UAE to Implement Cyber Education Initiative

The initiative will be tailored to students and their growth in cybersecurity preparedness.

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ran...

Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations

Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far...

Hackers breach fintech firm in attempted $130M bank heist

Hackers tried to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central...

Amazon Stymies APT29 Credential Theft Campaign

A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authent...

Cloudflare hit by data breach in Salesloft Drift supply chain attack

Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week. [...]

WordPress Woes Continue Amid ClickFix Attacks, TDS Threats

Vulnerable and malicious plug-ins are giving threat actors the ability to compromise WordPress sites and use them as a springboard to a variety of cyb...

Zscaler, Palo Alto Networks Breached via Salesloft Drift

Two major security firms suffered downstream compromises as part of a large-scale supply chain attack involving Salesloft Drift, a marketing SaaS appl...

Jaguar Land Rover Shuts Down in Scramble to Secure 'Cyber Incident'

The luxury automaker said its retail and production activities have been "severely disrupted."

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different p...

Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps

Internet infrastructure company Cloudflare said it recently blocked the largest recorded volumetric distributed denial-of-service (DDoS) attack, which...

No, Google did not warn 2.5 billion Gmail users to reset passwords

Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also a...

Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control

Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from ...

Jaguar Land Rover says cyberattack ‘severely disrupted’ production

Jaguar Land Rover (JLR) announced that a cyberattack forced the company to shut down certain systems as part of the mitigation effort. [...]

Hackers Are Sophisticated & Impatient — That Can Be Good

You can't negotiate with hackers from a place of fear — but you can turn their urgency against them with the right playbook, people, and preparation.

Pennsylvania AG Office says ransomware attack behind recent outage

The Office of the Pennsylvania Attorney General announced that a ransomware attack is behind the ongoing two-week service outage. [...]

NIST Enhances Security Controls for Improved Patching

The US National Institute of Standards and Technology released Security and Privacy Control version 5.2.0 to help organizations be more proactive rega...

Palo Alto Networks data breach exposes customer info, support cases

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesl...

Palo Alto Networks data breach exposes customer info, support tickets

Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesl...

JSON Config File Leaks Azure ActiveDirectory Credentials

In this type of misconfiguration, cyberattackers could use exposed secrets to authenticate directly via Microsoft’s OAuth 2.0 endpoints and infiltrate...

Shadow AI Discovery: A Critical Part of Enterprise AI Governance

The Harsh Truths of AI Adoption MITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptio...

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices

Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN an...

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as p...

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cry...

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to delive...

Zscaler data breach exposes customer info after Salesloft Drift compromise

Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer informat...

Amazon disrupts Russian APT29 hackers targeting Microsoft 365

Researchers have disrupted an operation attributed to Russian state-sponsored threat group Midnight Blizzard, who sought access to Microsoft 365 accou...

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one mis...

When Browsers Become the Attack Surface: Rethinking Security for Scattered Spider

As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of security...

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Cybersecurity researchers have discovered a new phishing campaign undertaken by the North Korea-linked hacking group called ScarCruft (aka APT37) to d...

Brokewell Android malware delivered through fake TradingView ads

Cybercriminals are abusing Meta's advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Andr...

OpenAI releases big upgrade for ChatGPT Codex for agentic coding

OpenAI has announced a big update for Codex, which is the company's agentic coding tool. [...]

Anthropic is testing GPT Codex-like Claude Code web app

Anthropic is planning to bring the famous Claude Code to the web, and it might be similar to ChatGPT Codex, but you'll need GitHub to get started. [.....

ChatGPT can now create flashcards quiz on any topic

If you use ChatGPT to learn new topics, you might want to try its new flashcard-based quiz feature, which can help you evaluate your progress. [...]

OpenAI is testing "Thinking effort" for ChatGPT

OpenAI is working on a new feature called the Thinking effort picker for ChatGPT. [...]

TamperedChef infostealer delivered through fraudulent PDF Editor

Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing ...

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digit...

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conj...

WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conj...

Windows 11 KB5064081 update clears up CPU usage metrics in Task Manager

Microsoft has released the KB5064081 preview cumulative update for Windows 11 24H2, which includes thirty-six new features or changes, with many gradu...

Microsoft fixes bug behind Windows certificate enrollment errors

Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and su...

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure a...

WhatsApp patches vulnerability exploited in zero-day attacks

WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. [...]

Microsoft to enforce MFA for Azure resource management in October

Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from ...

Webinar: Learn How to Unite Dev, Sec, and Ops Teams With One Shared Playbook

Picture this: Your team rolls out some new code, thinking everything's fine. But hidden in there is a tiny flaw that explodes into a huge problem once...

Microsoft says recent Windows update didn't kill your SSD

Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting sol...

An Audit Isn't a Speed Bump — It's Your Cloud Co-Pilot

Auditing must be seen for what it truly can be: a multiplier of trust, not a bottleneck of progress.

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 ac...

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage camp...

Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation

Generating exploits with AI and large language models shrinks the time to target software flaws, giving security teams scant time to patch. Can enterp...

Can Your Security Stack See ChatGPT? Why Network Visibility Matters

Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency a...

Click Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access Page

Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an aut...

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with ...

Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain

Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudul...

Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations

Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously though...

Google Warns Salesloft Drift Breach Impacts All Drift Integrations Beyond Salesforce

Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously though...

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Cybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to fraudulent sites to deliver a ne...

Google warns Salesloft breach impacted some Workspace accounts

Google reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access Google...

CISA, FBI, NSA Warn of Chinese 'Global Espionage System'

Three federal agencies were parties to a global security advisory this week warning about the extensive threat posed by Chinese nation-state actors ta...

Hackers Steal 4M+ TransUnion Customers' Data

The credit reporting agency said the breach was "limited to specific data elements" and didn't include credit reports or core credit informa...

US targets North Korean IT worker army with new sanctions

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned two individuals and two companies associated with North Korean IT worker sc...

Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups

Flashpoint published its 2025 midyear ransomware report that highlighted the top five most prolific groups currently in operation.

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer

One of the most sophisticated supply chain attacks to date caused immense amounts of data to leak to the Web in a matter of hours.

Google shares workarounds for auth failures on ChromeOS devices

Google is working to resolve authentication failures preventing users from signing into their Clever and ClassLink accounts on some ChromeOS devices. ...

Dark Reading Confidential: A Guided Tour of Today's Dark Web

Dark Reading Confidential Episode 9: Join us for a look around today's Dark Web, and find out how law enforcement, AI, nation-state activities, and mo...

Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously remo...

Malware devs abuse Anthropic’s Claude AI to build ransomware

Anthropic's Claude Code large language model has been abused by threat actors who used it in data extortion campaigns and to develop ransomware packag...

Microsoft Word will save your files to the cloud by default

Microsoft says that Word for Windows will soon enable autosave and automatically save all new documents to the cloud by default. [...]

Passwordstate dev urges users to patch auth bypass vulnerability

Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication by...

Police seize VerifTools fake ID marketplace servers, domains

The FBI and the Dutch Police have shut down the VerifTools marketplace for fraudulent identity documents after seizing servers in Amsterdam that hoste...

CISA's New SBOM Guidelines Get Mixed Reviews

Updated SBOM rules from CISA are a solid step toward making them more useful for cyber defenders but don't address many critical needs, experts say.

MATLAB dev says ransomware gang stole data of 10,000 people

MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over 10,000 people...

Shadow IT Is Expanding Your Attack Surface. Here’s Proof

Shadow IT isn't theoretical—it's everywhere. Intruder uncovered exposed backups, open Git repos, and admin panels in just days, all hiding sensitive d...

TransUnion suffers data breach impacting over 4.4 million people

Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United ...

Salt Typhoon Exploits Flaws in Edge Network Devices to Breach 600 Organizations Worldwide

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including...

Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide

The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including...

Webinar: Why Top Teams Are Prioritizing Code-to-Cloud Mapping in Our 2025 AppSec

Picture this: Your team rolls out some new code, thinking everything's fine. But hidden in there is a tiny flaw that explodes into a huge problem once...

Hidden Vulnerabilities of Project Management Tools & How FluentPro Backup Secures Them

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when th...

Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular...

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two ent...

CrowdStrike to Acquire Onum, Boost Falcon Next-Gen SIEM

The acquisition will bring Onum's real-time data pipeline to CrowdStrike's Falcon Next-Gen SIEM platform to deliver autonomous threat detection capabi...

Storm-0501 hackers shift to ransomware attacks in the cloud

Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusin...

Anthropic AI Used to Automate Data Extortion Campaign

The company said the threat actor abused its Claude Code service to "an unprecedented degree," automating reconnaissance, intrusions, and cr...

Experimental PromptLock ransomware uses AI to encrypt, steal data

Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, a...

'ZipLine' Phishers Flip Script as Victims Email First

"ZipLine" appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organiza...

Nevada's State Agencies Shutter in Wake of Cyberattack

In response to a cyberattack that was first detected on Sunday, the governor shut down in-person services for state offices while restoration efforts ...

FreePBX servers hacked via zero-day, emergency fix released

The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Co...

China Hijacks Captive Portals to Spy on Asian Diplomats

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.

Google: Salesforce Attacks Stemmed From Third-Party App

A group tracked as UNC6395 engaged in "widespread data theft" via compromised OAuth tokens from a third-party app called Salesloft Drift.

Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks

The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks t...

IT system supplier cyberattack impacts 200 municipalities in Sweden

A cyberattack on Miljödata, an IT systems supplier for roughly 80% of Sweden's municipal systems, has caused accessibility problems in more than 200 r...

Global Salt Typhoon hacking campaigns linked to Chinese tech firms

The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have linked the Salt...

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock. Written i...

Storm-0501 Hits Enterprise With 'Cloud-Based Ransomware' Attack

The financially motivated threat group used cloud resources to conduct a complex, ransomware-style attack against an enterprise victim.

Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors

Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to...

ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia...

AI-Powered Ransomware Has Arrived With 'PromptLock'

Researchers raise the alarm that a new, rapidly evolving ransomware strain uses an OpenAI model to render and execute malicious code in real time, ush...

Gaps in California Privacy Law: Half of Data Brokers Ignore Requests

Failure to comply with consumer data access and deletion requests highlights the urgent need for standardized verification processes and stronger enfo...

The 5 Golden Rules of Safe AI Adoption

Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the ...

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with t...

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 an...

African Law Enforcement Agencies Nab Cybercrime Syndicates

African nations work with Interpol and private-sector partners to disrupt cybercriminal operations on the continent, but more work needs to be done.

Google to verify all Android devs to block malware on Google Play

Google is introducing a new defense for Android called 'Developer Verification' to block malware installations from sideloaded apps sourced from outsi...

Citrix fixes critical NetScaler RCE flaw exploited in zero-day attacks

Citrix fixed three NetScaler ADC and NetScaler Gateway flaws today, including a critical remote code execution flaw tracked as CVE-2025-7775 that was ...

Silk Typhoon hackers hijack network captive portals in diplomat attacks

State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving webs...

When One Hospital Gets Ransomware, Others Feel the Pain

When ransomware hits hospitals, neighbors absorb patient overflow. Key defenses include backup recovery and multifactor authentication implementation.

AI Agents in Browsers Light on Cybersecurity, Bypass Controls

Companies looking to benefit from agentic browsers pause: The services can tap into a user's online accounts and automate tasks but can expose organiz...

1M Farmers Insurance Customers' Data Compromised

Though the company is informing its customers of the breach, Farmers isn't publicly divulging what kinds of personal data were affected.

Philippines Power Election Security With Zero-Knowledge Proofs

While 34 countries worldwide already use some form of e-voting, the Philippines can serve as a model for what a secure online voting operation looks l...

Citrix Gear Under Active Attack Again With Another Zero-Day

The flaw is one of three that the company disclosed affecting its NetScaler ADC and NetScaler Gateway technologies.

Malicious Scanning Waves Slam Remote Desktop Services

Researchers say the huge spike of coordinated scanning for Microsoft RDP services could indicate the existence of a new, as-yet-undisclosed vulnerabil...

Data I/O Becomes Latest Ransomware Attack Victim

The "incident" led to outages affecting a variety of the tech company's operations, though the full scope of the breach is unknown.

Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks

Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot ...

Hook Android Trojan Now Delivers Ransomware-Style Attacks

New features to take over smartphones and monitor user activity demonstrate the continued evolution of the malware, which is now being spread on GitHu...

Nevada closes state offices as cyberattack disrupts IT systems

Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing a...

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploit...

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base sta...

CISA warns of actively exploited Git code execution flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distribute...

Beyond GDPR security training: Turning regulation into opportunity

Discover how GDPR compliance can spark real growth and give you a competitive advantage with practical strategies and a strong security culture. [...]

The Hidden Risk of Consumer Devices in the Hybrid Workforce

Until businesses begin to account for uncontrolled variables in their threat models, attackers will continue to exploit the weakest link in the chain.

Nissan confirms design studio data breach claimed by Qilin ransomware

Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Cr...

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing co...

AI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ Reveals

Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and va...

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification page...

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to dis...

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their softw...

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to it...

Surge in coordinated scans targets Microsoft RDP auth servers

Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP addresses pro...

New AI attack hides data-theft prompts in downscaled images

Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering the...

Hackers Lay in Wait, Then Knocked Out Iran Ship Comms

Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list.

