Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug

The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available.

Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber

In this latest installment of the Reporters' Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what industry leaders are telling the press.

Oracle Red Bull Racing Team Revs Up Automation to Boost Security

While drivers race to shave off seconds on the track, the team's IT and engineering staff are speeding up how they deliver security.

Claude Mythos Fears Startle Japan's Financial Services Sector

Global financial institutions are panicked over Anthropic's new superhacker AI model. Cyber experts aren't quite as worried.

Reverse Engineering With AI Unearths High-Severity GitHub Bug

Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake.

AI Finds 38 Security Flaws in Electronic Health Record Platform

Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.

BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures

The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.

NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later

Chris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and "enculturation."

Feuding Ransomware Groups Leak Each Other's Data

When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations.

Vidar Rises to Top of Chaotic Infostealer Market

The malware has filled the gap created by last year's law enforcement takedowns of Lumma and Rhadamanthys.

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.

UNC6692 Combines Social Engineering, Malware, Cloud Abuse

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.

Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation

A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Procedure Call (RPC) mechanism handles connections to unavailable services.

Parsing Agentic Offensive Security's Existential Threat

Some fear frontier LLMs like Claude Mythos and Anthropic's GPT-5.5 will lead to cybersecurity annihilation. Ari Herbert-Voss notes this could be an opportunity.

Helping Romance Scam Victims Require a Proactive, Empathic Approach

People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial and government institutions to work together and protect them.

US Busts Myanmar Ring Targeting US Citizens in Financial Fraud

Some 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.

North Korea's Lazarus Targets macOS Users via ClickFix

Lazarus continues leveraging ClickFix for initial access and data theft, in this case, against Mac-centric organizations and their high-value leaders.

Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets

The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.

China-Backed Hackers Are Industrializing Botnets

China's state-backed groups are now using covert networks of compromised devices to execute attacks in a low-cost, low-risk, and deniable way.

Electricity Is a Growing Area of Cyber Risk

IT has long been concerned about ensuring systems receive the right amount of electricity. Cyberattackers are realizing they can manipulate voltage fluctuations for their purposes, too.

Electricity Is a Growing Area of Cyber Risk

IT has long been concerned about ensuring systems receive the right amount of electricity. Cyberattackers are realizing they can manipulate voltage fluctuations for their purposes, too.

'Zealot' Shows What AI's Capable of in Staged Cloud Attack

The proof of concept revealed AI-based attacks unfold too fast for human defenders to respond, and that AI evinced more autonomous behavior than expected.

'The Gentlemen' Rapidly Rises to Ransomware Prominence

Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its sophistication.

DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.

Ransomware Negotiator Pleads Guilty to BlackCat Scheme

A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted.

Exploits Turn Windows Defender into Attacker Tool

Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.

Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk

The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.

Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool

The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.

Chinese APT Targets Indian Banks, Korean Policy Circles

China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.

Vercel Employee's AI Tool Access Led to Data Breach

Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher noted.

Serial-to-IP Devices Hide Thousands of Old and New Bugs

The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.

WhatsApp Leaks User Metadata to Attackers

Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.

Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs

The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.

NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities

The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws.

North Korea Uses ClickFix to Target macOS Users' Data

Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.

'Harmless' Global Adware Transforms Into an AV Killer

A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.

Microsoft's Original Windows Secure Boot Certificate Is Expiring

The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.

6-Year Ransomware Campaign Targets Turkish Homes & SMBs

While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption.

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.

Navigating the Unique Security Risks of Asia's Digital Supply Chain

Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle.

Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads

Security teams can't test distributed denial-of-service defenses in a vacuum. They need to test during periods of high demand, such as tax filing deadlines.

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.

Wargame Exercise Demonstrates How Social Media Manipulation Works

In an educational game called "Capture the Narrative," students created bots to sway a fictional election, simulating influence in real-world political scenarios.

CSA: CISOs Should Prepare for Post-Mythos Exploit Storm

Security experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos in a new paper from the Cloud Security Alliance (CSA).

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.

Empty Attestations: OT Lacks the Tools for Cryptographic Readiness

OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security.

APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials

The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.

Hims Breach Exposes the Most Sensitive Kinds of PHI

Threat actors breached the telehealth brand, and now they may know who's bald, overweight, and impotent. What could they do with that information?

Your Next Breach Will Look Like Business as Usual

These are the fundamental detection model shifts cybersecurity teams need to make to keep up with the rising number of credential-based attacks.

Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?

Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the vendor said.

Russia's 'Fancy Bear' APT Continues Its Global Onslaught

Victims don't need to match the cybercrime group's technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues

Under the alias 'Chaotic Eclipse,' a researcher released a PoC exploit for a zero-day flaw that allows for system takeover by a local user, citing an undisclosed beef with Microsoft.

Do Ceasefires Slow Cyberattacks? History Suggests Not

The cybersecurity community is waiting with bated breath to see if Iranian hackers will honor a ceasefire that doesn't actually name or directly involve them.

Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers

Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.

Threat Actors Get Crafty With Emojis to Escape Detection

When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filters and keep it all on the down-low.

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which bounties don't fund.

Niobium Introduces The Fog

Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams

Grafana Patches AI Bug That Could Have Leaked User Data

By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders as benign and return sensitive data to the attacker's server.

Focusing on the People in Cybersecurity at RSAC 2026 Conference

AI dominated the RSAC 2026 Conference and showed it's still humans in cybersecurity who matter most.

AI-Assisted Supply Chain Attack Targets GitHub

PRT-scan is the second in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration.

Axios Attack Shows Social Complex Engineering Is Industrialized

The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns.

Fortinet Issues Emergency Patch for FortiClient Zero-Day

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

An emerging threat cluster tracked as UAT-10608 is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to exfiltrate credentials, secrets, and other system data.

Shadow AI in Healthcare is Here to Stay

Medical professionals are not going to stop using AI tools to manage growing workloads. Organizations should prioritize bolstering security protocols to limit their blast radius.

OWASP GenAI Security Project Gets Update, New Tools Matrix

In recognition of 21 generative AI risks, the standards groups recommends that companies take separate but linked approaches to defending GenAI and agentic AI systems.

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.

Apple Breaks Precedent, Patches DarkSword for iOS 18

Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe mobile OS-cracking tool.

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills.

CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry

Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.

Security Bosses Are All-In on AI. Here's Why

CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real world, as well as its future promise.

Bank Trojan 'Casbaneiro' Worms Through Latin America

Augmented Marauder's multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly.

Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense

A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short or long-term outages.

LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut

A newly released study exclusively shared with Dark Reading details the unique circumstances that make up Latin America's labor pool, and why organizations may want to expand their talent search.

Cyberattacks Intensify Pressure on Latin American Governments

Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector.

Are We Training AI Too Late?

Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors.