How Malware Authors Are Incorporating LLMs to Evade Detection

Cyberattackers are integrating large language models (LLMs) into the malware, running prompts at runtime to evade detection and augment their code on demand.

'Dark LLMs' Aid Petty Criminals, But Underwhelm Technically

As in the wider world, AI is not quite living up to the hype in the cyber underground. But it's definitely helping low-level cybercriminals do competent work.

DPRK's FlexibleFerret Tightens macOS Grip

The actor behind the "Contagious Interview" campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users.

Advanced Security Isn't Stopping Ancient Phishing Tactics

New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures.

As Gen Z Enters Cybersecurity, Jury Is Out on AI's Impact

Despite possibly supplanting some young analysts, one Gen Z cybersecurity specialist sees AI helping teach those willing to learn and removing drudge work.

Infamous Shai-hulud Worm Resurfaces From the Depths

This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said.

CISOs Get Real About Hiring in the Age of AI

Dark Reading Confidential Episode 12: Experts help cyber job seekers get noticed, make an argument for a need to return to the hacker ethos of a bygone era, and have a stark conversation about keeping AI from breaking the sector's talent pipeline for years to come.

Cloudflare's One-Stop-Shop Convenience Takes Down Global Digital Economy

Even the most advanced systems like Cloudflare can fall victim to software issues and become a global point of failure, Dr. David Utzke argues, adding that the recent outage should be a warning for enterprises.

Hack the Hackers: 6 Laws for Staying Ahead of the Attackers

A new security framework responds to a shift in attackers' tactics, one that allows them to infiltrate enterprises 'silently' through their own policies.

Inside Iran's Cyber Objectives: What Do They Want?

The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.

Chinese APT Infects Routers to Hijack Software Updates

A unique take on the software update gambit has allowed "PlushDaemon" to evade attention as it mostly targets Chinese organizations.

Same Old Security Problems: Cyber Training Still Fails Miserably

Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and phishing attacks.

‘Matrix Push’ C2 Tool Hijacks Browser Notifications

Have you ever given two seconds of thought to a browser notification? No? That's what hackers bent on phishing are counting on.

US Creates 'Strike Force' to Take Out SE Asian Scam Centers

The collaborative effort combines multiple federal departments, along with private companies to reduce, if not eliminate, billions lost annually to fraud.

The AI Attack Surface: How Agents Raise the Cyber Stakes

Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks.

Can a Global, Decentralized System Save CVE Data?

As vulnerabilities in the Common Vulnerabilities and Exposures ecosystem pile up, one Black Hat Europe presenter hopes for a global, distributed alternative.

Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam

A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.

Bug Bounty Programs Rise as Key Strategic Security Solutions

Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.

US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns

Four individuals admitted to assisting foreign IT workers in gaining employment at US companies by providing false identities and remote access to employer-owned laptops.

Cursor Issue Paves Way for Credential-Stealing Attacks

Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.

150,000 Packages Flood NPM Registry in Token Farming Campaign

A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz protocol.

Shadow Program Gives AWS Exec New Security Lens

Sara Duffer highlights the top lessons she brought back to her security role following three years in Amazon's shadow program.

Identity Governance and Administration, App Proliferation, and the App Integration Chasm

Most enterprises use more than 1,000 apps, according to ESG research, yet about half are integrated with IGA. Industry innovations enable teams to expand app coverage and get more IGA value.

How CISOs Can Best Work with CEOs and the Board: Lessons from the Field

To build an effective relationship with the CEO and the Board, CISOs must translate technical risks into business terms and position cybersecurity as a strategic business enabler rather than just a business function.

[Dark Reading Virtual Event] Cybersecurity Outlook 2026

Kenya Kicks Off 'Code Nation' With a Nod to Cybersecurity

The African country aims to train 1 million workers in tech skills in the short term, with a focus on software engineering, cybersecurity, and data science.

Google Looks to Dim 'Lighthouse' Phishing-as-a-Service Op

The phishing kit, run by a group known as the "Smishing Triad," has powered massive amounts of unpaid tolls and package tracking texts.

Microsoft Exchange 'Under Imminent Threat', Act Now

Threats against Microsoft Exchange continue to mount, but there are steps both organizations and Microsoft can take.

Phishing Tool Uses Smart Redirects to Bypass Detection

A campaign against Microsoft 365 users leverages Quantum Route Redirection, which simplifies previously technical attack steps and has affected victims across 90 countries.

Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs

Security teams may have a less burdensome rollout in November after October's Goliath Patch Tuesday, but shouldn't wait on a few top-priority fixes.

Grandparents to C-Suite: Elder Fraud Reveals Gaps in Human-Centered Cybersecurity

Cybercriminals are weaponizing AI voice cloning and publicly available data to craft social engineering scams that emotionally manipulate senior citizens—and drain billions from their savings.

Kimsuky APT Takes Over South Korean Androids, Abuses KakaoTalk

Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices.

Bridging the Skills Gap: How Military Veterans Are Strengthening Cybersecurity

From intelligence analysts to surface warfare officers, military veterans of all backgrounds are successfully pivoting to cybersecurity careers and strengthening the industry's defense capabilities.

GlassWorm Returns, Slices Back into VS Code Extensions

GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices around the world.

ClickFix Campaign Targets Hotels, Spurs Secondary Customer Attacks

Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch a phishing attacks against customers via both email and WhatsApp.

'Landfall' Malware Targeted Samsung Galaxy Users

The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices.

Microsoft Backs Massive AI Push in UAE, Raising Security Concerns

In partnership with Emirates tech company G42, Microsoft is building the first stage of a 5-gigawatt US-UAE AI campus using Nvidia GPUs.

Ollama, Nvidia Flaws Put AI Infrastructure at Risk

Security researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code execution.

Sora 2 Makes Videos So Believable, Reality Checks Are Required

Threat actors will continue to abuse deepfake technology to conduct fraudulent activity, so organizations need to implement strong security protocols – even if it adds to user friction.

SonicWall Firewall Backups Stolen by Nation-State Actor

The network security vendor said the MySonicWall breach was unrelated to the recent wave of Akira ransomware attacks targeting the company's devices.

Multiple ChatGPT Security Bugs Allow Rampant Data Theft

Attackers can use them to inject arbitrary prompts, exfiltrate personal user information, bypass safety mechanisms, and take other malicious actions.

APT 'Bronze Butler' Exploits Zero-Day to Root Japan Orgs

A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses.

Nikkei Suffers Breach Via Slack Compromise

The Japanese media giant said thousands of employee and business partners were impacted by an attack that compromised Slack account data and chat histories.

Elusive Iranian APT Phishes Influential US Policy Wonks

Iran is spying on American foreign policy influencers. But exactly which of its government's APTs is responsible remains a mystery.

Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users

The well-known North Korean threat group continues to improve the obfuscation and anti-analysis features of its attack toolchain.

Europe Sees Increase in Ransomware, Extortion Attacks

European organizations face an escalating cyber threat landscape as attackers leverage geopolitical tensions and AI-enhanced social engineering for attacks.

SesameOp Backdoor Uses OpenAI API for Covert C2

Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways.

Android Malware Mutes Alerts, Drains Crypto Wallets

Android/BankBot-YNRK is currently targeting users in Indonesia by masquerading as legitimate applications.

Hackers Weaponize Remote Tools to Hijack Cargo Freight

Researchers uncovered a new threat campaign in which attackers use RMM tools to steal physical cargo out of the supply chain.

‘TruffleNet’ Attack Wields Stolen Credentials Against AWS

Reconnaissance and BEC are among the malicious activities attackers commit after compromising cloud accounts, using a framework based on the TruffleHog tool.

Let's Get Physical: A New Convergence for Electrical Grid Security

The power grid is being attacked online and IRL. Increasingly, regulators and industry experts agree: Security teams need to focus on both cyber and physical threats, together.

AI Developed Code: 5 Critical Security Checkpoints for Human Oversight

To write secure code with LLMs developers must have the skills to use AI as a collaborative assistant rather than an autonomous tool, Madou argues.