Iran Hacktivists Make Noise but Have Little Impact on War

Iran-aligned groups are trying to make their mark in the Gulf, but the results have fallen short of remarkable.

How AI Coding Tools Crushed the Endpoint Security Fortress

Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have brought the walls down.

Ransomware's New Era: Moving at AI Speed

Threat actors bypass security tools and use AI to launch faster ransomware attacks that exploit valid credentials and target data

CISOs Debate Human Role in AI-Powered Security

The idea of a "human in the loop" in AI deployment was challenged during a security executive panel at the RSAC 2026 Conference this week.

Attackers Hide Infostealer in Copyright Infringement Notices

A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detection.

AI Dominates RSAC Innovation Sandbox

The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year.

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.

With Government's Role Uncertain, Businesses Unite to Combat Fraud

Major industry leaders agree to share information and collaborate to boost defenses in the wake of distressing online scams.

Native Launches With Security Control Plane for Multicloud

The cloud security startup's platform translates and enforces security policies across AWS, Azure, Google Cloud and Oracle using provider-native controls.

Post-Quantum Web Could be Safer, Faster

Major providers are testing a quantum-safe version of HTTPS that shrinks certificates to a tenth their previous size, decreasing latency and adding transparency.

AI Conundrum: Why MCP Security Can't Be Patched Away

MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says at RSAC 2026 Conference.

EU Sanctions Companies in China, Iran for Cyberattacks

Already sanctioned in the US and the UK, these rulings prohibit companies and a couple of principals from entering or doing business in the European Union.

C2 Implant 'SnappyClient' Targets Crypto Wallets

In addition to enabling remote access, the malware supports a wide range of capabilities including data theft and spying.

Clear Communication: The Missing Link in Cybersecurity Success

When technical expertise meets clear communication, cybersecurity teams thrive. Learn how to foster trust and collaboration across diverse working groups.

Meta, TikTok Steal Users' Sensitive PII When They Click on Ads

Tracking pixels let social media companies spy on their own customers when they click over to advertiser sites, gleaning credit card info, currency type, and more.

Less Lucrative Ransomware Market Makes Attackers Alter Methods

Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges.

Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish

The cyberattackers leveraged trusted brands and domains in an attempt to redirect a C-suite executive at Outpost24 to give up his credentials.

Warlock Ransomware Group Augments Post-Exploitation Activities

In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools.

China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years

Researchers uncovered an extensive cyberespionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets.

Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026

Discover how Franz Regul, former CISO for the Paris 2024 Olympics, tackled unique cybersecurity challenges to protect the Olympics from evolving threats.

Attackers Abuse LiveChat to Phish Credit Card, Personal Data

A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.

A Guy Who Wrote the Code Died in 2005. I Still Have to Secure It

The real frontline of American cybersecurity is a bidding war on eBay for 30-year-old industrial controllers.

Cyberattackers Don't Care About Good Causes

Sightline Security's founder and advisory board discuss how cybersecurity poses significant problems for nonprofits and suggest ways the industry can help.

Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos

The excitement around Cisco's latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked risks.

Delinea's StrongDM Acquisition Highlights the Changing Role of PAM

StrongDM, which injects ephemeral, real-time credentials into developer workflows, will enable Delinea to offer privilege access management across cloud, SaaS, Kubernetes, and database environments.

Commercial Spyware Opponents Fear US Policy Shifting

Rescinded sanctions and reactivated contracts have created confusion about the Trump administration's spyware policy and where it draws the line.

Why Stryker's Outage Is a Disaster Recovery Wake-Up Call

The Iranian cyberattack on Stryker is the kind of stress test that business continuity and disaster recovery programs often do not plan for.

INC Ransomware Group Holds Healthcare Hostage in Oceania

Government agencies, emergency clinics, and others in Australia, New Zealand, and Tonga have had serious run-ins with the prolific ransomware outfit.

Xygeni GitHub Action Compromised Via Tag Poison

Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.

Middle East Conflict Highlights Cloud Resilience Gaps

Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well.

Microsoft Patches 83 CVEs in March Update

For a change, there's little in this month's Patch Tuesday that should cause panic, according to security experts.

'Overly Permissive' Salesforce Cloud Configs in the Crosshairs

Some customers have mishandled guest user configurations otherwise intended to allow third-party access to important — and sensitive — client data.

Russian Threat Actor Sednit Resurfaces With Sophisticated Toolkit

After several years of using simple implants, the Russia-affiliated actor is back with two new sophisticated malware tools.

