darkreading
Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults
14 hours 19 minutes ago
Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.
Nate Nelson, Contributing Writer
'ReVault' Security Flaws Impact Millions of Dell Laptops
15 hours 18 minutes ago
The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.
Jai Vijayan, Contributing Writer
VexTrio Cybercrime Outfit Run by Legit Ad Tech Firms
16 hours 19 minutes ago
New research reveals that a malicious traffic distribution system (TDS) is run not by "hackers in hoodies," but by a series of corporations operating in the commercial digital advertising industry.
Rob Wright
Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights
17 hours 23 minutes ago
Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.
Kristina Beek
Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw
20 hours 10 minutes ago
Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud-based products but won't have a patch for its on-premises version until mid-August.
Elizabeth Montalbano, Contributing Writer
What CMMC 3.0 Really Means for Government Contractors
22 hours 19 minutes ago
The ultimate goal of CMMC 3.0 is not just compliance — it's resilience.
Kyle Dewar
Phishers Abuse Microsoft 365 to Spoof Internal Users
23 hours 19 minutes ago
The "Direct Send" feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways.
Jai Vijayan, Contributing Writer
With Eyes on AI, African Orgs Push Security Awareness
1 day 6 hours ago
Against the backdrop of the artificial intelligence surge, most African organizations have some form of cybersecurity awareness training but fail to test frequently and don't trust the results.
Robert Lemos, Contributing Writer
To Raise or Not to Raise: Bootstrapped Founders Share Their Views
1 day 10 hours ago
A trio of startup founders — GreyNoise's Andrew Morris, Thinkst Canary's Haroon Meer, and runZero's HD Moore — agree that raising venture capital funding can be beneficial, but a company's success depends on how well the product fits customer needs.
Arielle Waldman
Pandora Confirms Third-Party Data Breach, Warns of Phishing Attempts
1 day 14 hours ago
The jewelry retailer is warning customers that their data can and might be used maliciously.
Kristina Beek
RCE Flaw in AI-Assisted Coding Tool Poses Software Supply Chain Risk
1 day 18 hours ago
A critical vulnerability in the trust model of Cursor, a fast-growing tool for LLM-assisted development, allows for silent and persistent remote code execution.
Elizabeth Montalbano, Contributing Writer
Cisco User Data Stolen in Vishing Attack
1 day 18 hours ago
The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including email addresses and phone numbers.
Alexander Culafi
Why the Old Ways Are Still the Best for Most Cybercriminals
1 day 22 hours ago
While the cybercrime underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020.
Jon Clay
Google Chrome Enterprise: More Than an Access Point to the Web
2 days 5 hours ago
In a conversation with Dark Reading's Terry Sweeney, Lauren Miskelly from Google explains that Chrome Enterprise is the same Chrome browser that consumers use, but with additional enterprise-grade controls, reporting capabilities, and administrative features.
Terry Sweeney
Minimal, Hardened & Updated Daily: The New Standard for Secure Containers
2 days 14 hours ago
Chainguard provides DevSecOps teams with a library of "secure-by-default" container images so that they don't have to worry about software supply chain vulnerabilities. The startup is expanding its focus to include Java and Linux, as well.
Jeffrey Schwartz
NVIDIA Patches Critical RCE Vulnerability Chain
2 days 15 hours ago
The flaws in the company's Triton Inference Server enables model theft, data leaks, and response manipulation.
Jai Vijayan, Contributing Writer
CISA & FEMA Announce $100M+ in Community Cybersecurity Grants
2 days 16 hours ago
The grants are intended to help states, tribes, and localities enhance their cybersecurity resilience by providing them with monetary resources to reduce risks and implement new procedures.
Kristina Beek
MacOS Under Attack: How Organizations Can Counter Rising Threats
2 days 16 hours ago
Not only are attacks against macOS users ramping up, but threat actors have proved to be advanced with deepfake technology. Security awareness training may be the best defense.
Arielle Waldman
Threat Actors Increasingly Leaning on GenAI Tools
2 days 16 hours ago
From "eCrime" actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations.
Alexander Culafi
Checked
14 hours 19 minutes ago
Public RSS feed
darkreading feed