Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.

GlassWorm Malware Returns to Shatter Developer Ecosystems

The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims with infostealer infections.

8-Minute Access: AI Accelerates Breach of AWS Environment

The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges.

Dark Patterns Undermine Security One Click at a Time

People trust organizations to do the right thing, but websites’ and apps’ dark patterns pose a hidden threat that can lead to inadequate security behaviors.

County Pays $600K to Wrongfully Jailed Pen Testers

Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises.

Chinese Hackers Hijack Notepad++ Updates for 6 Months

State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.

ShinyHunters Expands Scope of SaaS Extortion Attacks

Following its attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.

Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation

Investors poured $140 million into Torq's Series D Round, bringing the startup's valuation to $1.2 billion, to bring AI-based "hyper automation" to SOCs.

Out-of-the-Box Expectations for 2026 Reveal a Grab-Bag of Risk

Security teams need to be thinking about this list of emerging cybersecurity realities, to avoid rolling the dice on enterprise security risks (and opportunities).

Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure

The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools.

OpenClaw AI Runs Wild in Business Environments

The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users' computers.

From Quantum to AI Risks: Preparing for Cybersecurity's Future

As 2026 begins, these journalists urge the cybersecurity industry to prioritize patching vulnerabilities, preparing for quantum threats, and refining AI applications, in the latest edition of Reporters' Notebook.

More Critical Flaws on n8n Could Compromise Customer Security

A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials.

'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4

If an attacker splits a malicious prompt into discrete chunks, some large language models (LLMs) will get lost in the details and miss the true intent.

Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest

Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July.

Consumers Reluctant to Shop at Stores That Don't Take Security Seriously

The retail sector must adapt as consumers become more cybersecurity-conscious. Increased attack transparency is a good place to start.

Fortinet Confirms New Zero-Day Behind Malicious SSO Logins

To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication for all devices.

China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks

In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government entities with new backdoors.

Critical Telnet Server Flaw Exposes Forgotten Attack Surface

While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access.

'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector

The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.

Hand CVE Over to the Private Sector

How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.

Sandworm Blamed for Wiper Attack on Poland Power Grid

Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.

Dark Reading Confidential: Reviving the Hacker Ethos That Built Cybersecurity

Dark Reading Confidential Episode 14: How curious, ethical problem-solving can continue to serve as a guiding principle for an evolving cybersecurity sector.

DPRK's Konni Targets Blockchain Developers With AI-Generated Backdoor

The North Korean threat group is using a new PowerShell backdoor to compromise development environments and target cryptocurrency holdings, according to researchers.

2025 Was a Wake-Up Call to Protect Human Decisions, Not Just Systems

Cybersecurity must shift from solely protecting systems to safeguarding human decision-making under uncertainty and system failures.

Europe's GCVE Raises Concerns Over Fragmentation in Vulnerability Databases

GCVE would enhance global collaboration, flexibility, and efficiency in tracking security flaws. Duplicate entries and a decentralization policy may create more chaos for defenders.

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.

Dark Reading Confidential: Reviving the Hacker Ethos That Built Cybersecurity

Dark Reading Confidential Episode 14: How curious, ethical problem solving can continue to serve as a guiding principle for an evolving cybersecurity sector.

Healthy Security Cultures Thrive on Risk Reporting

The signs of an effective security culture are shifting as companies call on CISOs and security teams to raise their hands unabashedly.

Risky Chinese Electric Buses Spark Aussie Gov't Review

Deployed across Australia and Europe, China's electric buses are vulnerable to cybercriminals and sport a virtual kill switch the Chinese state could activate.

Fortinet Firewalls Hit With Malicious Configuration Changes

Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files.

From a Whisper to a Scream: Europe Frets About Overreliance on US Tech

Concern is growing across Europe about relying on US cybersecurity companies, and Greenland takeover talk is eroding trust across the EU even further.

DPRK Actors Deploy VS Code Tunnels for Remote Hacking

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection.

AI Agents Undermine Progress in Browser Security

Web browser companies have put in substantial effort over the last three decades to strengthen the browser security stack to withstand abuses. Agentic browsers are undoing all that work.

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no other user interaction.

Phishing Campaign Zeroes in on LastPass Customers

The bait incudes plausible subject lines and credible messages, most likely thanks to attackers' use of large language models to craft them.

'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed

Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors.

'CrashFix' Scam Crashes Browsers, Delivers Malware

The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT.

Mass Spam Attacks Leverage Zendesk Instances

The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.

