'Earth Lamia' Exploits Known SQL, RCE Bugs Across Asia

A "highly active" Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.

FBI Warns of Filipino Tech Company Running Sprawling Crypto Scams

The US Treasury said cryptocurrency investment schemes like the ones facilitated by Funnull Technology Inc. have cost Americans billions of dollars annually.

SentinelOne Reports Services Are Back Online After Global Outage

The outage reportedly hit 10 commercial customer consoles for SentinelOne's Singularity platform, including Singularity Endpoint, XDR, Cloud Security, Identity, Data Lake, RemoteOps, and more.

Zscaler's Buyout of Red Canary Shows Telemetry's Value

Red Canary's MDR portfolio complements Zscaler's purchase last year of Israeli startup Avalor, which automates collection, curation, and enrichment of security data.

LexisNexis Informs 360K+ Customers of Third-Party Data Leak

While the leak affected customer data, LexisNexis said in a notification letter that its products and systems were not compromised.

PumaBot Targets Linux Devices in Latest Botnet Campaign

While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated.

CISA Issues SOAR, SIEM Implementation Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) and Australian Cyber Security Centre (ACSC) recommend that organizations conduct thorough testing and manage costs, which can be hefty, before implementing the platforms.

'Haozi' Gang Sells Turnkey Phishing Tools to Amateurs

The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.

Hundreds of Web Apps Have Full Access to OneDrive Files

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.

Implementing Secure by Design Principles for AI

Harnessing AI's full transformative potential safely and securely requires more than an incremental enhancement of existing cybersecurity practices. A Secure by Design approach represents the best path forward.

MathWorks, Creator of MATLAB, Confirms Ransomware Attack

The attack dirsupted MathWorks' systems and online applications, but it remains unclear which ransomware group targeted the software company and whether they stole any data.

Danabot Takedown Deals Blow to Russian Cybercrime

A multiyear investigation by a public-private partnership has resulted in the seizure of the botnet's US-based infrastructure and indictments for its key players, significantly disrupting a vast cybercriminal enterprise.

CVE Uncertainty Underlines Importance of Cyber Resilience

Organizations need to broaden their strategy to manage vulnerabilities more effectively and strengthen network cyber resilience.

Russian Threat Actor TAG-110 Goes Phishing in Tajikistan

While Ukraine remains Russia's major target for cyberattacks, TAG-110 is part of a strategy to preserve "a post-Soviet sphere of influence" by embedding itself in other countries' infrastructures.

3am Ransomware Adopts Email Bombing, Vishing Combo Attack

The emerging threat group is the latest to adopt the combo attack tactic, which Black Basta and other groups already are using to gain initial access for ransomware deployment.

Blurring Lines Between Scattered Spider and Russian Cybercrime

The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider's ties to the Russian cybercrime underground.

CISA: Russia's Fancy Bear Targeting Logistics, IT Firms

The mission is to gather information that could help Russia in its war against Ukraine.

Pandas Galore: Chinese Hackers Boost Attacks in Latin America

Vixen Panda, Aquatic Panda — both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike.

Unimicron, Presto Attacks Mark Industrial Ransomware Surge

A number of major industrial organizations suffered ransomware attacks last quarter, such as PCB manufacturer Unimicron, appliance maker Presto, and more — a harbinger of a rapidly developing and diversifying threat landscape.

Coinbase Breach Compromises Nearly 70K Customers' Information

Coinbase asserts that this number is only a small fraction of the number of its verified users, though its still offering a $20 million reward to catch the criminals.

Fake Kling AI Malvertisements Lure Victims With False Promises

Researchers noted that they found several similar websites, two of which are still operating and require the same kind of behavior on behalf of the victim.

Virgin Media 02 Vuln Exposes Call Recipient Location

A hacker exploiting the security flaw in the mobile provider's network could have potentially located a call recipient with accuracy of up to 100 square meters.

Tenable Adds Third-Party Connectors to Exposure Management Platform

TenableOne now pulls in data from AWS, Microsoft, and competitors to provide a holistic security view of the organization's attack surface.

Regeneron Pledges Privacy Protection in $256M Bid for 23andMe

Regeneron's acquisition of 23andMe raises significant privacy concerns as experts warn about the lack of comprehensive federal regulations governing the transfer of genetic information.

Why Rigid Security Programs Keep Failing

Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.

'Operation RoundPress' Targets Ukraine in XSS Webmail Attacks

A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities.

Legal Aid Agency Warns Lawyers, Defendants on Data Breach

The online service has since been shut down as the agency grapples with the cyberattack, though it assures the public that those most in need of legal assistance will still be able to access help.

CVE Disruption Threatens Foundations of Defensive Security

If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.

Australian Human Rights Commission Leaks Docs in Data Breach

An internal error led to public disclosure of reams of sensitive data that could be co-opted for follow-on cyberattacks.

Attacker Specialization Puts Threat Modeling on Defensive

Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.

Big Steelmaker Halts Operations After Cyber Incident

Nucor made it clear its investigation is still in the early stages and didn't specify the nature or scope of the breach, nor who the threat actor might be.

International Crime Rings Defraud US Gov't Out of Billions

Fraudsters worldwide apply for money from the US government using stolen and forged identities, making off with hundreds of billions of dollars annually.

Attackers Target Samsung MagicINFO Server Bug, Patch Now

CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.

Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks

As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.

Using a Calculator to Take Guesswork Out of Measuring Cyber-Risk

Organizations face the complex challenge of accurately measuring their cyber-risk across multiple variables. Resilience's risk calculator tool can help organizations measure their cyber-risk based on their own factors so that they can make informed decisions about their security posture.

AI Agents May Have a Memory Problem

A new study by researchers at Princeton University and Sentient shows it's surprisingly easy to trigger malicious behavior from AI agents by implanting fake "memories" into the data they rely on for making decisions.

Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack

The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against "a very limited number of customers" — for now — and stem from open source libraries.

Chinese Actor Hit Taiwanese Drone Makers, Supply Chains

Tidrone concentrated on military entities and the satellite sector, using their associated service providers and ERP software to infect not just drones but all the entities that are part of their supply chains.

What Does EU's Bug Database Mean for Vulnerability Tracking?

The EU cyber agency ENISA has launched its vulnerability database, the EUVD; security experts shared their thoughts regarding what this means for CVEs, as well as the larger conversation around how bugs are tracked.

CISA Warns of TeleMessage Vuln Despite Low CVSS Score

Though the app claims to use end-to-end encryption, hackers have reportedly accessed archived data on the app's servers via a new vulnerability.

North Korea's TA406 Targets Ukraine for Intel

The threat group's goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more.

Attackers Lace Fake Generative AI Tools With 'Noodlophile' Malware

Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim's computer.

4 Hackers Arrested After Millions Made in Global Botnet Business

The cybercriminals infected older wireless Internet routers with Anyproxy and 5socks malware in order to reconfigure them — all without the users' knowledge.

Can Cybersecurity Keep Up In the AI Arms Race?

New research shows China is quickly catching up with the US in AI innovation. Experts weigh in on what it means for cyber defenders.

Vulnerability Detection Tops Agentic AI at RSAC's Startup Competition

Agentic-native startups threaten to reduce the zero-day problem to just a zero-hour issue. Of course, AI agents will accelerate offensive attacks as well.

New UK Security Guidelines Aims to Reshape Software Development

The voluntary Software Security Code of Practice is the latest initiative to come out of the United Kingdom to boost best practices in application security and software development.

After Pahalgam Attack, Hacktivists Unite Under #OpIndia

Cybercriminals are flocking to take part in the newly inflamed fight between India and Pakistan.

LockBit Ransomware Gang Hacked, Operations Data Leaked

Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.

Cyber Then & Now: Inside a 2-Decade Industry Evolution

On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI.

Commvault: Vulnerability Patch Works as Intended

The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.

How Security Has Changed the Hacker Marketplace

Your ultimate goal shouldn't be security perfection — it should be making exploitation of your organization unprofitable.

SonicWall Issues Patch for Exploit Chain in SMA Devices

Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.

Email-Based Attacks Top Cyber-Insurance Claims

Cyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024.

Operation PowerOFF Takes Down 9 DDoS-for-Hire Domains

Four different countries, including the United States and Germany, were included in the latest international operation alongside Europol's support.

Meta Wins Lawsuit Against Spyware Vendor NSO Group

The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.

Play Ransomware Group Used Windows Zero-Day

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

'Bring Your Own Installer' Attack Targets SentinelOne EDR

Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.

Infrastructure as Code: An IaC Guide to Cloud Security

IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.

Researcher Says Patched Commvault Bug Still Exploitable

CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.

'Easily Exploitable' Langflow Vulnerability Requires Immediate Patching

The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.

The Dark Side of Digital: Breaking The Silence on Youth Mental Health

Industry experts at RSAC 2025 call for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about internet anonymity, mental health, and the growing disconnect between generations.

'Venom Spider' Targets Hiring Managers in Phishing Scheme

Researchers from Arctic Wolf Labs detailed a new spear-phishing campaign that targets hiring managers and recruiters by posing as a job seeker.

Phony Hacktivist Pleads Guilty to Disney Data Leak

After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists' rights and ensuring they receive fair compensation for their work.

How to Prevent AI Agents From Becoming the Bad Guys

When designed with strong governance principles, AI can drive innovation while maintaining the people's trust and security.

What NYDFS Rules Mean for Businesses (in and outside of NY)

Starting this month, finance companies operating in New York must implement a variety of protections against unauthorized access to IT systems.

Enterprises Need to Beware of These 5 Threats

A panelist of SANS Institute leaders detailed current threats and provided actionable steps for enterprises to consider.

SANS Top 5: Cyber Has Busted Out of the SOC

This year's top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI's capabilities.

Experts Debate Real ID Security Ahead of May 7 Deadline

Real IDs have been in the works since 2005. Are their security standards still rigorous enough in 2025?

Getting Outlook.com Ready for Bulk Email Compliance

Microsoft has set May 5 as the deadline for bulk email compliance. In this Tech Tip, we show how organizations can still make the deadline.