'BlackSanta' EDR Killer Targets HR Workflows

A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.

'InstallFix' Attacks Spread Fake Claude Code Sites

A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.

Are We Ready for Auto Remediation With Agentic AI?

With the rapid innovations in AI, we are entering an exciting era of automated risk remediation. Learn about security team readiness to leverage agentic AI for threat and exposure management.

Fig Security Emerges From Stealth to Fix Broken Security Operations

Fig Security's platform traces security data flows end-to-end across SIEMs, pipelines, and response systems to alert teams before infrastructure changes break critical defenses.

North Korean APTs Use AI to Enhance IT Worker Scams

DPRK worker scams are old hat, but they're still working, thanks to AI tools that help with everything from face swapping to daily emails.

Nation-State Actor Embraces AI Malware Assembly Line

Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.

Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform

The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical

Edge bugs are so fetch, and Cisco just dropped 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.

Software Development Practices Help Enterprises Tackle Real-Life Risks

Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error.

LatAm Now Faces 2x More Cyberattacks Than US

Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage.

VMware Aria Operations Bug Exploited, Cloud Resources at Risk

Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.

Stranger Things Meets Cybersecurity: Lessons from the Hive Mind

Events and concepts from the Stranger Things television series illustrate how enterprises can defend their networks and stay "right side up."

Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate

Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants. Here's his story.

Vehicle Tire Pressure Sensors Enable Silent Tracking

Like many other features and systems in modern cars, tire pressure sensors leak sensitive data that can be abused by threat actors.

Qualcomm Zero-Day Exploited in Targeted Android Attacks

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.

Speakeasies to Shadow AI: Banning AI Browsers Will Fail

Lessons from history highlight why AI-enabled browsers require controlled enablement.

As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks

Iran and its supporters have taken to cyberspace to retaliate for US-Israeli military action, with an aim to cause economic and physical disruption.

The Tug-of-War Over Firewall Backlogs in the AI-Driven Development Era

Speed and security are historically clashing priorities, but with AI and automation, it's increasingly important that application developers and security teams get on the same page.

Critical OpenClaw Vulnerability Exposes AI Agent Risks

The now-patched flaw is the latest in a growing string of security issues associated with the viral AI tool, which has seen rapid adoption among developers.

30 Alleged Members of 'The Com' Arrested in Project Compass

The global law enforcement crackdown, which began in January 2025, also identified nearly 180 members of the notorious cybercriminal collective.

Bug in Google's Gemini AI Panel Opens Door to Hijacking

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources.

Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy

Using AI to find security vulnerabilities holds significant promise, but the initial products fall short of the needs of enterprises and software developers, say experts.

Cities Hosting Major Events Need More Focus on Wireless, Drone Defense

Major events like the FIFA World Cup need to look beyond traditional physical and cyber security to active and passive wireless threats, say experts.

Cities Hosting Major Events Need More Focus on Wireless, Drone Defense

Major events like the FIFA World Cup need to look beyond traditional physical and cyber security to active and passive wireless threats, say experts.

The Case for Why Better Breach Transparency Matters

It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.

Claude Code Security Shows Promise, Not Perfection

Claude Code's introduction rippled across the stock market, but researchers and analysts say its impact was overstated, as they peel back the layers.

Cisco SD-WAN Zero-Day Under Exploitation for 3 Years

The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind.

PCI Council Says Threats to Payments Systems Are Speeding Up

The PCI Security Standards Council experienced a record year in many regards, but its first annual report shows it needs to work even faster to stay ahead of attackers.

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent access to infected machines.

'Richter Scale' Model Measures Magnitude of OT Cyber Incidents

ICS/OT experts have devised a scoring system for rating the severity and effects of cybersecurity events in operational technology environments.

Operation Red Card 2.0 Leads to 651 Arrests in Africa

In the latest operation targeting cybercrime groups, African law enforcement agencies cooperated with Interpol and cybersecurity firms to recover more than USD 4.3 million.

Attackers Now Need Just 29 Minutes to Own a Network

Credential misuse, AI tools, and security blind spots help attackers move through breached networks faster than ever, CrowdStrike finds.

Lazarus Group Picks a New Poison: Medusa Ransomware

The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks.

Spitting Cash: ATM Jackpotting Attacks Surged in 2025

The attacks cost banks more than $20 million in losses last year, as criminals used many of the same tools and tactics they have wielded for more than a decade.

600+ FortiGate Devices Hacked by AI-Armed Amateur

A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks.

