darkreading
Public RSS feed
Mentorship and Diversity: Shaping the Next Generation of Cyber Experts
Patricia Voight, CISO at Webster Bank, shares her expertise on advancing cybersecurity careers, combating financial crimes, and championing diversi...
Posted on 26 December 2025 | 3:15 pm
As More Coders Adopt AI Agents, Security Pitfalls Lurk in 2026
Developers are leaning more heavily on AI for code generation, but in 2026, the development pipeline and security need to be prioritized.
Posted on 26 December 2025 | 1:04 pm
Dark Reading Opens The State of Application Security Survey
Take part in the new survey from Dark Reading and help uncover trends, challenges, and solutions shaping the future of application security.
Posted on 26 December 2025 | 12:00 pm
Industry Continues to Push Back on HIPAA Security Rule Overhaul
Healthcare cyberattacks are on the rise, but industry organizations say the proposed changes to the security rules fall short of what's needed.
Posted on 23 December 2025 | 8:22 pm
ServiceNow Buys Armis for $7.75B, Boosts 'AI Control Tower'
Its latest cybersecurity acquisition will help further ServiceNow's plans for autonomous cybersecurity, and building a security stack to proactivel...
Posted on 23 December 2025 | 8:03 pm
Amazon Fends Off 1,800 Suspected DPRK IT Job Scammers
The tech giant has been beset by a deluge of state-sponsored North Korean operatives, showcasing the sheer scale of the IT worker scam problem.
Posted on 23 December 2025 | 5:42 pm
Sprawling 'Operation Sentinel' Neutralizes African Cybercrime Syndicates
Interpol said law enforcement across 19 countries made 574 arrests and recovered $3 million, against a backdrop of spiraling cybercrime in the regi...
Posted on 23 December 2025 | 5:16 pm
Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices
With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors whose products have been targeted in recent weeks.
Posted on 22 December 2025 | 8:29 pm
Uzbek Users Under Attack by Android SMS-Stealers
Telegram users in Uzbekistan are being targeted with Android SMS-stealer malware, and what's worse, the attackers are improving their methods.
Posted on 22 December 2025 | 5:07 pm
Cisco VPNs, Email Services Hit in Separate Threat Campaigns
The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart.
Posted on 19 December 2025 | 8:05 pm
LongNosedGoblin Caught Snooping on Asian Governments
New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan.
Posted on 19 December 2025 | 4:38 pm
Identity Fraud Among Home-Care Workers Puts Patients at Risk
Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent ...
Posted on 19 December 2025 | 3:04 pm
A Good Year for North Korean Cybercriminals
North Korea shifted its strategy to patiently target "bigger fish" for larger payouts, using sophisticated methods to execute attacks at opportune ...
Posted on 19 December 2025 | 2:00 pm
A Cybersecurity Playbook for AI Adoption
AI adds real value to cybersecurity today, but it cannot yet serve as a single security guardian. Here's how organizations can safely combine AI-dr...
Posted on 19 December 2025 | 2:00 pm
SonicWall Edge Access Devices Hit by Zero-Day Attacks
In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed ...
Posted on 18 December 2025 | 10:25 pm
Dormant Iran APT is Still Alive, Spying on Dissidents
"Prince of Persia" has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-c...
Posted on 18 December 2025 | 1:00 pm
Critical Fortinet Flaws Under Active Attack
Attackers are targeting admin accounts, and once authenticated, exporting device configurations including hashed credentials and other sensitive in...
Posted on 17 December 2025 | 10:44 pm
In Cybersecurity, Claude Leaves Other LLMs in the Dust
Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest i...
Posted on 17 December 2025 | 10:01 pm
'Cellik' Android RAT Leverages Google Play Store
The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.
Posted on 17 December 2025 | 9:38 pm
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity
The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. (First in a...
Posted on 17 December 2025 | 9:14 pm
'Fake Proof' and AI Slop Hobble Defenders
In the React2Shell saga, nonworking and trivial proof-of-concept exploits led to confusion and perhaps a false sense of security. Can the onslaught...
