darkreading

Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before sending it to a C2 server.

The "ZombieAgent" exploit makes use of ChatGPT's long-term memory and advanced capabilities.

Here are the top cloud security trends I'm seeing in my crystal ball for the New Year — particularly arming us for AI adoption.

Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands.

Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.

Cyber's role in the US raid on Venezuela remains a question, though President Trump alluded to "certain expertise" in shutting down the power grid in Caracas.

Pro-Russian group NoName057(16) uses a custom denial-of-service tool to mobilize volunteers and disrupt government, media, and institutional sites tied to Ukraine and the West.

An emerging threat actor that goes by "Zestix" used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises.

Scattered Lapsus$ Hunters, also known as ShinyHunters, were drawn in using a realistic, yet mostly fake, dataset.

Threat actors are using the social engineering technique and a legitimate Microsoft tool to deploy the DCRat remote access Trojan against targets in the hospitality sector.

These startups reimagined browser security, pioneered application security for AI-generated code, and are building consensus on agentic vs. human costs.

With employees looking for the benefits of artificial intelligence, a fintech company stepped up controls with automation.

Insured entities are becoming more sophisticated in their views on how cyber policies fit into their broader risk management plans.

A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.

Two US citizens pleaded guilty to working as ALPHV/BlackCat ransomware affiliates in 2023, and both were previously employed by prominent security firms.

Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises.

Cybersecurity experts discuss 2026 predictions, highlighting the rise of AI-driven threats, the shift to resilience over prevention, and the urgent need for advanced security measures to combat evolving risks.

From securing supply chain defenses and MCPs across AI workflows to formal AI and quantum governance, experts share their wish lists for cyber safety in 2026.

The April/May zero-day exploitations of Ivanti's mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT — and history will probably repeat itself.

What happens to all of those always-connected devices when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues.