Category: darkreading

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed A major bug in Oracle’s ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data. Nate Nelson Go to gbhackers.com

Claude Fable 5 Doesn’t Change the Mythos Security Story Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos “made safe for general use,” Anthropic explained. Alexander Culafi Go to gbhackers.com

Phishing Attack Volume Down 20%, but Risk Still Rising Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiplying them. Nate Nelson Go to gbhackers.com

Segmentation Works for OT If Operators Are Paying Attention Operational technology security remains as difficult as ever, with even the best practice recommendation falling short. Arielle Waldman Go to gbhackers.com

Chinese, N. Korean Threat Groups Build on Asia-Pacific Success North Korea’s gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms. Robert Lemos Go to gbhackers.com

CISA Rewrites Federal Patching Requirements for AI Threat Era The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred. Jai Vijayan Go to gbhackers.com

Bug Bounty Research Triggers ServiceNow Security Alert Bug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances. Alexander Culafi Go to gbhackers.com

Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. Elizabeth Montalbano Go to gbhackers.com

The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life Former National Cyber Director Chris Inglis warns that cyber attacks threaten hospitals, utilities and essential services. Chris Inglis Go to gbhackers.com

Blame AI: Patch Tuesday Hits Record 206 CVEs Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery. Jai Vijayan Go to gbhackers.com

Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address “Ghost-Sender” uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing. Alexander Culafi Go to gbhackers.com

Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month. Rob Wright Go to gbhackers.com

Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. Elizabeth Montalbano Go to gbhackers.com

Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims. Jai Vijayan Go to gbhackers.com

Check Point VPN Flaw Exploited Since Early May A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident. Alexander Culafi Go to gbhackers.com

Iran Signed a Ceasefire — Its Hackers Didn’t An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict. Emil Sayegh Go to gbhackers.com

‘Hades’ Campaign Against PyPI Puts New Spin on Shai-Hulud The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat. Elizabeth Montalbano Go to gbhackers.com

Exposed Fuel Tank Gauges Under Attack in the US Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption. Nate Nelson Go to gbhackers.com

Adaptive, Agentic AI Worms Loom as Next Enterprise Threat AI worms, or “viruses with wings and brains,” adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say. Robert Lemos Go to gbhackers.com

Trump AI Order Seeks Voluntary Frontier Model Testing The White House’s executive order establishes voluntary framework for early government access to frontier models while investing in federal security. Alexander Culafi Go to gbhackers.com

Rust-Written IronWorm Hits NPM Supply Chain Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel. Jai Vijayan Go to gbhackers.com

China’s TA4922 Expands Cybercrime Attacks Globally One of the world’s most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia. Nate Nelson Go to gbhackers.com

4 Critical Threats Where Attackers Have the Advantage Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections. Rob Wright Go to gbhackers.com

Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs Organizations are growing serious about what nation’s rules apply to their data. Experts point to geopolitical tensions as a main contributing factor. Arielle Waldman Go to gbhackers.com

Pakistan Spies on Afghan Finance Ministry With Xeno RAT Despite broadly connected digital infrastructure, standard fare TTPs are enough to cause trouble for Afghanistan’s porous cybersecurity. Nate Nelson Go to gbhackers.com

Attackers Use AI to Automate EDR Evasion Testing Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. Alexander Culafi Go to gbhackers.com

Tropical Blend: Cyber & Politics Ramp Up Across Latin America China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests. Robert Lemos Go to gbhackers.com

Cyber Insurance Rates Are Dropping, but Exclusions Widen Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix. Rob Wright Go to gbhackers.com

Malicious Notifications Could Trick Google Gemini Users A prompt injection flaw in Google Gemini’s voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more. Alexander Culafi Go to gbhackers.com

Global Stock Exchange Hit by Monthslong Email Campaign A threat actor got a near-continuous view into an influential finance executive’s email inbox, thanks to clever use of legitimate, native Windows tools. Nate Nelson Go to gbhackers.com

Zoom CISO: AI as Security Enabler, Not Role-Replacer As Zoom’s CISO, Sandra McLeod, discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and advice for aspiring cybersecurity leaders. Kristina Beek Go to gbhackers.com

FBI-Flagged Phishing Kit Kali365 Expands Its Reach Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing. Jai Vijayan Go to gbhackers.com

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware. Elizabeth Montalbano Go to gbhackers.com

China Uses Dual-Method Cyberattack on Czech Orgs China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware. Alexander Culafi Go to gbhackers.com

Securing AI Agents Before They Go Rogue Is Next to Impossible High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story. Rob Wright Go to gbhackers.com

Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense Twenty years after Dark Reading launched, we’re looking ahead at what’s next for enterprise security. Spoiler: It’s hyper-segmented, AI-orchestrated, and way more sophisticated than your dad’s firewall. Fahmida Y. Rashid, Tara Seals Go to gbhackers.com

