platform

The unpatched security vulnerabilities in Consilium Safety's CS5000 Fire Panel could create "serious safety issues" in environments where fire suppression and safety are paramount, according to a CISA advisory.

In the AI Race With China, Don't Forget About Security

The US needs to establish a clear framework to provide reasonable guardrails to protect its interests — the quicker, the better.

'Earth Lamia' Exploits Known SQL, RCE Bugs Across Asia

A "highly active" Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.

FBI Warns of Filipino Tech Company Running Sprawling Crypto Scams

The US Treasury said cryptocurrency investment schemes like the ones facilitated by Funnull Technology Inc. have cost Americans billions of dollars annually.

SentinelOne Reports Services Are Back Online After Global Outage

The outage reportedly hit 10 commercial customer consoles for SentinelOne's Singularity platform, including Singularity Endpoint, XDR, Cloud Security, Identity, Data Lake, RemoteOps, and more.

Zscaler's Buyout of Red Canary Shows Telemetry's Value

Red Canary's MDR portfolio complements Zscaler's purchase last year of Israeli startup Avalor, which automates collection, curation, and enrichment of security data.

LexisNexis Informs 360K+ Customers of Third-Party Data Leak

While the leak affected customer data, LexisNexis said in a notification letter that its products and systems were not compromised.

PumaBot Targets Linux Devices in Latest Botnet Campaign

While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated.

CISA Issues SOAR, SIEM Implementation Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC) recommend that organizations conduct thorough testing and manage costs, which can be hefty, before implementing the platforms.

'Haozi' Gang Sells Turnkey Phishing Tools to Amateurs

The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.

Hundreds of Web Apps Have Full Access to OneDrive Files

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.

Implementing Secure by Design Principles for AI

Harnessing AI's full transformative potential safely and securely requires more than an incremental enhancement of existing cybersecurity practices. A Secure by Design approach represents the best path forward.

MathWorks, Creator of MATLAB, Confirms Ransomware Attack

The attack dirsupted MathWorks' systems and online applications, but it remains unclear which ransomware group targeted the software company and whether they stole any data.

Danabot Takedown Deals Blow to Russian Cybercrime

A multiyear investigation by a public-private partnership has resulted in the seizure of the botnet's US-based infrastructure and indictments for its key players, significantly disrupting a vast cybercriminal enterprise.

CVE Uncertainty Underlines Importance of Cyber Resilience

Organizations need to broaden their strategy to manage vulnerabilities more effectively and strengthen network cyber resilience.

Russian Threat Actor TAG-110 Goes Phishing in Tajikistan

While Ukraine remains Russia's major target for cyberattacks, TAG-110 is part of a strategy to preserve "a post-Soviet sphere of influence" by embedding itself in other countries' infrastructures.

3am Ransomware Adopts Email Bombing, Vishing Combo Attack

The emerging threat group is the latest to adopt the combo attack tactic, which Black Basta and other groups already are using to gain initial access for ransomware deployment.

Blurring Lines Between Scattered Spider and Russian Cybercrime

The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider's ties to the Russian cybercrime underground.

CISA: Russia's Fancy Bear Targeting Logistics, IT Firms

The mission is to gather information that could help Russia in its war against Ukraine.

Pandas Galore: Chinese Hackers Boost Attacks in Latin America

Vixen Panda, Aquatic Panda — both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike.

Unimicron, Presto Attacks Mark Industrial Ransomware Surge

A number of major industrial organizations suffered ransomware attacks last quarter, such as PCB manufacturer Unimicron, appliance maker Presto, and more — a harbinger of a rapidly developing and diversifying threat landscape.

Coinbase Breach Compromises Nearly 70K Customers' Information

Coinbase asserts that this number is only a small fraction of the number of its verified users, though its still offering a $20 million reward to catch the criminals.

Fake Kling AI Malvertisements Lure Victims With False Promises

Researchers noted that they found several similar websites, two of which are still operating and require the same kind of behavior on behalf of the victim.

Virgin Media 02 Vuln Exposes Call Recipient Location

A hacker exploiting the security flaw in the mobile provider's network could have potentially located a call recipient with accuracy of up to 100 square meters.

Tenable Adds Third-Party Connectors to Exposure Management Platform

TenableOne now pulls in data from AWS, Microsoft, and competitors to provide a holistic security view of the organization's attack surface.

Regeneron Pledges Privacy Protection in $256M Bid for 23andMe

Regeneron's acquisition of 23andMe raises significant privacy concerns as experts warn about the lack of comprehensive federal regulations governing the transfer of genetic information.

Why Rigid Security Programs Keep Failing

Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.

'Operation RoundPress' Targets Ukraine in XSS Webmail Attacks

A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities.

Legal Aid Agency Warns Lawyers, Defendants on Data Breach

The online service has since been shut down as the agency grapples with the cyberattack, though it assures the public that those most in need of legal assistance will still be able to access help.

CVE Disruption Threatens Foundations of Defensive Security

If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.