Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups

Flashpoint published its 2025 midyear ransomware report that highlighted the top five most prolific groups currently in operation.

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

One of the most sophisticated supply chain attacks to date caused immense amounts of data to leak to the Web in a matter of hours.

Dark Reading Confidential: A Guided Tour of Today's Dark Web

Dark Reading Confidential Episode 9: Join us for a look around today's Dark Web, and find out how law enforcement, AI, nation-state activities, and more are reshaping the way cybercriminals conduct their dirty business online. Keith Jarvis, senior security researcher at Sophos' Counter Threat Unit joins Dark Reading's Alex Culafi for a conversation you don't want to miss.

'ZipLine' Phishers Flip Script as Victims Email First

"ZipLine" appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors.

China Hijacks Captive Portals to Spy on Asian Diplomats

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.

Google: Salesforce Attacks Stemmed From Third-Party App

A group tracked as UNC6395 engaged in "widespread data theft" via compromised OAuth tokens from a third-party app called Salesloft Drift.

Malicious Scanning Waves Slam Remote Desktop Services

Researchers say the huge spike of coordinated scanning for Microsoft RDP services could indicate the existence of a new, as-yet-undisclosed vulnerability.

Data I/O Becomes Latest Ransomware Attack Victim

The "incident" led to outages affecting a variety of the tech company's operations, though the full scope of the breach is unknown.

Hook Android Trojan Now Delivers Ransomware-Style Attacks

New features to take over smartphones and monitor user activity demonstrate the continued evolution of the malware, which is now being spread on GitHub.

Hackers Lay In Wait, Then Knocked Out Iran Ship Comms

Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list.

ClickFix Attack Tricks AI Summaries Into Pushing Malware

Because instructions appear to come from AI-generated content summaries and not an external source, the victim is more likely to follow them without suspicion.

Fast-Spreading, Complex Phishing Campaign Installs RATs

Attackers not only steal credentials but also can maintain long-term, persistent access to corporate networks through the global campaign.

Securing the Cloud in an Age of Escalating Cyber Threats

As threats intensify and cloud adoption expands, organizations must leave outdated security models behind.

Silk Typhoon Attacks North American Orgs in the Cloud

A Chinese APT is going where most APTs don't: deep into the cloud, compromising supply chains and deploying uncommon malware.

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds

Music tastes, location information, even encrypted messages — Apple's servers are gathering a "surprising" amount of personal data through Apple Intelligence, Lumia Security's Yoav Magid warns in his new analysis.

Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0'

The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds.

Why Video Game Anti-Cheat Systems Are a Cybersecurity Goldmine

Sam Collins and Marius Muench of the University of Birmingham, UK, join the Black Hat USA 2025 News Desk to explain how anti-cheat systems in video games provide valuable lessons on defending against threat actors' techniques and strategies.

Hackers Abuse VPS Infrastructure for Stealth, Speed

New research highlights how threat actors abuse legitimate virtual private server offerings in order to spin up infrastructure cheaply, quietly, and fast.

Tree of AST: A Bug-Hunting Framework Powered by LLMs

Teenaged security researchers Sasha Zyuzin and Ruikai Peng discuss how their new vulnerability discovery framework leverages LLMs to address limitations of the past.

FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw

In the past year, "Static Tundra," aka "Energetic Bear," has breached thousands of end-of-life Cisco devices unpatched against a 2018 flaw, in a campaign targeting enterprises and critical infrastructure.

Hacker Finds Flaws in McDonald’s Staff, Partner Hubs

Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up.

'RingReaper' Sneaks Right Past Linux EDRs

The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.

AI Agents Access Everything, Fall to Zero-Click Exploit

Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" —and what that means for cyber risk.

Millions Allegedly Affected in Allianz Insurance Breach

Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.

PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain

Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.

'DripDropper' Hackers Patch Their Own Exploit

An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.

Secure AI Use Without the Blind Spots

Why every company needs a clear, enforceable AI policy — now.

Noodlophile Stealer Hides Behind Bogus Copyright Complaints

Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures.

Workday Breach Likely Linked to ShinyHunters Salesforce Attacks

The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system, but did not gain access to customer information; only 'commonly available' business contact info was exposed.

Internet-wide Vulnerability Enables Giant DDoS Attacks

A good chunk of all websites today have been affected by the biggest DDoS risk on the Web since 2023.

Defending Against Cloud Threats Across Multicloud Environments

The vast majority of companies are using more than one cloud platform, yet struggle to establish and monitor security across different environments giving attackers an opening.

New Quantum-Safe Alliance Aims to Accelerate PQC Implementation

The new Quantum-Safe 360 Alliance will provide road maps, technology, and services to help organizations navigate the post-quantum cryptography transition before the 2030 deadline.

New Crypto24 Ransomware Attacks Bypass EDR

While several cybercrime groups have embraced "EDR killers," researchers say the deep knowledge and technical skills demonstrated by Crypto24 signify a dangerous escalation.

Colt Telecommunications Struggles in Wake of Cyber Incident

The UK telco said it temporarily took some systems offline as a "protective" measure in its investigation.

How Maclaren Racing Gets From the Browser to the Track

In a conversation with Dark Reading's Terry Sweeney, Dr. Lisa Jarman from McLaren Racing says cutting-edge innovation must coexist with rigorous security protocols.

Cybersecurity Spending Slows & Security Teams Shrink

Security budgets are lowest in healthcare, professional and business services, retail, and hospitality, but budget growth remained above 5% in financial services, insurance, and tech.

Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web

Dark Reading's Terry Sweeney and Google Cloud Security's Jason Kemmerer discuss how organizations can secure the modern workplace with zero trust browser protection for remote and hybrid teams.

Whispers of XZ Utils Backdoor Live on in Old Docker Images

Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," given the improbability they'd be exploited.

How an AI-Based 'Pen Tester' Became a Top Bug Hunter on HackerOne

AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform's US leaderboard.

Patch Now: Attackers Target OT Networks via Critical RCE Flaw

Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development.

What the LockBit 4.0 Leak Reveals About RaaS Groups

The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.

China Questions Security of AI Chips From Nvidia, AMD

The US banned the sale of AI chips to China and then backed off. Now, Chinese sources are calling on NVIDIA to prove its AI chips have no backdoors.

Elevation-of-Privilege Vulns Dominate Microsoft's Patch Tuesday

The company's August security update consisted of patches for 111 unique Common Vulnerabilities and Exposures (CVEs).

Black Hat NOC Expands AI Implementation Across Security Operations

Corelight's James Pope gave Dark Reading an inside look at this year's Black Hat Network Operations Center, detailing security challenges and rising trends — many related to increased AI use.

BlackSuit Ransomware Takes an Infrastructure Hit From Law Enforcement

A swarm of US agencies joined with international partners to take down servers and domains and seize more than $1 million associated with BlackSuit (Royal) ransomware operations, a group that has been a chronic, persistent threat against critical infrastructure.

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack

REvil affiliate Yaroslav Vasinskyi, who was convicted last year for his role in the 2021 Kaseya ransomware supply chain attack, said the Russian government was instrumental to the attack's execution.

Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours

Researchers paired the jailbreaking technique with storytelling in an attack flow that used no inappropriate language to guide the LLM into producing directions for making a Molotov cocktail.

Utilities, Factories at Risk From Encryption Holes in Industrial Protocol

The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways.

Will Secure AI Be the Hottest Career Path in Cybersecurity?

Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional demands.

860K Compromised in Columbia University Data Breach

While no data has yet to be misused, the university doesn't rule out the possibility of that occurring in the future, prompting it to warn affected individuals to remain vigilant in the wake of the breach.

BigID Launches Shadow AI Discovery to Uncover Rogue Models and Risky AI Data

PwC Announces Addition of Morgan Adamski to Leadership of Cyber, Data & Technology Risk Platform

Ransomware Attacks Fall by Almost Half in Q2

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.

Citizen Lab Founder Flags Rise of US Authoritarianism

Citizen Lab director and founder Ron Deibert explained how civil society is locked in "vicious cycle," and human rights are being abused as a result, covering Israeli spyware, the Khashoggi killing, and an erosion of democratic norms in the US.

Payback: 'ShinyHunters' Clocks Google via Salesforce

In 2024, it was Snowflake. In 2025, it's Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international megaliths like Google, Cisco, and Adidas.

Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults

Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.

'ReVault' Security Flaws Impact Millions of Dell Laptops

The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.

Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights

Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.

Pandora Confirms Third-Party Data Breach, Warns of Phishing Attempts

The jewelry retailer is warning customers that their data can and might be used maliciously.

Cisco User Data Stolen in Vishing Attack

The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including email addresses and phone numbers.

Google Chrome Enterprise: More Than an Access Point to the Web

In a conversation with Dark Reading's Terry Sweeney, Lauren Miskelly from Google explains that Chrome Enterprise is the same Chrome browser that consumers use, but with additional enterprise-grade controls, reporting capabilities, and administrative features.

Threat Actors Increasingly Leaning on GenAI Tools

From "eCrime" actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations.

42% of Developers Using AI Say Their Codebase is Now Mostly AI-Generated

Akira Ramps Up Assault on SonicWall Firewalls, Suggesting Zero-Day

An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation.

Turning Human Vulnerability Into Organizational Strength

Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.

What Is the Role of Provable Randomness in Cybersecurity?

Random numbers are the cornerstone of cryptographic security — cryptography depends on generating random keys. As organizations adopt quantum-resistant algorithms, it's equally important to examine the randomness underpinning them

Dark Reading News Desk Turns 10, Back at Black Hat USA for 2025

Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on the latest research from Black Hat — no trip to Las Vegas required.

ISC2 Launches New Security Certificate for AI Expertise

ISC2 is launching a 6-course certification program to address the growing demand for AI security expertise. Courses cover topics such as AI fundamentals, ethics, and risks.