Enigma Cipher Device Still Holds Secrets for Cyber Pros

The Nazi relic's history is riddled with resilience errors, and those lessons still apply to defending against modern cyber threats.

Attackers Use New Tool to Scan for React2Shell Exposure

Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.

Lessons From AI Hacking: Every Model, Every Layer Is Risky

After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities.

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA

A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites.

Abu Dhabi Finance Week Exposed VIP Passport Details

Unprotected cloud data sends the wrong signal at a time when the emirate's trying to attract investors and establish itself as a global financial center.

Connected and Compromised: When IoT Devices Turn Into Threats

Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.

Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto

A convincing presale site for phony "Google Coin" features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers.

Dell's Hard-Coded Flaw: A Nation-State Goldmine

A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.

A CISO's Playbook for Defending Data Assets Against AI Scraping

Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data harvesting.

Poland Energy Survives Attack on Wind, Solar Infrastructure

Russia-aligned groups are probable culprits behind the wiper attacks against renewable energy farms, a manufacturer, and a heating and power plant.

RMM Abuse Explodes as Hackers Ditch Malware

It's the path of lesser resistance, as remote monitoring and management (RMM) software offers stealth, persistence, and operational efficiency.

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

Operation DoppelBrand: Weaponizing Fortune 500 Brands

The GS7 cyberthreat group targets US financial institutions with near-perfect imitations of corporate portals to steal credentials and gain remote access.

260K+ Chrome Users Duped by Fake AI Browser Extensions

30 copycat apps tricked users, and Google itself, into thinking they're legitimate AI tools.

Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities

Zscaler's acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks are also investing in secure browser technologies.

AI Agents 'Swarm,' Security Complexity Follows Suit

As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface.

Those 'Summarize With AI' Buttons May Lying to You

Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull off.

Senegalese Data Breaches Expose Lack of 'Security Maturity'

Green Blood Group steals personal records and biometric data of the West African nation's nearly 20 million residents.

North Korea's UNC1069 Hammers Crypto Firms With AI

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix.

Automaker Secures the Supply Chain With Developer-Friendly Platform

How a platform engineering team embeds supply chain security into infrastructure without slowing developers.

How to Stay on Top of Future Threats With a Cutting-Edge SOC

CISOs should focus on harnessing and securing AI and building new skills among their people. Vision and change management can transform security.

Asia Fumbles With Throttling Back Telnet Traffic in Region

Only Taiwan made the top 10 list of governments, effectively blocking the threat-ridden protocol, but overall the region lagged in curbing Telnet traffic.

In Bypassing MFA, ZeroDayRAT Is 'Textbook Stalkerware'

With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineering.

Microsoft Patches 6 Actively Exploited Zero-Days

Three of those zero-days are security feature bypass flaws, which give attackers a way to slip past built-in protections in multiple Microsoft products.

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs

The ransomware group breached SmarterTools through a vulnerability in the company's own SmarterMail product.

[Virtual Event] Shields Up: Key Technologies Reshaping Cybersecurity Defenses

Black Basta Bundles BYOVD With Ransomware Payload

Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta's ransomware, illustrating the increasing popularity of the defense-evasion technique.

"Encrypt It Already" Campaign Pushes Big Tech to Prioritize E2E Encryption

The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption by default across their services, as privacy concerns mount amid increased AI use.

OpenClaw's Gregarious Insecurities Make Safe Usage Difficult

Malicious "skills" and persnickety configuration settings are just some of the issues that security researchers have found when installing — and removing — the OpenClaw AI assistant.

Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful

A disconnect exists between the organization's cybersecurity needs and lists like CISA's KEV Catalog. KEV Collider combines data from multiple open source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities.

EnCase Driver Weaponized as EDR Killers Persist

The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it.

Agentic AI Site 'Moltbook' Is Riddled With Security Risks

Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly accessible API.

Protests Don't Impede Iranian Spying on Expats, Syrians, Israelis

Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering.

CISA Makes Unpublicized Ransomware Updates to KEV Catalog

A third of the "flipped" CVEs affected network edge devices, leading one researcher to conclude, "Ransomware operators are building playbooks around your perimeter."

Attackers Use Windows Screensavers to Drop Malware, RMM Tools

By tapping the unusual .scr file type, attackers leverage "executables that don't always receive executable-level controls," one researcher noted.

Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.

GlassWorm Malware Returns to Shatter Developer Ecosystems

The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims with infostealer infections.

8-Minute Access: AI Accelerates Breach of AWS Environment

The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges.

Dark Patterns Undermine Security One Click at a Time

People trust organizations to do the right thing, but websites’ and apps’ dark patterns pose a hidden threat that can lead to inadequate security behaviors.

County Pays $600K to Wrongfully Jailed Pen Testers

Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises.

Chinese Hackers Hijack Notepad++ Updates for 6 Months

State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.

ShinyHunters Expands Scope of SaaS Extortion Attacks

Following its attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.

Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation

Investors poured $140 million into Torq's Series D Round, bringing the startup's valuation to $1.2 billion, to bring AI-based "hyper automation" to SOCs.

Out-of-the-Box Expectations for 2026 Reveal a Grab-Bag of Risk

Security teams need to be thinking about this list of emerging cybersecurity realities, to avoid rolling the dice on enterprise security risks (and opportunities).

Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure

The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools.

OpenClaw AI Runs Wild in Business Environments

The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users' computers.

From Quantum to AI Risks: Preparing for Cybersecurity's Future

As 2026 begins, these journalists urge the cybersecurity industry to prioritize patching vulnerabilities, preparing for quantum threats, and refining AI applications, in the latest edition of Reporters' Notebook.

More Critical Flaws on n8n Could Compromise Customer Security

A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials.

'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4

If an attacker splits a malicious prompt into discrete chunks, some large language models (LLMs) will get lost in the details and miss the true intent.

Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest

Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July.

Consumers Reluctant to Shop at Stores That Don't Take Security Seriously

The retail sector must adapt as consumers become more cybersecurity-conscious. Increased attack transparency is a good place to start.

Fortinet Confirms New Zero-Day Behind Malicious SSO Logins

To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication for all devices.

China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks

In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government entities with new backdoors.

Critical Telnet Server Flaw Exposes Forgotten Attack Surface

While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access.

'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector

The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.

Hand CVE Over to the Private Sector

How MITRE has mismanaged the world's vulnerability database for decades and wasted millions along the way.

Sandworm Blamed for Wiper Attack on Poland Power Grid

Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.

Dark Reading Confidential: Reviving the Hacker Ethos That Built Cybersecurity

Dark Reading Confidential Episode 14: How curious, ethical problem-solving can continue to serve as a guiding principle for an evolving cybersecurity sector.

DPRK's Konni Targets Blockchain Developers With AI-Generated Backdoor

The North Korean threat group is using a new PowerShell backdoor to compromise development environments and target cryptocurrency holdings, according to researchers.

2025 Was a Wake-Up Call to Protect Human Decisions, Not Just Systems

Cybersecurity must shift from solely protecting systems to safeguarding human decision-making under uncertainty and system failures.

Europe's GCVE Raises Concerns Over Fragmentation in Vulnerability Databases

GCVE would enhance global collaboration, flexibility, and efficiency in tracking security flaws. Duplicate entries and a decentralization policy may create more chaos for defenders.

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover.

Dark Reading Confidential: Reviving the Hacker Ethos That Built Cybersecurity

Dark Reading Confidential Episode 14: How curious, ethical problem solving can continue to serve as a guiding principle for an evolving cybersecurity sector.

Healthy Security Cultures Thrive on Risk Reporting

The signs of an effective security culture are shifting as companies call on CISOs and security teams to raise their hands unabashedly.

Risky Chinese Electric Buses Spark Aussie Gov't Review

Deployed across Australia and Europe, China's electric buses are vulnerable to cybercriminals and sport a virtual kill switch the Chinese state could activate.

Fortinet Firewalls Hit With Malicious Configuration Changes

Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files.

From a Whisper to a Scream: Europe Frets About Overreliance on US Tech

Concern is growing across Europe about relying on US cybersecurity companies, and Greenland takeover talk is eroding trust across the EU even further.

DPRK Actors Deploy VS Code Tunnels for Remote Hacking

A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection.

AI Agents Undermine Progress in Browser Security

Web browser companies have put in substantial effort over the last three decades to strengthen the browser security stack to withstand abuses. Agentic browsers are undoing all that work.

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no other user interaction.

Phishing Campaign Zeroes in on LastPass Customers

The bait incudes plausible subject lines and credible messages, most likely thanks to attackers' use of large language models to craft them.

'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed

Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors.

'CrashFix' Scam Crashes Browsers, Delivers Malware

The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT.

Mass Spam Attacks Leverage Zendesk Instances

The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.

Vulnerabilities Threaten to Break Chainlit AI Framework

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.

Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers

Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities.

ChatGPT Health Raises Big Security, Safety Concerns

ChatGPT Health promises robust data protection, but elements of the rollout raise big questions regarding user security and safety.

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.

CISOs Rise to Prominence: Security Leaders Join the Executive Suite

Security professionals are moving on up the executive ranks as enterprises face rising regulatory and compliance standards.

AI System Reduces Attack Reconstruction Time From Weeks to Hours

Pacific Northwest National Labs' expert cybersecurity system, ALOHA, can recreate attacks and test them against organizations' infrastructure to bolster defense.

Winter Olympics Could Share Podium With Cyberattackers

The upcoming Winter Games in the Italian Alps are attracting both hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the attending glitterati.

Microsoft Disrupts Cybercrime Service RedVDS

RedVDS, a cybercrime-as-a-service operation that has stolen millions from victims, lost two domains to a law enforcement operation supported by Microsoft.

Retail, Services Industries Under Fire in Oceania

Last year in Australia, New Zealand, and the South Pacific, Main Street businesses like retail and construction suffered more cyberattacks than their critical sector counterparts.

Secure Your Spot at RSAC 2026 Conference

'VoidLink' Malware Poses Advanced Threat to Linux Systems

Researchers discovered a modular, "cloud-first" framework that is feature-rich and designed to maintain stealthy, long-term access to Linux environments.

CISO Succession Crisis Highlights How Turnover Amplifies Security Risks

When cybersecurity leadership turns over too fast, risk does not reset. It compounds.

'Most Severe AI Vulnerability to Date' Hits ServiceNow

ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers' data and connected systems.

Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

The vendor's first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month.

Shadow#Reactor Uses Text Files to Deliver Remcos RAT

Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools and rely on the target's own utilities.

GoBruteforcer Botnet Targets 50K-plus Linux Servers

Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations.

FBI Flags Quishing Attacks From North Korean APT

A state-sponsored threat group tracked as "Kimsuky" sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions.

Hexnode Moves into Endpoint Security With Hexnode XDR

Two Separate Campaigns Target Exposed LLM Services

A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations' use of AI and map an expanding attack surface.

Deepfake Fraud Tools Are Lagging Behind Expectations

Deepfakes are becoming more realistic and more popular. Luckily, defenders are still ahead in the arms race.

Illicit Crypto Economy Surges as Nation-States Join in the Fray

Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump.

Maximum Severity HPE OneView Flaw Exploited in the Wild

Exploitation of CVE-2025-37164 can enable remote code execution on HPE's IT infrastructure management platform, leading to devastating consequences.

Fake AI Chrome Extensions Steal 900K Users' Data

Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before sending it to a C2 server.

ChatGPT's Memory Feature Supercharges Prompt Injection

The "ZombieAgent" exploit makes use of ChatGPT's long-term memory and advanced capabilities.

Here's What Cloud Security's Future Holds for the Year Ahead

Here are the top cloud security trends I'm seeing in my crystal ball for the New Year — particularly arming us for AI adoption.

Phishers Exploit Office 365 Users Who Let Their Guard Down

Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.

Lack of MFA is Common Thread in Vast Cloud Credential Heist

An emerging threat actor that goes by "Zestix" used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises.

Cyberattacks Likely Part of Military Operation in Venezuela

Cyber's role in the US raid on Venezuela remains a question, though President Trump alluded to "certain expertise" in shutting down the power grid in Caracas.

Scattered Lapsus$ Hunters Snared in Cyber Researcher Honeypot

Scattered Lapsus$ Hunters, also known as ShinyHunters, were drawn in using a realistic, yet mostly fake, dataset.

Startup Trends Shaking Up Browsers, SOC Automation, AppSec

In 2025, these startups have reimagined browser security, pioneered application security for AI-generated code, and are building consensus on agentic vs. human costs.

Critical 'MongoBleed' Bug Under Active Attack, Patch Now

A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.

US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity

Two US citizens pleaded guilty to working as ALPHV/BlackCat ransomware affiliates in 2023, and both were previously employed by prominent security firms.

When the Cloud Rains on Everyone's IoT Parade

What happens to all of those always-connected devices when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.

RondoDox Botnet Expands Scope With React2Shell Exploitation

Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises.

CTO New Year Resolutions for a More Secure 2026

From securing MCPs and supply chain defenses to formal AI and quantum governance, experts share their wish lists for cyber safety in 2026.