darkreading
GITEX GLOBAL 2025
1 week 6 days hence
Ukrainian Cops Spoofed in Fileless Phishing Attacks on Kyiv
4 hours 15 minutes ago
Attackers impersonate the National Police of Ukraine to deploy Amatera Stealer and PureMiner, using malicious Scalable Vector Graphics to trick victims.
Elizabeth Montalbano, Contributing Writer
Volvo Employee SSNs Stolen in Supplier Ransomware Attack
2 days 23 hours ago
Three international vehicle manufacturers have fallen to supply chain cyberattacks in the past month alone.
Nate Nelson, Contributing Writer
Iranian State Hackers Use SSL.com Certificates to Sign Malware
3 days 3 hours ago
Security researchers say multiple threat groups, including Iran's Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company.
Rob Wright
Prep is Underway, But 2026 FIFA World Cup Poses Significant Cyber Challenges
3 days 5 hours ago
The world's most-popular sports contest starts in June 2026 across 16 venues in three countries: Securing the event infrastructure from cyber threats will require massive collaboration.
Robert Lemos, Contributing Writer
Cisco's Wave of Actively Exploited Zero-Day Bugs Targets Firewalls, IOS
3 days 23 hours ago
Patch now: Cisco recently disclosed four actively exploited zero-days affecting millions of devices, including three targeted by a nation-state actor previously discovered to be behind the "ArcaneDoor" campaign.
Alexander Culafi
Chinese APT Drops 'Brickstorm' Backdoors on Edge Devices
3 days 23 hours ago
The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the "Brickstorm" backdoor.
Jai Vijayan, Contributing Writer
Salesforce AI Agents Forced to Leak Sensitive Data
4 days 1 hour ago
Yet again researchers have uncovered an opportunity (dubbed "ForcedLeak" for indirect prompt injection against autonomous agents lacking sufficient security controls — but this time the risk involves PII, corporate secrets, physical location data, and so much more.
Nate Nelson, Contributing Writer
How Cloud Service Disruptions Are Making Resilience Critical for Developers
4 days 5 hours ago
Outages affecting DevOps tools threaten to leave developers coding like it's 1999. How serious is the threat and what can companies do?
Robert Lemos, Contributing Writer
CISA: Attackers Breach Federal Agency via Critical GeoServer Flaw
4 days 21 hours ago
Threat actors exploited CVE-2024-36401 less than two weeks after it was initially disclosed and used it to gain access to a large federal civilian executive branch (FCEB) agency that uses the geospatial mapping data.
Rob Wright
The Fall of Scattered Spider? Teen Member Surrenders Amid Group's Shutdown Claims
4 days 22 hours ago
The cybercrime group continues to gain attention despite its apparent shutdown last week.
Kristina Beek
Russia Targets Moldovan Election in Disinformation Play
4 days 23 hours ago
Researchers have tracked a Russian disinformation campaign against upcoming Moldovan elections, linking it to a previous campaign that began in 2022.
Alexander Culafi
Threat Actor Deploys 'OVERSTEP' Backdoor in Ongoing SonicWall SMA Attacks
5 days 6 hours ago
Hackers tracked as UNC6148 are attacking SonicWall security devices by installing hidden software, allowing them to control systems, steal passwords, and hide their activities.
Kristina Beek
Npm Package Hides Malware in Steganographic QR Codes
5 days 10 hours ago
The poisoned package, purporting to be a JavaScript utility, threatens the software supply chain with a highly obsfuscated credential stealer.
Elizabeth Montalbano, Contributing Writer
Chinese APT Leans on Researcher PoCs to Spy on Other Countries
5 days 18 hours ago
"RedNovember" is both lazy and punctual: always quick to do its homework on new vulnerabilities, but always getting the answers from cyber defenders.
Nate Nelson, Contributing Writer
As Incidents Rise, Japanese Government's Cybersecurity Falls Short
5 days 19 hours ago
The Japanese government suffered the most cybersecurity incidents in 2024 — 447, nearly double the previous year — while failing to manage 16% of critical systems.
Robert Lemos, Contributing Writer
GitHub Aims to Secure Supply Chain as NPM Hacks Ramp Up
5 days 22 hours ago
GitHub will address weak authentication and overly permissive tokens in the NPM ecosystem, following high-profile threat campaigns like those involving Shai-Hulud malware.
Alexander Culafi
Exposed Docker Daemons Fuel DDoS Botnet
5 days 22 hours ago
The for-hire platform leverages legitimate cloud-native tools to make detection and disruption harder for defenders and SOC analysts.
Jai Vijayan, Contributing Writer
From FBI to CISO: Unconventional Paths to Cybersecurity Success
5 days 22 hours ago
Cybersecurity leader Jason Manar shares insights on diverse career paths, essential skills, and practical advice for entering and thriving in the high-stress yet rewarding field of cybersecurity.
Kristina Beek
Checked
1 hour 5 minutes ago
Public RSS feed
darkreading feed