Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The April/May zero-day exploitations of Ivanti's mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT — and history will probably repeat itself.

Contrarians No More: AI Skepticism Is on the Rise

Concerns about an economic bubble bursting, along with doubts regarding return on investment, suggest the tide may be turning for the artificial intelligence industry.

Cybersecurity Predictions 2026: An AI Arms Race and Malware Autonomy

The year ahead will see an intensified AI-driven cybersecurity arms race, with attackers leveraging autonomous malware and advanced AI technologies to outpace defenders, while security teams adopt increasingly sophisticated AI tools to combat evolving threats amidst growing vendor consolidation and platformization in the industry.

New Tech Deployments Cyber Insurers Recommend for 2026

An analysis of cyber-insurance claims data shows which cyber defenses actually work for policyholders. Here are six technologies that will pay off for companies in 2026.

Dark Reading Confidential: Stop Secrets Creep Across Developer Platforms

Dark Reading Confidential Episode 13: Developers are exposing their organizations' most sensitive information; our guests explain why it's happening and how to stop it.

5 Threats That Defined Security in 2025

2025 included a number of monumental threats, from the global attacks of Salt Typhoon to dangerous vulnerabilities like React2Shell.

Mentorship and Diversity: Shaping the Next Generation of Cyber Experts

Patricia Voight, CISO at Webster Bank, shares her expertise on advancing cybersecurity careers, combating financial crimes, and championing diversity in a rapidly changing industry.

As More Coders Adopt AI Agents, Security Pitfalls Lurk in 2026

Developers are leaning more heavily on AI for code generation, but in 2026, the development pipeline and security need to be prioritized.

Dark Reading Opens The State of Application Security Survey

Take part in the new survey from Dark Reading and help uncover trends, challenges, and solutions shaping the future of application security.

ServiceNow Buys Armis for $7.75B, Gets 'AI Control Tower'

The latest cybersecurity acquisition will help further ServiceNow's plans for autonomous cybersecurity and building a security stack to proactively manage AI.

Sprawling 'Operation Sentinel' Neutralizes African Cybercrime Syndicates

Interpol said law enforcement across 19 countries made 574 arrests and recovered $3 million, against a backdrop of spiraling cybercrime in the region, including business email compromise, digital extortion, and ransomware schemes.

Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices

With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks.

Uzbek Users Under Attack by Android SMS Stealers

Telegram users in Uzbekistan are being targeted with Android SMS stealer malware, and what's worse, the attackers are improving their methods.

Cisco VPNs, Email Services Hit in Separate Threat Campaigns

The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart.

LongNosedGoblin Caught Snooping on Asian Governments

New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan.

Identity Fraud Among Home Care Workers Puts Patients at Risk

Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication.

A Good Year for North Korean Cybercriminals

North Korea shifted its strategy to patiently target "bigger fish" for larger payouts, using sophisticated methods to execute attacks at opportune times.

SonicWall Edge Access Devices Hit by Zero-Day Attacks

In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year.

"Fake Proof" and AI Slop Hobble Defenders

In the React2Shell saga, non-working and trivial proof-of-concept exploits led to confusion and perhaps a false sense of security. Can the onslaught of PoCs be tamed?

Critical Fortinet Flaws Under Active Attack

Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and other sensitive information.

In Cybersecurity, Claude Leaves Other LLMs in the Dust

Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.

'Cellik' Android RAT Leverages Google Play Store

The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.

Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation

Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.

Russia Hits Critical Orgs Via Misconfigured Edge Devices

Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector.

Browser Extension Harvests 8M Users' AI Chatbot Data

Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot and other AI assistants.

Enterprises Gear Up for 2026’s IT Transformation

Experts predict big changes are coming for IT infrastructure in 2026 driven by AI adoption, hybrid cloud strategies, and evolving security demands.

How Cyber Insurance MGAs Shape Policies for Evolving Cyber Risks

Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with.

Apple Patches More Zero-Days Used in 'Sophisticated' Attack

Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.

Think Like an Attacker: Cybersecurity Tips From Cato Networks' CISO

Etay Mayor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity.

Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files

A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.

Microsoft Will Bundle Security Copilot with M365 Enterprise Licenses

The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.

Are Trade Concerns Trumping US Cybersecurity?

The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.

Encouraging Industry Voices to Write for the Commentary Section

Dark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.

Hamas-Linked Hackers Probe Middle Eastern Diplomats

Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.

Attackers Exploited Gogs Zero-Day Flaw for Months

Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.

AI in OT Sparks Cascade of Complex Challenges

Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.

Copilot's No-Code AI Agents Liable to Leak Company Data

Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.

Storm-0249 Abuses EDR Processes in Stealthy Attacks

The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.

ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery

A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' computers.

Japanese Firms Suffer Long Tail of Ransomware Damage

Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.

Microsoft Fixes Exploited Zero Day in Light Patch Tuesday

Proof-of-concept exploit code is publicly available for two other flaws in this month's Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year.

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target.

Analysts Warn of Cybersecurity Risks in Humanoid Robots

Think "Blade Runner," but the robots can be hacked more easily than your home computer.

Gemini Enterprise No-Click Flaw Exposes Sensitive Data

Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information.

Exploitation Activity Ramps Up Against React2Shell

Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw.

US Treasury Tracks $4.5B in Ransom Payments since 2013

The US Treasury's Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time.

‘Broadside’ Mirai Variant Targets Maritime Logistics Sector

'Broadside' is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.

A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

When hiring a CISO, understand the key difference between engineering and holistic security leaders.

India Rolls Back App Mandate Amid Surveillance Concerns

Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn't a good idea.

CISOs Should Be Asking These Quantum Questions Today

As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.

How Agentic AI Can Boost Cyber Defense

Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference.

CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks

State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.

CISA Publishes Security Guidance for Using AI in OT

Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.

GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event

Arizona AG Sues Temu Over 'Stealing' User Data

The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.

New Raptor Framework Uses Agentic Workflows to Create Patches

Researchers utilized prompts and large language models to develop an open-source AI framework capable of generating both vulnerability exploits and patches.

China Researches Ways to Disrupt Satellite Internet

While satellite constellations — such as Starlink — are resilient, 2,000 drones could cut communications to a region the size of Taiwan, researchers find.

Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor

New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations.

Researchers Use Poetry to Jailbreak AI Models

When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase.

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.

Tomiris Unleashes 'Havoc' With New Tools, Tactics

The Russian-speaking group is targeting government and diplomatic entities in CIS member states and Central Asia in its latest cyber-espionage campaign.

CodeRED Emergency Alert Platform Shut Down Following Cyberattack

The Inc ransomware gang took responsibility for the attack earlier this month and claimed it stole sensitive subscriber data.

Police Disrupt 'Cryptomixer,' Seize Millions in Crypto

Multiple European law enforcement agencies recently disrupted Cryptomixer, a service allegedly used by cybercriminals to launder ill-gotten gains from ransomware and other cyber activities.

Shai-hulud 2.0 Variant Threatens Cloud Ecosystem

The latest attack from the self-replicating, npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure.