darkreading

Have you ever given two seconds of thought to a browser notification? No? That's what hackers bent on phishing are counting on.

Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and phishing attacks.

The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks.

A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.

When international corporations have to balance competing cyber laws from different countries, the result is fragmented, potentially vulnerable systems.

Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks.

Initially though to be a DDoS attack, the incident was actually due to a routine change in permissions that caused widespread software failure.

It only takes recycled cans, copper, and cheap gadgets off the Web to trick a train conductor into doing something dangerous.

The collaborative effort combines multiple federal departments, along with private companies to reduce, if not eliminate, billions lost annually to fraud.

IoT devices can be compromised, thanks to gaps in cloud management interfaces for firewalls and routers, even if they're protected by security software or not online.

As vulnerabilities in the Common Vulnerabilities and Exposures ecosystem pile up, one Black Hat Europe presenter hopes for a global, distributed alternative.

Researchers say Israel remains a central focus, with UNC1549 targeting aerospace and defense entities in the US, the UAE, Qatar, Spain, and Saudi Arabia.

Free the logs! Behind the scenes at InfluxData, which turned to its own in-house security monitoring platform, DiSCO, to protect its supply chain after its third-party tool was breached.

A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.

Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.

Security teams can combat alert fatigue, high rates of false positives, and reduce time spent on manual data collection with Mate's SOC platform, which utilizes AI agents to autonomously investigate and resolve alerts.

The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands.

Four individuals admitted to assisting foreign IT workers in gaining employment at US companies by providing false identities and remote access to employer-owned laptops.

Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.

The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors.