darkreading
'MostereRAT' Malware Blends In, Blocks Security Tools
19 hours 20 minutes ago
A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems.
Jai Vijayan, Contributing Writer
Salesloft Breached via GitHub Account Compromise
19 hours 51 minutes ago
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens.
Rob Wright
The Critical Failure in Vulnerability Management
1 day 2 hours ago
Organizations are seeking assistance to fix critical vulnerabilities. Solutions that orchestrate and automate network device protection put us on the right path.
Amar Ramakrishnan
45 New Domains Linked to Salt Typhoon, UNC4841
1 day 6 hours ago
The China-backed threat actors have used the previously undiscovered infrastructure to obtain long-term, stealthy access to targeted organizations.
Elizabeth Montalbano, Contributing Writer
How Has IoT Security Changed Over the Past 5 Years?
3 days 19 hours ago
Experts see subtle improvements from new laws and best practices, but much work remains.
Arielle Waldman
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
3 days 19 hours ago
Exploitation of CVE-2025-42957 requires "minimal effort" and can result in a complete compromise of the SAP system and host OS, according to researchers.
Rob Wright
Anyone Using Agentic AI Needs to Understand Toxic Flows
3 days 20 hours ago
The biggest vulnerabilities may lie at the boundaries of where the AI agent connects with the enterprise system.
Ericka Chickowski, Contributing Writer
Secretive MaaS Group 'TAG-150' Develops Novel 'CastleRAT'
3 days 21 hours ago
TAG-150 is running a multifaceted and relatively successful malware-as-a-service operation, without advertising itself on the Dark Web.
Nate Nelson, Contributing Writer
Scammers Are Using Grok to Spread Malicious Links on X
4 days ago
It's called "grokking," and gives spammers a way to skirt X's ban on links in promoted posts and reach larger audiences than ever before.
Nate Nelson, Contributing Writer
Embracing the Next Generation of Cybersecurity Talent
4 days 2 hours ago
Programs like student-run SOCs can expand our cybersecurity workforce and better secure our public and private entities for when, not if, cyberattacks occur.
Bruce Johnson
Federal Cuts Put Local, State Agencies at Cyber-Risk
4 days 3 hours ago
Cyberattackers target local and state agencies, a problem as the Trump administration cuts cybersecurity funds and culls workers at federal security agencies.
Robert Lemos, Contributing Writer
Sitecore Zero-Day Sparks New Round of ViewState Threats
4 days 18 hours ago
The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks.
Rob Wright
Bridgestone Americas Confirms Cyberattack
4 days 19 hours ago
Reports of disruptions at North American plants emerged earlier this week, though the nature of the attack on the tire manufacturer remains unclear.
Kristina Beek
Chinese Hackers Game Google to Boost Gambling Sites
4 days 19 hours ago
New threat actor "GhostRedirector" is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites.
Jai Vijayan, Contributing Writer
ISC2 Aims to Bridge DFIR Skills Gap With New Certificate
4 days 19 hours ago
The nonprofit training organization's new program addresses digital forensics, incident management, and network threat hunting.
Arielle Waldman
Phishing Empire Runs Undetected on Google, Cloudflare
4 days 20 hours ago
What's believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years.
Elizabeth Montalbano, Contributing Writer
Czech Warning Highlights China Stealing User Data
4 days 20 hours ago
Czech cyber agency NÚKIB warned of the risks of using products and software that send data back to China.
Alexander Culafi
Blast Radius of Salesloft Drift Attacks Remains Uncertain
4 days 23 hours ago
Many high-profile Salesloft Drift customers have disclosed data breaches as a result of a recent supply chain attack, but the extent and severity of this campaign are unclear.
Alexander Culafi
UltraViolet Expands AppSec Capabilities With Black Duck's Testing Business
5 days 1 hour ago
The addition of Black Duck's application security testing offering to UltraViolet Cyber's portfolio helps security teams find and remediate issues earlier in the security lifecycle.
Dark Reading Staff
Checked
11 hours 9 minutes ago
Public RSS feed
darkreading feed