Anthropic to Open Mythos AI to EU’s ENISA The European security agency’s entry to Project Glasswing is the result of “strong bilateral cooperation” between the European Commission and Anthropic. Jai Vijayan Go to gbhackers.com

Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May. Elizabeth Montalbano Go to gbhackers.com

Name That Toon: Mark of (Cybersecurity) Progress As part of Dark Reading’s 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry’s last two decades. John Klossner Go to gbhackers.com

Asia’s Cyber Insurance Market Shows Signs of Life The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing. Alexander Culafi Go to gbhackers.com

With Complex Cloud Integrations, Small Errors Lead to Major Compromises Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service. Robert Lemos Go to gbhackers.com

‘The Com’ Cyberattacks Support Violence & Sexploitation Your organization’s security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes. Nate Nelson Go to gbhackers.com

Dutch Raid Fails to Dent Russian Bulletproof Host Dutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider’s core IP address space intact. Jai Vijayan Go to gbhackers.com

Name That Toon Contest Go to gbhackers.com

Agentic AI Isn’t Risky; the Way Orgs Deploy It Is AI agents aren’t black boxes — they’re models interacting with software tools. The risk lies in their overlap. Nate Nelson Go to gbhackers.com

Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security In this latest installment of the Reporters’ Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what’s covered (and what’s not), and why this could be the best thing to happen to cybersecurity. Fahmida Y. Rashid, Kristina Beek Go to…

Nordic CISOs Handle Rising Cyber Threats Remarkably Well Artificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they’re facing no more serious cyberattacks than they did two years ago. Nate Nelson Go to gbhackers.com

Ransomware Actors Show Up In Person to Steal Law Firm Data The FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and databases. Alexander Culafi Go to gbhackers.com

Latin American Cybercriminals Hoover Up Government Data A purported leak exposing 5.8 million records of Uruguayan citizens is the latest incident where cybercriminals targeted government agencies to monetize citizen data. Robert Lemos Go to gbhackers.com

Cybersecurity Evolution: How We Went From Perimeter Defense to AI-Native Security The cybersecurity industry of 2006 barely resembled today’s billion-dollar behemoth. As part of Dark Reading’s 20th anniversary celebration, we trace the industry’s evolution through a technology lens. Fahmida Y. Rashid Go to gbhackers.com

Feeding Frenzy: ‘Megalodon’ Malware Infects Thousands of GitHub Repos In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more. Rob Wright Go to gbhackers.com

The Hackers Behind Shai-Hulud: Lucky or Skilled? TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it’s not necessarily due to skill alone. Alexander Culafi Go to gbhackers.com

Remembering Tim Wilson, Whose Legacy Lives on at Dark Reading The co-founder and former editor-in-chief passed away five years ago in November. As Dark Reading enters is third decade, we pause to celebrate and honor Wilson’s instrumental role in building and elevating the media site. Kelly Jackson Higgins Go to gbhackers.com

Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers When Akamai announced its LayerX acquisition, the company joined a growing list of vendors adding secure enterprise browsers to their product portfolios. Jeffrey Schwartz Go to gbhackers.com

Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Ransomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable. Arielle Waldman Go to gbhackers.com

China’s Webworm Uses Discord, Microsoft Graphs to Hack EU Govts. The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker. Alexander Culafi Go to gbhackers.com

How CISOs Should Prep for Agentic-Ready AI BOMs Finding ways to document both component and execution attributes for AI bill of materials (AI BOM). Ericka Chickowski, Contributing Writer Go to gbhackers.com

Google API Keys Remain Active After Deletion A security researcher discovered the API keys can still be used for 23 minutes after deletion, even though the cloud provider claims deletion is immediate. Rob Wright Go to gbhackers.com

AI Agents Are Shifting Identity Security Budget Dynamics AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects. Todd Thiemann Go to gbhackers.com

Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks “Showboat” doesn’t show off, but clearly it doesn’t need to, as it’s long helped China spy on small market communications providers. Nate Nelson Go to gbhackers.com

Content Delivery Exploit Opens Websites to Brand Hijacking The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity. Nate Nelson Go to gbhackers.com

Cyber Pros Can’t Decide If AI Is a Good or a Bad Thing There is nothing cybersecurity professionals are more excited about, and nothing they fear more, than AI. Nate Nelson Go to gbhackers.com

GitHub Confirms Breach, 4K Internal Repos Stolen Open source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit. Alexander Culafi Go to gbhackers.com

Processes and Culture Top Reasons Behind Data Breaches Government leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short. Arielle Waldman Go to gbhackers.com

Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment. Elizabeth Montalbano Go to gbhackers.com

Infosecurity Europe Go to gbhackers.com

Interpol’s ‘Operation Ramz’ Pioneers Cross-Region Collabs in Middle East While the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date. Robert Lemos Go to gbhackers.com

What Will Make AI BOMs Real? A brief overview of the forces at play that will get more organizations on board with creating and consuming AI bill of materials (BOMs). Ericka Chickowski, Contributing Writer Go to gbhackers.com

Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut Verizon’s “2026 Data Breach Investigations Report” (“DBIR”) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys. Alexander Culafi Go to gbhackers.com

Windows Zero-Day Barrage Continues After Patch Tuesday YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks. Jai Vijayan Go to gbhackers.com

CISA Exposes Secrets, Credentials in ‘Private’ Repo The agency’s GitHub repository, publicly available since November 2025, was ironically named “Private-CISA.” Rob Wright Go to gbhackers.com

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution. Elizabeth Montalbano Go to gbhackers.com

Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution Dark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn that while AI, cloud, and COVID-19 have transformed the threat landscape, organizations are still failing at fundamental security hygiene that could stop sophisticated attacks…

Is 2026 the Year AI Bills of Materials Get Real? Understanding AI BOMs and where they fit into risk management for artificial intelligence. Ericka Chickowski, Contributing Writer Go to gbhackers.com

Microsoft Exchange Zero-Day Under Attack, No Patch Available CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes. Rob Wright Go to gbhackers.com

‘Claw Chain’ Vulnerabilities Threaten OpenClaw Deployments The now patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence. Jai Vijayan Go to gbhackers.com

Shai-Hulud Worm Clones Spread After Code Release The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale. Alexander Culafi Go to gbhackers.com

Fuel Tank Breaches Expand Scope of Iran’s Cyber Offensive Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors. Elizabeth Montalbano Go to gbhackers.com

The Boring Stuff is Dangerous Now AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly. Shlomie Liberow Go to gbhackers.com

Cyber Pioneers Ponder Past as Prologue Robert “RSnake” Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood the test of time. Kelly Jackson Higgins, Becky Bracken Go to gbhackers.com

Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response. Robert Lemos Go to gbhackers.com

SecurityScorecard Snags Driftnet to Level Up Threat Intelligence The new acquisition looks to boost visibility into third-party ecosystems that are becoming a bigger concern as vectors for supply-chain attacks. Arielle Waldman Go to gbhackers.com

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco’s network control system. Nate Nelson Go to gbhackers.com

‘FrostyNeighbor’ APT Carefully Targets Govt Orgs in Poland, Ukraine Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group. Elizabeth Montalbano Go to gbhackers.com

AI Drives Cybersecurity Investments, Widening ‘Valley of Death’ In a role reversal, investment dollars in AI security startups exceeded the value of AI acquisitions in 1Q26 by more than $1 billion, a rare occurrence. Rob Wright Go to gbhackers.com

Foxconn Attack Highlights Manufacturing’s Cyber Crisis A Nitrogen ransomware attack on Foxconn’s North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime. Jai Vijayan Go to gbhackers.com

Attackers Weaponize RubyGems for Data Dead Drops Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective. Alexander Culafi Go to gbhackers.com

Checkbox Assessments Aren’t Fit to Measure to Risk Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools. Arielle Waldman Go to gbhackers.com

Tables Turn on ‘The Gentlemen’ RaaS Gang With Data Leak An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure. Nate Nelson Go to gbhackers.com

Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape Informa TechTarget’s flagship cybersecurity media brand launches a special content series to mark two decades as a trusted source for cybersecurity professionals. Go to gbhackers.com

LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil. Alexander Culafi Go to gbhackers.com

China’s ‘FamousSparrow’ APT Nests in South Caucasus Energy Firm The cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors. Robert Lemos Go to gbhackers.com

It’s Patch Tuesday for Microsoft and Not a Zero-Day In Sight It’s the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do. Jai Vijayan Go to gbhackers.com

Hugging Face Packages Weaponized With a Single File Tweak A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model’s outputs and exfiltrate data. Alexander Culafi Go to gbhackers.com

20 Leaders Who Built the CISO Era: 2 Decades of Change As part of Dark Reading’s 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook. Dark Reading Editorial Team Go to gbhackers.com

FCC Softens Ban on Foreign-Made Routers The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place. Jai Vijayan Go to gbhackers.com

Tech Can’t Stop These Threats — Your People Can Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense. A. Stryker Go to gbhackers.com

‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation. Elizabeth Montalbano Go to gbhackers.com

Hackers Use AI for Exploit Development, Attack Automation Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks. Alexander Culafi Go to gbhackers.com

Cyber Espionage Group Targets Aviation Firms to Steal Map Data The campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries’ world view. Robert Lemos Go to gbhackers.com