Start typing to search content
Get the app experience
65 items shared from this domain
Forgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don't need sophisticated AI models to take advantage.
The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.
A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted.
The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise suppl…
The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary c…
China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement, " a researcher noted.
The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption.
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.
Quantum computers are coming and may impact systems in unexpected ways, and it will "take years to be fully quantum-safe, if ever, " cryptography exp…
Security experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos in a new paper from the Cloud Securit…
Threat actors breached the telehealth brand, and now they may know who's bald, overweight, and impotent. What could they do with that information?
Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.
Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns predicated on speed.
PRT-scan is the second in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration.
Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.
AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference.
A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack— whether it leads to short or long…
A newly released study exclusively shared with Dark Reading details the unique circumstances that make up Latin America's labor pool, and why organizations may…
The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.
Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to incl…
Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.
Organizations repeatedly expose ports, reuse passwords, and skip patches, creating security gaps that attackers exploit for breaches. An industry veteran outli…
While US government sits out this year, EU officials are on the ground in San Francisco leading the conversations on today's top cybersecurity challenges.
For the first time, SANS Institute's five top attack techniques all have one thing in common – AI.
Iran-aligned groups are trying to make their mark in the Gulf, but the results have fallen short of remarkable.
An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats.
Two cybersecurity leaders tested out AI in their respective SOCs for six months — and here's what they learned.
A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detectio…
The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year.
Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
These rulings prohibit the entities from entering or doing business in the European Union.
In addition to enabling remote access, the malware supports a wide range of capabilities, including data theft and spying.
Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering.
The cyberattackers leveraged trusted brands and domains in an attempt to redirect a C-suite executive at Outpost24 to give up his credentials.
Researchers uncovered an extensive cyberespionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional…
The excitement around Cisco's latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked risks.
Sophisticated phishing attacks are bypassing on-device protections with troubling frequency, making it more critical than ever for users to protect themselves…
Government agencies, emergency clinics, and others in Australia, New Zealand, and Tonga have had serious run-ins with the prolific ransomware outfit.
Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well.
In a seven-page strategy document, the Trump administration signaled a shift to preemption and deterrence to handling cyber threats.
Cylake's platform will analyze security data locally and identify potential attacks for organizations concerned about data sovereignty.
DPRK worker scams are old hat, but they're still working, thanks to AI tools that help with everything from face swapping to daily emails.
Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.
Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage.
Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.
Events and concepts from the Stranger Things television series illustrate how enterprises can defend their networks and stay "right side up. "
Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspec…
The now-patched flaw is the latest in a growing string of security issues associated with the viral AI tool, which has seen rapid adoption among developers.
HBO's "The Pitt" is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.
When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provide…
The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind.
A Chinese keyboard warrior inadvertently leaked information about politically motivated influence operations through a ChatGPT account.
ICS/OT experts have devised a scoring system for rating the severity and effects of cybersecurity events in operational technology environments.
Credential misuse, AI tools, and security blind spots help attackers move through breached networks faster than ever, CrowdStrike finds.
Investments in cybersecurity startups took off in 2025 as venture capital firms focused not just on AI-native tech but on talent as well.
The attacks cost banks more than $20 million in losses last year, as criminals used many of the same tools and tactics they have wielded for more than a decade.
Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.
Paste a URL to share with the community