Vulnerabilities Threaten to Break Chainlit AI Framework

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.

Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers

Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities.

ChatGPT Health Raises Big Security, Safety Concerns

ChatGPT Health promises robust data protection, but elements of the rollout raise big questions regarding user security and safety.

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.

CISOs Rise to Prominence: Security Leaders Join the Executive Suite

Security professionals are moving on up the executive ranks as enterprises face rising regulatory and compliance standards.

AI System Reduces Attack Reconstruction Time From Weeks to Hours

Pacific Northwest National Labs' expert cybersecurity system, ALOHA, can recreate attacks and test them against organizations' infrastructure to bolster defense.

Winter Olympics Could Share Podium With Cyberattackers

The upcoming Winter Games in the Italian Alps are attracting both hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the attending glitterati.

Microsoft Disrupts Cybercrime Service RedVDS

RedVDS, a cybercrime-as-a-service operation that has stolen millions from victims, lost two domains to a law enforcement operation supported by Microsoft.

Retail, Services Industries Under Fire in Oceania

Last year in Australia, New Zealand, and the South Pacific, Main Street businesses like retail and construction suffered more cyberattacks than their critical sector counterparts.

Secure Your Spot at RSAC 2026 Conference

'VoidLink' Malware Poses Advanced Threat to Linux Systems

Researchers discovered a modular, "cloud-first" framework that is feature-rich and designed to maintain stealthy, long-term access to Linux environments.

CISO Succession Crisis Highlights How Turnover Amplifies Security Risks

When cybersecurity leadership turns over too fast, risk does not reset. It compounds.

'Most Severe AI Vulnerability to Date' Hits ServiceNow

ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.

Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

The vendor's first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.

Shadow#Reactor Uses Text Files to Deliver Remcos RAT

Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools and rely on the target's own utilities.

GoBruteforcer Botnet Targets 50K-plus Linux Servers

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.

FBI Flags Quishing Attacks From North Korean APT

A state-sponsored threat group tracked as "Kimsuky" sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions.

Hexnode Moves into Endpoint Security With Hexnode XDR

Two Separate Campaigns Target Exposed LLM Services

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations' use of AI and map an expanding attack surface.

Deepfake Fraud Tools Are Lagging Behind Expectations

Deepfakes are becoming more realistic and more popular. Luckily, defenders are still ahead in the arms race.

Illicit Crypto Economy Surges as Nation-States Join in the Fray

Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump.

Maximum Severity HPE OneView Flaw Exploited in the Wild

Exploitation of CVE-2025-37164 can enable remote code execution on HPE's IT infrastructure management platform, leading to devastating consequences.

Fake AI Chrome Extensions Steal 900K Users' Data

Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before sending it to a C2 server.

ChatGPT's Memory Feature Supercharges Prompt Injection

The "ZombieAgent" exploit makes use of ChatGPT's long-term memory and advanced capabilities.

Here's What Cloud Security's Future Holds for the Year Ahead

Here are the top cloud security trends I'm seeing in my crystal ball for the New Year — particularly arming us for AI adoption.

Phishers Exploit Office 365 Users Who Let Their Guard Down

Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.

Lack of MFA is Common Thread in Vast Cloud Credential Heist

An emerging threat actor that goes by "Zestix" used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises.

Cyberattacks Likely Part of Military Operation in Venezuela

Cyber's role in the US raid on Venezuela remains a question, though President Trump alluded to "certain expertise" in shutting down the power grid in Caracas.

Scattered Lapsus$ Hunters Snared in Cyber Researcher Honeypot

Scattered Lapsus$ Hunters, also known as ShinyHunters, were drawn in using a realistic, yet mostly fake, dataset.

Startup Trends Shaking Up Browsers, SOC Automation, AppSec

In 2025, these startups have reimagined browser security, pioneered application security for AI-generated code, and are building consensus on agentic vs. human costs.

Critical 'MongoBleed' Bug Under Active Attack, Patch Now

A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.

US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity

Two US citizens pleaded guilty to working as ALPHV/BlackCat ransomware affiliates in 2023, and both were previously employed by prominent security firms.

When the Cloud Rains on Everyone's IoT Parade

What happens to all of those always-connected devices when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.

RondoDox Botnet Expands Scope With React2Shell Exploitation

Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises.

CTO New Year Resolutions for a More Secure 2026

From securing MCPs and supply chain defenses to formal AI and quantum governance, experts share their wish lists for cyber safety in 2026.