Posted on 17 December 2025 | 8:58 pm
The Future of Quantum-Safe Networks Depends on Interoperable Standards
As quantum computing advances, secure, interoperable standards will be critical to making quantum key distribution (QKD) practical, trusted, and fu...
Posted on 17 December 2025 | 8:46 pm
Attackers Use Stolen AWS Credentials in Cryptomining Campaign
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple custom...
Posted on 17 December 2025 | 4:33 pm
Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation
Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.
Posted on 17 December 2025 | 7:00 am
Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps
A high-school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders.
Posted on 16 December 2025 | 10:53 pm
Why You Should Train Your SOC Like a Triathlete
The key elements in a security operations center's strategy map align closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, p...
Posted on 16 December 2025 | 10:20 pm
Venezuelan Oil Company Downplays Alleged US Cyberattack
But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company.
Posted on 16 December 2025 | 8:33 pm
Russia Hits Critical Orgs Via Misconfigured Edge Devices
Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector.
Posted on 16 December 2025 | 8:03 pm
Browser Extension Harvests 8M Users' AI Chatbot Data
Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot, and other AI assis...
Posted on 16 December 2025 | 4:14 pm
Enterprises Gear Up Ahead of 2026's IT Transformation Shift
Experts predict big changes are coming for IT infrastructure in 2026, driven by AI adoption, hybrid cloud strategies, and evolving security demands.
Posted on 16 December 2025 | 3:08 pm
How Cyber Insurance MGAs Shape Policies for Evolving Cyber-Risks
Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflec...
Posted on 15 December 2025 | 10:28 pm
Apple Patches More Zero-Days Used in 'Sophisticated' Attack
Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.
Posted on 15 December 2025 | 9:25 pm
Think Like an Attacker: Cybersecurity Tips From a CISO
Etay Maor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field ...
Posted on 15 December 2025 | 8:07 pm
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files
A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.
Posted on 15 December 2025 | 3:33 pm
The CISO-COO Partnership: Protecting Operational Excellence
Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship ...
Posted on 12 December 2025 | 9:12 pm
React2Shell Exploits Flood the Internet as Attacks Continue
As exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web applicati...
Posted on 12 December 2025 | 8:11 pm
Vibe Coding: Innovation Demands Vigilance
Unmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers.
Posted on 12 December 2025 | 8:07 pm
Microsoft Will Bundle Security Copilot With M365 Enterprise Licenses
The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference la...
Posted on 12 December 2025 | 7:32 pm
Supply Chain Attacks Targeting GitHub Actions Increased in 2025
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and no...
Posted on 12 December 2025 | 6:37 pm
Are Trade Concerns Trumping US Cybersecurity?
The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on dipl...
Posted on 12 December 2025 | 2:00 pm
Hamas-Linked Hackers Probe Middle Eastern Diplomats
Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.
Posted on 12 December 2025 | 7:00 am
Money Mules Require Banks to Switch From Defense to Offense
Financial institutions must be proactive when identifying and preventing fraudulent activity. Here are five "mule personas" to watch for.
Posted on 11 December 2025 | 11:13 pm
Encouraging Industry Voices to Write for the Commentary Section
Dark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.
Posted on 11 December 2025 | 10:48 pm
Attackers Exploited Gogs Zero-Day Flaw for Months
Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.
Posted on 11 December 2025 | 8:11 pm
AI in OT Sparks Cascade of Complex Challenges
Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.
Posted on 11 December 2025 | 2:50 pm
Copilot's No-Code AI Agents Liable to Leak Company Data
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
Posted on 11 December 2025 | 10:00 am
Storm-0249 Abuses EDR Processes in Stealthy Attacks
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.
Posted on 10 December 2025 | 9:59 pm
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' comp...
Posted on 10 December 2025 | 9:02 pm
Feds: Pro-Russia Hacktivists Target US Critical Infrastructure
So far the attacks, which compromise virtual network computing (VNC) connections in OT systems, have not been particularly destructive, but this co...
Posted on 10 December 2025 | 12:56 pm
Japanese Firms Suffer Long Tail of Ransomware Damage
Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.
Posted on 10 December 2025 | 12:00 am