FTC Chair Tells Tech Giants to Hold the Line on Encryption

The chairman sent letters out to companies like Apple, Meta, and Microsoft, advising them not to adhere to the demands of foreign governments to weake...

Farmers Insurance data breach impacts 1.1M people after Salesforce attack

U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was s...

ClickFix Attack Tricks AI Summaries Into Pushing Malware

Because instructions appear to come from AI-generated content summaries and not an external source, the victim is more likely to follow them without s...

Auchan retailer data breach impacts hundreds of thousands of customers

French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed...

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across th...

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an a...

Malicious Android apps with 19M installs removed from Google Play

Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times...

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Cybersecurity researchers have flagged a new phishing campaign that's using fake voicemails and purchase orders to deliver a malware loader called UpC...

Fast-Spreading, Complex Phishing Campaign Installs RATs

Attackers not only steal credentials but also can maintain long-term, persistent access to corporate networks through the global campaign.

Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced C...

Defending against malware persistence techniques with Wazuh

Malware persistence keeps attackers in your systems long after reboots or resets. Wazuh helps detect and block hidden techniques like scheduled tasks,...

Securing the Cloud in an Age of Escalating Cyber Threats

As threats intensify and cloud adoption expands, organizations must leave outdated security models behind.

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shif...

Why SIEM Rules Fail and How to Fix Them: Insights from 160 Million Attack Simulations

Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks, helping or...

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solut...

New Android malware poses as antivirus from Russian intelligence agency

A new Android malware posing as an antivirus tool software created by Russia's Federal Security Services agency (FSB) is being used to target executiv...

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality...

FTC warns tech giants not to bow to foreign pressure on encryption

The Federal Trade Commission (FTC) is warning major U.S. tech companies against yielding to foreign government demands that weaken data security, comp...

Microsoft working on fix for ongoing Outlook email issues

​Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication ...

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Cybersecurity researchers are calling attention to multiple campaigns that leverage known security vulnerabilities and expose Redis servers to various...

Murky Panda hackers exploit cloud trust to hack downstream customers

A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial acces...

Silk Typhoon Attacks North American Orgs in the Cloud

A Chinese APT is going where most APTs don't: deep into the cloud, compromising supply chains and deploying uncommon malware.

ReVault Flaw Exposed Millions of Dell Laptops to Malicious Domination

A bug in the control board that connects peripheral devices in commonly used Dell laptops allowed malicious access all the way down to the firmware ru...

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds

Music tastes, location information, even encrypted messages — Apple's servers are gathering a "surprising" amount of personal data through A...

APT36 hackers abuse Linux .desktop files to install malware in new attacks

The Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. [...]

Interpol Arrests Over 1K Cybercriminals in 'Operation Serengeti 2.0'

The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds.

Fake Mac fixes trick users into installing new Shamos infostealer

A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides...

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The "...

Apple Patches Zero-Day Flaw Used in 'Sophisticated' Attack

CVE-2025-43300 is the latest zero-day bug used in cyberattacks against "targeted individuals," which could signify spyware or nation-state h...

The Growing Challenge of AI Agent and NHI Management

The growing ecosystem of agents, chatbots, and machine credentials that outnumber human users by an order of magnitude is creating a poorly understood...

Insurers May Limit Payments in Cases of Unpatched CVEs

Some insurers look to limit payouts to companies that don't remediate serious vulnerabilities in a timely manner. Unsurprisingly, most companies don't...

Do Claude Code Security Reviews Pass the Vibe Check?

AI-assisted security reviews from Anthropic and others could help level up enterprise application security in the era of vibe coding.

Microsoft: August Windows updates cause severe streaming issues

Microsoft has confirmed that the August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some Windows...

Personal Liability, Security Becomes Bigger Issues for CISOs

While the furor from CISO prosecutions has died down, worries continue over a lack of liability protections and potential targeting by cybercriminals ...

Personal Liability, Security Become Bigger Issues for CISOs

While the furor from CISO prosecutions has died down, worries continue over a lack of liability protections and potential targeting by cybercriminals ...

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

Cybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that in...

INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown

INTERPOL on Friday announced that authorities from 18 countries across Africa have arrested 1,209 cybercriminals who targeted 88,000 victims. "The cra...

Automation Is Redefining Pentest Delivery

Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has ev...

Massive anti-cybercrime operation leads to over 1,200 arrests in Africa

Law enforcement authorities in Africa have arrested over 1,200 suspects as part of 'Operation Serengeti 2.0,' an INTERPOL-led international crackdown ...

DaVita says ransomware gang stole data of nearly 2.7 million people

Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 mil...

Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware

A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer's n...

Dev gets 4 years for creating kill switch on ex-employer's systems

A software developer has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with custom malware and a kill switch...

System Shocks? EV Smart Charging Tech Poses Cyber-Risks

Trend Micro's Salvatore Gariuolo talks with the Black Hat USA 2025 News Desk about how the new ISO 15118 standard for electric vehicle smart charging ...

Scattered Spider Member Sentenced to a Decade in Prison

Noah Michael Urban, 20, was one of several members of the Scattered Spider collective who were arrested and charged in 2024 in connection with high-pr...

Colt confirms customer data stolen as Warlock ransomware auctions files

UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files...

Easy ChatGPT Downgrade Attack Undermines GPT-5 Security

By using brief, plain clues in their prompts that are likely to influence the app to query older models, a user can downgrade ChatGPT for malicious en...

Why Video Game Anti-Cheat Systems Are a Cybersecurity Goldmine

Sam Collins and Marius Muench of the University of Birmingham, UK, join the Black Hat USA 2025 News Desk to explain how anti-cheat systems in video ga...

How Architectural Controls Help Can Fill the AI Security Gap

NCC Group's David Brauchler III shared how foundational controls and threat modeling strategies can help secure agentic AI tools in ways traditional g...

How Architectural Controls Can Help Fill the AI Security Gap

NCC Group's David Brauchler III shares how foundational controls and threat modeling strategies can help secure agentic AI tools in ways traditional g...

Hackers Abuse VPS Infrastructure for Stealth, Speed

New research highlights how threat actors abuse legitimate virtual private server offerings in order to spin up infrastructure cheaply, quietly, and f...

K-12 School Incident Response Plans Fall Short

Quick recovery relies on three security measures.

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The li...

Europol confirms $50,000 Qilin ransomware reward is fake

Europol has confirmed that a Telegram channel impersonating the agency and offering a $50,000 reward for information on two Qilin ransomware administr...

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLA...

Tree of AST: A Bug-Hunting Framework Powered by LLMs

Teenaged security researchers Sasha Zyuzin and Ruikai Peng discuss how their new vulnerability discovery framework leverages LLMs to address limitatio...

Microsoft asks customers for feedback on reported SSD failures

​Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and...

Prepping the Front Line for MFA Social Engineering Attacks

Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents...

Why Certified VMware Pros Are Driving the Future of IT

From hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. ...

Tailing Hackers, Columbia University Uses Logging to Improve Security

Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia's research labs.

DARPA: Closing the Open Source Security Gap With AI

DARPA's Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at s...

FBI warns of Russian hackers exploiting 7-year-old Cisco flaw

The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastruct...

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an ...

Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025

As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks of...

Scattered Spider hacker gets sentenced to 10 years in prison

Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty...

Orange Belgium discloses data breach impacting 850,000 customers

Orange Belgium, a subsidiary of telecommunications giant Orange Group, disclosed on Wednesday that attackers who breached its systems in July have sto...

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection wi...

Hacktivist Tied to Multiple Cyber Groups Sentenced to Jail

At one point, Al-Tahery Al-Mashriky was hacking thousands of websites within the span of three months while stealing personal data and sensitive infor...

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the...

DPRK, China Suspected in South Korean Embassy Attacks

Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both.

OpenAI says GPT-6 is coming and it'll be better than GPT-5 (obviously)

OpenAI's CEO Sam Altman told reporters that GPT-6 is already in the works, and it'll not take as long as GPT-5. [...]

Microsoft Lays Out its Quantum-Safe Plans

The goal of the Quantum-Safe Program is to ensure that by 2033, all Microsoft products and services are safe by default from quantum-based attacks.

AI website builder Lovable increasingly abused for malicious activity

Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping port...

Fake Employees Pose Real Security Risks

The security risks posed by fake employees are particularly severe when they secure IT positions with privileged access and administrative permissions...

Critical SAP Vulns Under Exploitation in 'One-Two Punch' Attack

The vulnerabilities themselves aren't new, but are being exploited in a novel manner that could lead to a "devastating attack."

How Warlock Ransomware Targets Vulnerable SharePoint Servers

Researchers highlight how Warlock, a new ransomware heavyweight, uses its sophisticated capabilities to target on-premises SharePoint instances.

Cybercriminals Abuse Vibe Coding Service to Create Malicious Sites

Some LLM-created scripts and emails can lower the barrier of entry for low-skill attackers, who can use services like Lovable to create convincing, ef...

FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw

In the past year, "Static Tundra," aka "Energetic Bear," has breached thousands of end-of-life Cisco devices unpatched against a 2...

Apple fixes new zero-day flaw exploited in targeted attacks

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack." [...]

Side of Fries With That Bug? Hacker Finds Flaws in McDonald's Staff, Partner Hubs

Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up.

How Outer Space Became the Next Big Attack Surface

VisionSpace Technologies' Andrzej Olchawa and Milenko Starcik discussed a set of vulnerabilities capable of ending space missions at the Black Hat USA...

Incode Acquires AuthenticID to Enhance AI-Driven Identity Verification

The combination of Incode's AI models and AuthenticID's experience running identity programs at scale in regulated environments will provide customers...

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to stea...

“Rapper Bot” malware seized, alleged developer identified and charged

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet. [...]

🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do

Do you know how many AI agents are running inside your business right now? If the answer is “not sure,” you’re not alone—and that’s exactly the concer...

Perplexity’s Comet AI browser tricked into buying fake items online

A study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact ...

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco I...

Hackers steal Microsoft logins using legitimate ADFS redirects

Hackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a ...

Major password managers can leak logins in clickjacking attacks

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to stea...

Microsoft investigates outage impacting Copilot, Office.com

Microsoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company's Copilot AI-powered assis...

Why email security needs its EDR moment to move beyond prevention

Email security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email"...

Europe's Ransomware Surge Is a Warning Shot for US Defenders

We can strip attackers of their power by implementing layered defenses, ruthless patch management, and incident response that assumes failure and prio...

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts

Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI)...

Microsoft reportedly fixing SSD failures caused by Windows updates

Recently released Windows 11 24H2 updates are reportedly causing data corruption and failure issues for some SSD and HDD models on up-to-date systems....

From Impact to Action: Turning BIA Insights Into Resilient Recovery

Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risk...

North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart ...

Microsoft fixes Windows upgrades failing with 0x8007007F error

Microsoft has resolved a known issue that caused Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems. [...]

Microsoft releases emergency updates to fix Windows recovery

Microsoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the Augu...

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-h...

Asian Orgs Shift Cybersecurity Requirements to Suppliers

The uptick in breaches in Asia has prompted a Japanese chipmaker and the Singaporean government to require vendors to pass cybersecurity checks to do ...

Russian Hacktivists Take Aim at Polish Power Plant, Again

This attack was seemingly more successful than the first iteration, causing disruptions at the plant.

Agentic AI, Apple Intelligence, EV Chargers: Everyday Cybersecurity Peril Abounds for Businesses

Cybersecurity risks can come from everywhere, as these riveting Dark Reading News Desk videos detail. Check out Part 1 of our broadcast coverage of th...

Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds

Cybersecurity risks can come from everywhere, as these riveting Dark Reading News Desk videos detail. Check out Part 1 of our broadcast coverage of th...

How to Vibe Code With Security in Mind

As more organizations integrate vibe coding and AI-assisted coding into their application development processes, it's important to remember to put sec...

PyPI now blocks domain resurrection attacks used for hijacking accounts

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password res...

'RingReaper' Sneaks Right Past Linux EDRs

The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response syste...

AI Agents Access Everything, Fall to Zero-Click Exploit

Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "g...

Millions Allegedly Affected in Allianz Insurance Breach

Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.

Okta open-sources catalog of Auth0 rules for threat detection

Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in ev...

Microsoft shares workaround for Teams "couldn't connect" error

Microsoft is resolving a known issue that causes "couldn't connect" errors when launching the Microsoft Teams desktop and web applications. [...]

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malwar...

PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain

Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System...

Elastic rejects claims of a zero-day RCE flaw in Defend EDR

Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (...

OpenAI releases $4 ChatGPT plan, but it's not available in the US for now

OpenAI has finally announced the GPT Go subscription, which costs just $4 in the US or INR 399 in India. [...]

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan ca...

Pharma firm Inotiv says ransomware attack impacted operations

American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the compa...

10 Major GitHub Risk Vectors Hidden in Plain Sight

By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply c...

Microsoft: August security updates break Windows recovery, reset

Microsoft has confirmed that the August 2025 Windows security updates are breaking reset and recovery operations on systems running Windows 10 and old...

'DripDropper' Hackers Patch Their Own Exploit

An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the f...

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system com...

NY Business Council discloses data breach affecting 47,000 people

The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and hea...

Secure AI Use Without the Blind Spots

Why every company needs a clear, enforceable AI policy — now.

U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback

The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled ...

Why Your Security Culture is Critical to Mitigating Cyber Risk

After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and technologies ...

Massive Allianz Life data breach impacts 1.1 million people

Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz...

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply...

Noodlophile Stealer Hides Behind Bogus Copyright Complaints

Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures.

XenoRAT malware campaign hits multiple embassies in South Korea

A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. [...]

Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures

The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information steale...

Nebraska man gets 1 year in prison for $3.5M cryptojacking scheme

A Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $...

ERMAC Android malware source code leak exposes banking trojan infrastructure

The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform ...

Workday Breach Likely Linked to ShinyHunters Salesforce Attacks

The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system but did not gain access to customer information; onl...

UK sentences “serial hacker” of 3,000 sites to 20 months in prison

A 26-year old in the UK who claimed to have hacked thousands of websites was sentenced to 20 months in prison after pleading guilty earlier this year....

Over 800 N-able servers left unpatched against critical flaws

Over 800 N-able N-central servers remain unpatched against a pair of critical security vulnerabilities tagged as actively exploited last week. [...]

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Cybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the Pip...

Mozilla warns Germany could soon declare ad blockers illegal

A recent ruling from Germany's Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raisi...

How Evolving RATs Are Redefining Enterprise Security Threats

A more unified and behavior-aware approach to detection can significantly improve security outcomes.

Internet-wide Vulnerability Enables Giant DDoS Attacks

A good chunk of all websites today have been affected by the biggest DDoS risk on the Web since 2023.

⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is wat...

Defending Against Cloud Threats Across Multicloud Environments

The vast majority of companies are using more than one cloud platform, yet struggle to establish and monitor security across different environments gi...

Microsoft: Recent Windows updates may fail to install via WUSA

Microsoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalon...

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through...

Wazuh for Regulatory Compliance

Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standar...

HR giant Workday discloses data breach amid Salesforce attacks

Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platfo...

HR giant Workday discloses data breach after Salesforce attack

Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platfo...

OpenAI releases warmer GPT-5 personality, but only for non thinking model

OpenAI has confirmed it has begun rolling out a new warmer personality for GPT-5, but remember that it won't be as warm as GPT-4o, which is still avai...

Google is adding "Projects" feature to Gemini to run research tasks

Google's Gemini is now testing a new feature called "Projects." This will be similar to OpenAI's Project Feature for ChatGPT. [...]

U.S. seizes $2.8 million in crypto from Zeppelin ransomware operator

The U.S. Department of Justice (DoJ) announced the seizure of over $2,800,000 in cryptocurrency from alleged ransomware operator Ianis Aleksandrovich ...

Anthropic: Claude can now end conversations to prevent harmful uses

OpenAI rival Anthropic says Claude has been updated with a rare new feature that allows the AI model to end conversations when it feels it poses harm ...

OpenAI prepares Chromium-based AI browser to take on Google

OpenAI is testing an AI-powered browser that uses Chromium as its underlying engine, and it could debut on macOS first. [...]

Leak: ChatGPT cheaper plan costs $4 or £3.50, might release everywhere

OpenAI is working on a cheaper plan called ChatGPT Go, and we previously thought it would be just limited to a few regions like India, but that may no...

OpenAI is improving ChatGPT voice mode

ChatGPT's Voice mode is already pretty good, but OpenAI is working on a new feature that will allow you to control how Voice mode actually works. [......

Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remot...

Microsoft Teams to protect against malicious URLs, dangerous file types

Microsoft recently revealed that it's currently enhancing protection against dangerous file types and malicious URLs in Teams chats and channels. [......

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the opera...

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

The threat actor known as EncryptHub is continuing to exploit a now-patched security flaw impacting Microsoft Windows to deliver malicious payloads. T...

New Quantum-Safe Alliance Aims to Accelerate PQC Implementation

The new Quantum-Safe 360 Alliance will provide road maps, technology, and services to help organizations navigate the post-quantum cryptography transi...

RealDefense Opens $10M Fund to Help OEMs Monetize Installs With SmartScan Cybersecurity SDK

New Crypto24 Ransomware Attacks Bypass EDR

While several cybercrime groups have embraced "EDR killers," researchers say the deep knowledge and technical skills demonstrated by Crypto2...

Colt Telecommunications Struggles in Wake of Cyber Incident

The UK telco said it temporarily took some systems offline as a "protective" measure in its investigation.

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions ...

Colt Telecom attack claimed by WarLock ransomware, data up for sale

UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's...

Cisco warns of max severity flaw in Firewall Management Center

Cisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) sof...

Using Security Expertise to Bridge the Communication Gap

Cybersecurity-focused leadership delivers better products and business outcomes.

Microsoft reminds of Windows 10 support ending in two months

Microsoft has reminded customers that Windows 10 will be retired in two months after all editions of Windows 10, version 22H2 reach their end of servi...

Water Systems Under Attack: Norway, Poland Blame Russia Actors

Water and wastewater systems have become a favored target of nation-state actors, drawing increasing scrutiny following attacks on systems in multiple...

Plex warns users to patch security vulnerability immediately

Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. [...]

U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange pl...

Zero Trust + AI: Privacy in the Age of Agentic AI

We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becom...

US sanctions Grinex crypto-exchange, successor to Garantex

The U.S. Department of the Treasury has announced sanctions against Grinex, the successor to Russian cryptocurrency exchange Garantex, which was previ...

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow a...

Downgrade Attack Allows Phishing Kits to Bypass FIDO

You probably can't break FIDO authentication. Still, researchers have shown that there are ways to get around it.

State and Local Leaders Lobby Congress for Cybersecurity Resources

Federal funding cuts to the Multi-State Information Sharing and Analysis Center (MS-ISAC) are about to leave more than 18,000 state and local organiza...

Agentic AI Use Cases for Security Soar, but Risks Demand Close Attention

Organizations increasingly use agents to automate mundane tasks and address an overwhelming amount of sensitive data. However, adoption requires stric...

Over $300 million in cybercrime crypto seized in anti-fraud effort

More than $300 million worth of cryptocurrency linked to cybercrime and fraud schemes has been frozen due to two separate initiatives involving law en...

Google Chrome Enterprise: Advanced Browser Security for the Modern Workforce

In this Dark Reading News Desk interview, Google's Mark Berschadski highlights the critical role browsers play in today's work environment and how Chr...

Police & Government Email Access for Sale on Dark Web

Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentia...

NIST Digital Identity Guidelines Evolve With Threat Landscape

The US National Institute of Standards and Technology updated its Digital Identity Guidelines to match current threats. The document detailed technica...

CISA Warns N-able Bugs Under Attack, Patch Now

Two critical N-able vulnerabilities enable local code execution and command injection; they require authentication to exploit, suggesting they wouldn'...

Cybersecurity Spending Slows & Security Teams Shrink

Security budgets are lowest in healthcare, professional and business services, retail, and hospitality, but budget growth remained above 5% in financi...

Crypto24 ransomware hits large orgs with custom EDR evasion tool

The Crypto24 ransomware group has been using custom utilities to evade security solutions on breached networks, exfiltrate data, and encrypt files. [....

Google Chrome Enterprise: Extend Protections From Browser to OS

Dark Reading's Terry Sweeney and Google's Loren Hudziak discuss how the humble web browser has transformed from a simple web access tool into a comm...

Pro-Russian hackers blamed for water dam sabotage in Norway

The Norwegian Police Security Service (PST) says that pro-Russian hackers took control of critical operation systems at a dam and opened outflow valve...

New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks

Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful d...

Microsoft fixes Windows Server bug causing cluster, VM issues

Microsoft has resolved a known issue that triggers Cluster service and VM restart issues after installing July's Windows Server 2019 security updates....

Booking.com phishing campaign uses sneaky 'ん' character to trick you

Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malwar...

When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers

Ransomware and infostealers are winning on stealth, not encryption. Picus Blue Report 2025 reveals just 3% of data exfiltration attempts are stopped. ...

Navigating the Cybersecurity Budget Tug-of-War

Companies ready to move beyond reactive defense and toward full-spectrum protection need to invest in strategies that rally around resiliency, unified...

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS

Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework ...

Canada’s House of Commons investigating data breach after cyberattack

The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on...

Have You Turned Off Your Virtual Oven?

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe eve...

New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits

Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks f...

Leak: OpenAI's browser will use ChatGPT Agent to control the browser

OpenAI is building an agentic future with its upcoming Chromium-based browser and a new leak confirms GPT Agent integration. [...]

Simple Steps for Attack Surface Reduction

Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings ...

CISA warns of N-able N-central flaws exploited in zero-day attacks

​CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able's N-central remote monitoring and management (...

Microsoft fixes Windows 11 24H2 updates failing with 0x80240069 error

Microsoft has resolved a known issue preventing the August 2025 Windows 11 24H2 cumulative update from being delivered via Windows Server Update Servi...

Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses

Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishin...

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploit...

Google Gemini's Deep Research is finally coming to API

Google Gemini's one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could...

North Korea Attacks South Koreans With Ransomware

DPRK hackers are throwing every kind of malware at the wall and seeing what sticks, deploying stealers, backdoors, and ransomware all at once.

OpenAI relaxes GPT-5 rate limit, promises to improve the personality

OpenAI is slowly addressing all concerns around GPT-5, including rate limits and now its personality, which has been criticized for being less affirma...

Fortinet Products Are in the Crosshairs Again

The company disclosed a critical FortiSIEM flaw with a PoC exploit for it the same week researchers warned of an ominous surge in malicious traffic ta...

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admin...

Whispers of XZ Utils Backdoor Live on in Old Docker Images

Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," give...

Windows 11 24H2 updates failing again with 0x80240069 errors

The KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Win...

New downgrade attack can bypass FIDO auth in Microsoft Entra ID

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login metho...

Popular AI Systems Still a Work-in-Progress for Security

According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and undergro...

Spike in Fortinet VPN brute-force attacks raises zero-day concerns

A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift ...

Patch Now: Attackers Target OT Networks via Critical RCE Flaw

Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastruct...

Pennsylvania attorney general's email, site down after cyberattack

The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and...

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks

Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS...

What the LockBit 4.0 Leak Reveals About RaaS Groups

The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertaint...

Microsoft removes PowerShell 2.0 from Windows 11, Windows Server

Microsoft will remove PowerShell 2.0 from Windows starting in August, eight years after announcing its deprecation and keeping it around as an optiona...

How an AI-Based 'Pen Tester' Became a Top Bug Hunter on HackerOne

AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform's US ...

Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws

Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote c...

Microsoft asks users to ignore certificate enrollment errors

Microsoft has asked customers this week to disregard incorrect CertificateServicesClient (CertEnroll) errors that appear after installing the July 202...

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, trac...

AI SOC 101: Key Capabilities Security Leaders Need to Know

Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns o...

OpenAI adds new GPT-5 models, restores o3, o4-mini and it's a mess all over again

One of the few things many disliked about ChatGPT was the confusing number of models. OpenAI claimed GPT-5 would fix this, but it seems to have made i...

Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive

The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a ...

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws

Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclose...

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics

Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle E...

China Questions Security of AI Chips From Nvidia, AMD

The US banned the sale of AI chips to China and then backed off. Now, Chinese sources are calling on NVIDIA to prove its AI chips have no backdoors.

Claude gets 1M tokens support via API to take on Gemini 2.5 Pro

Claude Sonnet 4 has been upgraded, and it can now remember up to 1 million tokens of context, but only when it's used via API. This could change in th...

Hackers leak Allianz Life data stolen in Salesforce attacks

Hackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business pa...

Elevation-of-Privilege Vulns Dominate Microsoft's Patch Tuesday

The company's August security update consisted of patches for 111 unique Common Vulnerabilities and Exposures (CVEs).

OpenAI rolls out Gmail, Calendar, and Contacts integration in ChatGPT

OpenAI wants ChatGPT to know more about you, including your emails, calendar events in Google Calendar and even your Google contacts to reference ever...

ChatGPT's new subscription costs less than $5, but it's not for everyone

OpenAI has begun updating its pricing page to include a new plan called 'ChatGPT Go.' It costs 399 INR (Indian Rupee) or roughly $4.55, but there's a ...

Docker Hub still hosts dozens of Linux images with the XZ backdoor

The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organiza...

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incide...

Microsoft August 2025 Patch Tuesday fixes one zero-day, 107 flaws

Today is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability...

Windows 11 KB5063878 & KB5063875 cumulative updates released

Microsoft has released Windows 11 KB5063878 and KB5063875 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [....

Windows 10 KB5063709 update fixes extended security updates enrollment

Microsoft has released the KB5063709 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including a fix for a bug...

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager

Cybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per...

Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses

An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, ...

US govt seizes $1 million in crypto from BlackSuit ransomware gang

The U.S. Department of Justice (DoJ) seized cryptocurrency and digital assets worth $1,091,453 at the time of confiscation, on January 9, 2024, from t...

Android's pKVM hypervisor earns SESIP Level 5 security certification

Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security ass...

Charon Ransomware Emerges With APT-Style Tactics

The first documented deployment of the novel malware in a campaign against the Middle Eastern public sector and aviation industry may be tied to China...

Curly COMrades cyberspies hit govt orgs with custom malware

A new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task. ...

Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user...

How to Stay a Step Ahead of a Non-Obvious Threat

Securing business logic isn't just a technical requirement — it's a business imperative.

275M patient records breached—How to meet HIPAA password manager requirements

Healthcare led all industries in 2024 breaches—over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted passwor...

Windows 11 23H2 Home and Pro reach end of support in November

Microsoft announced today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving updates in three months. [...]

New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks

A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage ...

Manpower discloses data breach affecting nearly 145,000 people

Manpower, one of the world's largest staffing companies, is notifying nearly 145,000 individuals that their information was stolen by attackers who br...

ShinyHunters Tactics Now Mirror Scattered Spider

There's growing evidence that two of arguably the most dangerous cybercrime groups out there are tag-teaming big targets.

Saint Paul cyberattack linked to Interlock ransomware gang

The mayor of Saint Paul, Minnesota's capital city, has confirmed that the Interlock ransomware gang is responsible for a cyberattack that disrupted ma...

The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions

Most security tools can’t see what happens inside the browser, but that’s where the majority of work, and risk, now lives. Security leaders deciding h...

Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors

The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix...

BlackSuit Ransomware Takes an Infrastructure Hit From Law Enforcement

A swarm of US agencies joined with international partners to take down servers and domains and seize more than $1 million associated with BlackSuit (R...

North Korean Kimsuky hackers exposed in alleged data breach

The North Korean state-sponsored hackers known as Kimsuky has reportedly suffered a data breach after two hackers, who describe themselves as the oppo...

Netherlands: Citrix Netscaler flaw CVE-2025-6543 exploited to breach orgs

The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploite...

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack

REvil affiliate Yaroslav Vasinskyi, who was convicted last year for his role in the 2021 Kaseya ransomware supply chain attack, said the Russian gover...

Black Hat NOC Expands AI Implementation Across Security Operations

Corelight's James Pope gave Dark Reading an inside look at this year's Black Hat Network Operations Center, detailing security challenges and rising t...

Details emerge on WinRAR zero-day attacks that infected PCs with malware

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attac...

Researchers Warn of 'Hidden Risks' in Passwordless Account Recovery

Passwordless authentication is becoming more common, but account recovery poses increased risks that can lead to account takeovers. It's especially da...

Microsoft tests cloud-based Windows 365 disaster recovery PCs

Microsoft has announced the limited public preview of Windows 365 Reserve, a service that provides temporary desktop access to pre-configured cloud PC...

OpenAI is testing 3,000-per-week limit for GPT-5 Thinking

OpenAI has responded to criticism that it shipped GPT-5 with token limits to minimize cost and maximize profit not with words, but rather with a new 3...

Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours

Researchers paired the jailbreaking technique with storytelling in an attack flow that used no inappropriate language to guide the LLM into producing ...

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications

Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including i...

OneNote finally gets "paste text only" feature on Windows and Mac

Microsoft confirmed that it's testing the ability to paste text only (plain format) to OneNote for Windows and Mac. [...]

Utilities, Factories at Risk From Encryption Holes in Industrial Protocol

The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be ...

xAI is testing Grok 4.20 to take on GPT-5, may launch this month

Elon Musk-owned xAI is testing Grok 4.20, a small update to Grok 4, which already competes with GPT-5 in some benchmarks, such as ARC-AGI 2. [...]

The Rise of Native Phishing: Microsoft 365 Apps Abused in Attacks

Native phishing turns trusted tools into attack delivery systems. Varonis shows how attackers weaponize Microsoft 365 apps, like OneNote & OneDrive, t...

Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls

Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as begin...

MuddyWater’s DarkBit ransomware cracked for free data recovery

Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang's encryptors, allowing them to recover a victim's files for free with...

Will Secure AI Be the Hottest Career Path in Cybersecurity?

Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, r...

'Chairmen' of $100 million scam operation extradited to US

The U.S. Department of Justice charged four Ghanaian nationals for their roles in a massive fraud ring linked to the theft of over $100 million in rom...

⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More

This week, cyber attackers are moving quickly, and businesses need to stay alert. They’re finding new weaknesses in popular software and coming up wit...

6 Lessons Learned: Focusing Security Where Business Value Lives

The Evolution of Exposure Management Most security teams have a good sense of what’s critical in their environment. What’s harder to pin down is what’...

Over 29,000 Exchange servers unpatched against high-severity flaw

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft ...

Connex Credit Union data breach impacts 172,000 members

Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial...

Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web

Dark Reading's Terry Sweeney and Google Cloud Security's Jason Kemmerer discuss how organizations can secure the modern workplace with zero trust brow...

How Maclaren Racing Gets From the Browser to the Track

In a conversation with Dark Reading's Terry Sweeney, Dr. Lisa Jarman from McLaren Racing says cutting-edge innovation must coexist with rigorous secur...

How to restore GPT-4o when you've GPT-5

Sam Altman overhyped GPT-5 and the results are underwhelming. Some users are upset with GPT-5's new personality, but you can restore GPT-4o if you pay...

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2...

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and us...

Google Calendar invites let researchers hijack Gemini to leak user data

Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and lea...

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) commu...

Google confirms data breach exposed potential Google Ads customers' info

Google has confirmed that a recently disclosed data breach of one of its Salesforce CRM instances involved the information of potential Google Ads cus...

Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks

Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. "This al...

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been...

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems

Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM)...

60 malicious Ruby gems downloaded 275,000 times steal credentials

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts. ...

CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials

Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully e...

OpenAI to fix GPT-5 issues, double rate limits for paid users after outrage

OpenAI's CEO, Sam Altman, overpromised on GPT-5, and real-life results are underwhelming, but it looks like a new update is rolling out that might add...

60 RubyGems Packages Steal Data From Annoying Spammers

A cybercrime antihero has been stealing and then reselling credentials from unsavory online characters. Their motives are questionable, but the schade...

WinRAR zero-day exploited to plant malware on archive extraction

A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware. [...]

FTC: Older adults lost record $700 million to scammers in 2024

Americans aged 60 and older lost a staggering $700 million to online scams in 2024, marking a sharp rise in fraud targeting seniors, according to the ...

BigID Launches Shadow AI Discovery to Uncover Rogue Models and Risky AI Data

PwC Announces Addition of Morgan Adamski to Leadership of Cyber, Data & Technology Risk Platform

Ransomware Attacks Fall by Almost Half in Q2

Cybersecurity Incident at Allianz Life Exposes Personal Information of Hundreds of Thousands

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence (AI)-powered website buil...

860K Compromised in Columbia University Data Breach

While no data has yet to be misused, the university doesn't rule out the possibility of that occurring in the future, prompting it to warn affected in...

U.S. Judiciary confirms breach of court electronic records service

The U.S. Federal Judiciary confirms that it suffered a cyberattack on its electronic case management systems hosting confidential court documents and ...

Redefining the Role: What Makes a CISO Great

Security is everyone's responsibility, but as a CISO, it starts with you.

Data Dump From APT Actor Yields Clues to Attacker Capabilities

The tranche of information includes data on recent campaigns, attack tools, compromised credentials, and command files used by a threat actor believed...

Attackers Target the Foundations of Crypto: Smart Contracts

A whole criminal ecosystem revolves around scamming users out of their cryptocurrency assets, but malicious — or vulnerable — smart contracts could be...

Leaked Credentials Up 160%: What Attackers Are Doing With Them

When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cl...

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social ...

GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions

A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate ...

Silver Fox APT Blurs the Line Between Espionage & Cybercrime

Silver Fox is the Hannah Montana of Chinese threat actors, effortlessly swapping between petty criminal and nation-state-type attacks.

Air France, KLM Alert Authorities of Data Breach

While no sensitive financial data like credit card information was compromised, the threat actors were able to get away with names, email addresses, p...

Prime Security Wins Black Hat's Startup Spotlight Competition

Security startups of all stripes submitted applications for Black Hat USA's Startup Spotlight. Prime Security won with its AI security architect platf...

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries...

'Samourai' Cryptomixer Founders Plead Guilty to Money Laundering

As part of their plea deal, the cybercriminal founders will also have to forfeit more than $200 million.

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to f...

Citizen Lab Founder Flags Rise of US Authoritarianism

Citizen Lab director and founder Ron Deibert explained how civil society is locked in "vicious cycle," and human rights are being abused as ...

Payback: 'ShinyHunters' Clocks Google via Salesforce

In 2024, it was Snowflake. In 2025, it's Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international meg...

Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on ...

The Critical Flaw in CVE Scoring

With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, wit...

Chanel Alerts Clients of Third-Party Breach

The fashion house is added to a list of other companies that have been impacted by similar breaches, including Tiffany & Co. and Louis Vuitton.

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and ...

The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense

Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapi...

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to ...

6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploit...

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patc...

Researcher Deploys Fuzzer to Test Autonomous Vehicle Safety

As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional att...

Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults

Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.

Startup Spotlight: Twine Security Tackles the Execution Gap

The company, one of four finalists in this year's Black Hat USA Startup Spotlight competition, uses multi-agent system to build AI Digital Employees.

'ReVault' Security Flaws Impact Millions of Dell Laptops

The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploit...

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google...

VexTrio Cybercrime Outfit Run by Legit Ad Tech Firms

New research reveals that a malicious traffic distribution system (TDS) is run not by "hackers in hoodies," but by a series of corporations ...

Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights

Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected ...

Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw

Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud...

What 'CMMC 3.0' Really Means for Government Contractors

The ultimate goal is not just compliance — it's resilience.

Phishers Abuse Microsoft 365 to Spoof Internal Users

The "Direct Send" feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defen...

SentinelOne Acquires AI Startup Prompt Security

The company will integrate Prompt Security's platform, which detects AI tools used in browsers and on desktops, into its Singularity platform.

AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address th...

Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort...

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been e...

CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting governme...

With Eyes on AI, African Orgs Push Security Awareness

Against the backdrop of the artificial intelligence surge, most African organizations have some form of cybersecurity awareness training but fail to t...

AI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder’s Vision

When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing...

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video re...

To Raise or Not to Raise: Bootstrapped Founders Share Their Views

A trio of startup founders — GreyNoise's Andrew Morris, Thinkst Canary's Haroon Meer, and runZero's HD Moore — agree that raising venture capital fund...

Pandora Confirms Third-Party Data Breach, Warns of Phishing Attempts

The jewelry retailer is warning customers that their data can and might be used maliciously.

RCE Flaw in AI-Assisted Coding Tool Poses Software Supply Chain Risk

A critical vulnerability in the trust model of Cursor, a fast-growing tool for LLM-assisted development, allows for silent and persistent remote code ...

Cisco User Data Stolen in Vishing Attack

The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including e...

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take...

Why the Old Ways Are Still the Best for Most Cybercriminals

While the cybercrime underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the...

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as activel...

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could resul...

Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misundersta...

How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents

Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical...

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Cybersecurity researchers have lifted the veil on a widespread malicious campaign that's targeting TikTok Shop users globally with an aim to steal cre...

Google Chrome Enterprise: More Than an Access Point to the Web

In a conversation with Dark Reading's Terry Sweeney, Lauren Miskelly from Google explains that Chrome Enterprise is the same Chrome browser that consu...

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomw...

Minimal, Hardened & Updated Daily: The New Standard for Secure Containers

Chainguard provides DevSecOps teams with a library of "secure-by-default" container images so that they don't have to worry about software s...

NVIDIA Patches Critical RCE Vulnerability Chain

The flaws in the company's Triton Inference Server enables model theft, data leaks, and response manipulation.

CISA & FEMA Announce $100M+ in Community Cybersecurity Grants

The grants are intended to help states, tribes, and localities enhance their cybersecurity resilience by providing them with monetary resources to red...

MacOS Under Attack: How Organizations Can Counter Rising Threats

Not only are attacks against macOS users ramping up, but threat actors have proved to be advanced with deepfake technology. Security awareness trainin...

Threat Actors Increasingly Leaning on GenAI Tools

From "eCrime" actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber o...

Darktrace Acquires Mira Security

42% of Developers Using AI Say Their Codebase is Now Mostly AI-Generated

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial inte...

Akira Ramps Up Assault on SonicWall Firewalls, Suggesting Zero-Day

An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-un...

Turning Human Vulnerability Into Organizational Strength

Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and th...

Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally

Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The mal...

⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More

Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a help...

Man-in-the-Middle Attack Prevention Guide

Some of the most devastating cyberattacks don’t rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoti...

New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The imp...

The Wild West of Shadow IT

Everyone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don’t need to clear it with...

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, ...

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote cont...

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In t...

What Is the Role of Provable Randomness in Cybersecurity?

Random numbers are the cornerstone of cryptographic security. As organizations adopt quantum-resistant algorithms, it's equally important to examine t...

Dark Reading News Desk Turns 10, Back at Black Hat USA for 2025

Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on th...

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, tha...

LLMs' AI-Generated Code Remains Wildly Insecure

Security debt ahoy: Only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being c...

Building the Perfect Post-Security Incident Review Playbook

By creating a safe environment for open discussion, prioritizing human context alongside technical data, and involving diverse stakeholders, organizat...

Male-Dominated Cyber Industry Still Holds Space for Women With Resilience

When trying to crack your way into a cyber career, true passion and a bold love of the industry is a must to set yourself apart from hundreds of other...

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applicat...

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wa...

You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them

Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on ...

Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-con...

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies

The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embass...