Ribbon Communications Breach Marks Latest Telecom Attack

The US telecom company disclosed that suspected nation-state actors first gained access to its network in December of last year, though it's unclear if attackers obtained sensitive data.

Cyber's Role in the Rapid Rise of Digital Authoritarianism

Dark Reading Confidential Episode 11: Enterprise cyber teams are in prime position to push back against our current "Golden Age of Surveillance," according to our guests Ronald Deibert from Citizen Lab and David Greene from the EFF.

LotL Attack Hides Malware in Windows Native AI Stack

Security programs trust AI data files, but they shouldn't: they can conceal malware more stealthily than most file types.

The AI Trust Paradox: Why Security Teams Fear Automated Remediation

Security teams invest in AI for automated remediation but hesitate to trust it fully due to fears of unintended consequences and lack of transparency.

AI Search Tools Easily Fooled by Fake Content

New research shows AI crawlers like Perplexity, Atlas, and ChatGPT are surprisingly easy to fool.

Dentsu Subsidiary Breached, Employee Data Stolen

A subsidiary of Japanese marketing and PR giant Dentsu lost sensitive data to unidentified threat actors, the parent company said.

Microsoft Security Change for Azure VMs Creates Pitfalls

Firms using Azure infrastructure gained a reprieve from a security-focused switch that could have broken apps that relied on public Internet access.

From Power Users to Protective Stewards: How to Tune Security Training for Specialized Employees

How the best security training programs build strong security culture by focusing on high-risk groups like developers, executives, finance pros and more.

Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa

Africa becomes a proving ground for AI-driven phishing, deepfakes, and impersonation, with attackers testing techniques against governments and enterprises.

From Chef to CISO: An Empathy-First Approach to Cybersecurity Leadership

Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership.

Oracle EBS Attack Victims May Be More Numerous Than Expected

Numerous organizations have been attacked via Oracle EBS zero-day CVE-2025-61882, and evidence suggests more like Schneider Electric could be on that list.

Attackers Sell Turnkey Remote Access Trojan 'Atroposia'

Atroposia, a new RAT malware, offers low-level cybercriminal affiliates the ability to utilize sophisticated stealth and persistence capabilities.

'Jingle Thief' Highlights Retail Cyber Threats

A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season.

Memento Spyware Tied to Chrome Zero-Day Attacks

While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team.

CISOs Finally Get a Seat at the Board's Table — But There's a Catch

AI's explosive growth has lifted cybersecurity to the top of the board's agenda. Here's how CISOs can seize the moment, according to Diana Kelley.

Qilin Targets Windows Hosts With Linux-Based Ransomware

The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats.

How CISA Layoffs Weaken Civilian Cyber Defense

Cyber teams need to get to work backfilling diminishing federal resources, according to Alexander Garcia-Tobar, who shares clear steps on a path forward for protecting enterprises with less CISA help.

Shutdown Sparks 85% Increase in US Government Cyberattacks

Attackers are pouncing on financially strapped US government agencies and furloughed employees. And the effects of this period might be felt for a long time hereafter.

US Crypto Bust Offers Hope in Battle Against Cybercrime Syndicates

A $14 billion seizure by US investigators presents a warning for cybercriminals' reliance on bitcoin but is still a positive development for the cryptocurrency industry.

Tired of Unpaid Toll Texts? Blame the 'Smishing Triad'

Chinese smishers — the bane of every American with a phone — have been shifting to lower-frequency, possibly higher-impact government impersonation attacks.

Asian Nations Ramp Up Pressure on Cybercrime 'Scam Factories'

After a particularly gruesome murder, South Korea issues "code black" travel ban for several regions in Cambodia, while other nations urge more raids.

Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl

Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.

WhatsApp Secures Ban on NSO Group After 6-Year Legal Battle

NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.

MuddyWater Targets 100+ Gov Entities in MEA with Phoenix Backdoor

The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros.

Verizon: Mobile Blindspot Leads to Needless Data Breaches

People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.

Electronic Warfare Puts Commercial GPS Users on Notice

Interference with the global positioning system (GPS) isn't just a problem for airlines, but for shipping, trucking, car navigation, agriculture, and even the financial sector.

Self-Propagating GlassWorm Attacks VS Code Supply Chain

The sophisticated worm — which uses invisible code to steal credentials and turn developer systems into criminal proxies — has so far infected nearly 36k machines.

Flawed Vendor Guidance Exposes Enterprises to Avoidable Risk

Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues.

Cyber Academy Founder Champions Digital Safety for All

Aliyu Ibrahim Usman, founder of the Cyber Cadet Academy in Nigeria, shares his passion for raising cybersecurity awareness in the wake of mounting security concerns worldwide.

Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates

Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks.

AI Agent Security: Whose Responsibility Is It?

The shared responsibility model of data security, familiar from cloud deployments, is key to agentic services, but cybersecurity teams and corporate users often struggle with awareness and managing that risk.

AI Chat Data Is History’s Most Thorough Record of Enterprise Secrets, Secure it Wisely

AI interactions are becoming one of the most revealing records of human thinking; and we're only beginning to understand what that means for law enforcement, accountability, and privacy.

Cyberattackers Target LastPass, Top Password Managers

Be aware: a rash of phishing campaigns are leveraging the anxiety and trust employees have in password vaults securing all of their credentials.

Leaks in Microsoft VS Code Marketplace Put Supply Chain at Risk

Researchers discovered more than 550 unique secrets exposed in Visual Studio Code marketplaces, prompting Microsoft to bolster security measures.

China Hackers Test AI-Optimized Attack Chains in Taiwan

AI might help some threat actors in certain respects, but one group is proving that its use for cyberattacks has its limits.

LevelBlue Announces Plans to Acquire XDR Provider Cybereason

The deal, which builds on LevelBlue’s recent acquisition of Trustwave and Aon, aims to provide customers with a broad portfolio of extended detection and response (XDR), managed detection and response (MDR), and forensic services.

'Mysterious Elephant' Moves Beyond Recycled Malware

The cyber-espionage group has been using sophisticated custom tools to target government and diplomatic entities in South Asia since early 2025.

F5 BIG-IP Environment Breached by Nation-State Actor

F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information.

Africa Remains Top Global Target, Even as Attacks Decline

Organizations across the continent saw 10% fewer attacks in September, but Africa remains the most attacked region in the world, leading the Global South.

Microsoft Drops Terrifyingly Large October Patch Update

October 2025's enormous Patch Tuesday offers plenty of nightmares for admins, including actively exploited zero-days and insidious high-severity privilege-escalation bugs — and it spells curtains for Windows 10 updates.

China's Flax Typhoon Turns Geo-Mapping Server into a Backdoor

Chinese APT threat actors compromised an organization's ArcGIS server, modifying the widely used geospatial mapping software for stealth access.

Pixnapping Attack Lets Attackers Steal 2FA on Android

The proof-of-concept exploit allows an attacker to steal sensitive data from Gmail, Google Accounts, Google Authenticator, Google Maps, Signal, and Venmo.

Financial, Other Industries Urged to Prepare for Quantum Computers

Despite daunting technical challenges, a quantum computer capable of breaking public-key encryption systems may only be a decade or two off.

Critical infrastructure CISOs Can't Ignore 'Back-Office Clutter' Data

OT and ICS systems indeed hold the crown jewels of critical infrastructure organizations, but unmonitored data sprawl is proving to be pure gold for increasingly brazen nation-state threat actors like Volt Typhoon, Pearce argues.

Generation AI: Why Today's Tech Graduates Are At a Disadvantage

With artificial intelligence supplanting entry-level security jobs, new cyber professionals will have to up their game to stay competitive in the industry.

The Fight Against Ransomware Heats Up on the Factory Floor

Ransomware gangs continue to set their sights on the manufacturing industry, but companies are taking steps to protect themselves, starting with implementing timely patch management protocols.

RondoDox Botnet: an 'Exploit Shotgun' for Edge Vulns

RondoDox takes a hit-and-run, shotgun approach to exploiting bugs in consumer edge devices around the world.

Microsoft Adds Agentic AI Capabilities to Sentinel

Microsoft previewed the Sentinel security graph and MCP server at its annual Microsoft Secure virtual event earlier this month.

Feds Shutter ShinyHunters Salesforce Extortion Site

The group warned that law-enforcement crackdowns are imminent in the wake of the takedown, but its extortion threats against Salesforce victims remain active.

Deepfake Awareness High at Orgs, But Cyber Defenses Badly Lag

The vast majority of organizations are encountering AI-augmented threats, but remain confident in their defenses, despite inadequate detection investment and more than half falling to successful attacks.

Commentary Section Launches New, More Opinionated Era

Dark Reading is looking for leading industry experts with a point of view they want to share with the rest of the cybersecurity community for our new Commentary section.

GitHub Copilot 'CamoLeak' AI Attack Exfiltrates Data

While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot.

SonicWall: 100% of Firewall Backups Were Breached

SonicWall said a breach it disclosed last month affected firewall configuration files for all customers who have used SonicWall’s cloud backup service — up from its previous 5% estimate.

Red Hat Hackers Team Up With Scattered Lapsus$ Hunters

Crimson Collective, which recently breached the GitLab instance of Red Hat Consulting, has teamed up with the notorious cybercriminal collective.

LockBit, Qilin & DragonForce Join Forces in Ransomware 'Cartel'

The three extortion gangs also invited other e-crime attackers to join their collaboration to share attack information and resources, in the wake of LockBit 5.0 being released.

Figma MCP Server Opens Orgs to Agentic AI Compromise

Patch now: A bug (CVE-2025-53967) in the popular Web design tool's option for talking to agentic AI can lead to remote code execution (RCE).

Cyberattack Leads to Beer Shortage as Asahi Recovers

A ransomware last week left the Asahi brewery in Japan struggling to take orders and deliver its products domestically, as manufacturers become a favored target.

Attackers Season Spam With a Touch of 'Salt'

Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms.

Security Concerns Shadow Vibe Coding Adoption

In a recent poll, readers shared how they're using vibe coding in AppDev (if they are at all). While some found success, others found the risks too great.

Medusa Ransomware Actors Exploit Critical Fortra GoAnywhere Flaw

Researchers say exploitation of CVE-2025-10035 requires a private key, and it's unclear how Storm-1175 threat actors pulled this off.

Patch Now: ‘RediShell’ Threatens Cloud Via Redis RCE

A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed.

Cyberattackers Exploit Zimbra Zero-Day Via ICS

A threat actor purporting to be from the Libyan Navy's Office of Protocol targeted Brazil's military earlier this year using the rare tactic.

Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw

The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability.

Self-Propagating Malware Hits WhatsApp Users in Brazil

The enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud financial institutions in the region.

Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage

Dutch Prime Minister Dick Schoof described the incident as part of a broader pattern of Russian hybrid attacks against Europe.

BCI: The Thing of Nightmare or Dreams?

Brain computer interface technology looks to provide users with hands-free device control, but could security ever keep up with the risks?

Microsoft's Voice Clone Becomes Scary & Unsalvageable

An attacker's dream: Windows Speak for Me could integrate into apps, creating perfect voice replicas for Teams calls and AI agent interactions across multiple SaaS platforms.

There Are More CVEs, But Cyber Insurers Aren't Altering Policies

With nearly 47,000 CVEs expected by the end of the year, organizations must balance comprehensive vulnerability management with strategic cyber insurance policy selection to effectively navigate this rapidly evolving threat landscape.

'Confucius' Cyberspy Evolves From Stealers to Backdoors in Pakistan

The long-running South Asian advanced persistent threat (APT) group is advancing its objectives against Pakistani targets, with a shift to deploying Python-based surveillance malware.

Android Spyware in the UAE Masquerades as ... Spyware

In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app.

Shutdown Threatens US Intel Sharing, Cyber Defense

Lapse of critical information sharing and mass furloughs at CISA are just some of the concerns.