Category: darkreading

Australia Begins New Ransomware Payment Disclosure Rules The country will require certain organizations to report ransomware payments and communications within 72 hours after they’re made or face potential civil penalties. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Critical Bugs Could Spark Takeover of Widely Used Fire Safety OT/ICS Platform The unpatched security vulnerabilities in Consilium Safety’s CS5000 Fire Panel could create “serious safety issues” in environments where fire suppression and safety are paramount, according to a CISA advisory. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

In the AI Race With China, Don’t Forget About Security The US needs to establish a clear framework to provide reasonable guardrails to protect its interests — the quicker, the better. Andrew Grotto Go to gbhackers.com

‘Earth Lamia’ Exploits Known SQL, RCE Bugs Across Asia A “highly active” Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors. Nate Nelson, Contributing Writer Go to gbhackers.com

FBI Warns of Filipino Tech Company Running Sprawling Crypto Scams The US Treasury said cryptocurrency investment schemes like the ones facilitated by Funnull Technology Inc. have cost Americans billions of dollars annually. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Vibe Coding Changed the Development Process AI tools changed your development process. Now product security must change too. Michael Nov Go to gbhackers.com

Tenable to Acquire AI Security Startup Apex Apex will enhance Tenable’s AI Aware tool by mitigating the threats of AI applications and tools not governed by organizations, while enforcing existing security policies. Jeffrey Schwartz Go to gbhackers.com

CISO Stature Rises, but Security Budgets Remain Tight The rate of compensation gains has slowed from the COVID years, and budgets remain largely static due to economic fears, but CISOs are increasingly gaining executive status and responsibilities. Robert Lemos, Contributing Writer Go to gbhackers.com

From Code Red to Rust: Microsoft’s Security Journey At this year’s Build developer conference, Microsoft reflects on what the company learned about securing features and writing secure code in the early 2000s. Agam Shah Go to gbhackers.com

Victoria’s Secret Goes Offline After ‘Incident’ Claims The lingerie retailer isn’t revealing much about the security incident it’s dealing with but has brought in third-party experts to address the issue. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

SentinelOne Reports Services Are Back Online After Global Outage The outage reportedly hit 10 commercial customer consoles for SentinelOne’s Singularity platform, including Singularity Endpoint, XDR, Cloud Security, Identity, Data Lake, RemoteOps, and more. Becky Bracken Go to gbhackers.com

Zscaler’s Buyout of Red Canary Shows Telemetry’s Value Red Canary’s MDR portfolio complements Zscaler’s purchase last year of Israeli startup Avalor, which automates collection, curation, and enrichment of security data. Rob Wright Go to gbhackers.com

‘Everest Group’ Extorts Global Orgs via SAP’s HR Tool In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data. Nate Nelson, Contributing Writer Go to gbhackers.com

PumaBot Targets Linux Devices in Latest Botnet Campaign While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

A Defense-in-Depth Approach for the Modern Era By integrating intelligent network policies, zero-trust principles, and AI-driven insights, enterprises can create a robust defense against the next generation of cyber threats. Micah Bartell Go to gbhackers.com

‘Haozi’ Gang Sells Turnkey Phishing Tools to Amateurs The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Hundreds of Web Apps Have Full Access to OneDrive Files Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions. Jai Vijayan, Contributing Writer Go to gbhackers.com

Implementing Secure by Design Principles for AI Harnessing AI’s full transformative potential safely and securely requires more than an incremental enhancement of existing cybersecurity practices. A Secure by Design approach represents the best path forward. Diana Kelley Go to gbhackers.com

Cellcom Restores Regional Mobile Services After Cyberattack Customers in parts of Wisconsin and Michigan could not make calls or send text messages for nearly a week after an incident on May 14, and service is still intermittent in some areas. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Why Take9 Won’t Improve Cybersecurity The latest cybersecurity awareness campaign asks users to pause for nine seconds before clicking — but this approach misplaces responsibility and ignores the real problems of system design. Bruce Schneier, Arun Vishwanath Go to gbhackers.com

Have Your Say: Dark Reading Seeks Your Input Dark Reading is offering its readers the opportunity to tell us how we’re doing via a new survey. Kelly Jackson Higgins, Editor-in-Chief, Dark Reading Go to gbhackers.com

Zscaler Announces Deal to Acquire Red Canary The August acquisition will bring together Red Canary’s extensive integration ecosystem with Zscaler’s cloud transaction data to deliver an AI-powered security operations platform. Dark Reading Staff Go to gbhackers.com

Indian Police Arrest Cybercrime Gang Copycats of Myanmar Biz Model The region offers attractive conditions: a large pool of tech workers, economic disparity, and weak enforcement of cybercrime laws — all of which attract businesses legitimate and shady. Robert Lemos, Contributing Writer Go to gbhackers.com

Adidas Falls Victim to Third-Party Data Breach Though Adidas said that no payment or financial information was affected in the breach, individuals who contacted the compamy’s customer service help desk were impacted. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

CISA Warns of Attacks Targeting Commvault SaaS Environment A threat actor has gained access to Microsoft 365 environments of a small number of customers of Commvault’s Metallic service. Jai Vijayan, Contributing Writer Go to gbhackers.com

DragonForce Ransomware Strikes MSP in Supply Chain Attack DragonForce, a ransomware “cartel” that has gained significant popularity since its debut in 2023, attacked an MSP as part of a recent supply chain attack, via known SimpleHelp bugs. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

MathWorks, Creator of MATLAB, Confirms Ransomware Attack The attack dirsupted MathWorks’ systems and online applications, but it remains unclear which ransomware group targeted the software company and whether they stole any data. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

FBI: Silent Ransom Group Adopts Vishing Campaign Against Law Firms The non-ransomware extortion group has switched up tactics and victimology in a deliberate and focused campaign similar to those of other attackers focused on stealing sensitive data. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Danabot Takedown Deals Blow to Russian Cybercrime A multiyear investigation by a public-private partnership has resulted in the seizure of the botnet’s US-based infrastructure and indictments for its key players, significantly disrupting a vast cybercriminal enterprise. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

CVE Uncertainty Underlines Importance of Cyber Resilience Organizations need to broaden their strategy to manage vulnerabilities more effectively and strengthen network cyber resilience. Amar Ramakrishnan Go to gbhackers.com

3 Critical Pillars of Cyber-Resilience Encryption, collaboration, and AI can help organizations build up essential protection against ransomware. Tiago Henriques Go to gbhackers.com

How AI Is Transforming SASE, Zero Trust for Modern Enterprises By automating security policies and threat detection while coaching users on data protection, companies will be better able to take control of and protect their data. Robert Lemos, Contributing Writer Go to gbhackers.com

Rethinking Data Privacy in the Age of Generative AI The key to navigating this new GenAI landscape is a balanced approach — one that fosters transparency, strengthens regulatory frameworks, and embraces privacy-enhancing technologies. Jimmy Astle Go to gbhackers.com

3 Severe Bugs Patched in Versa’s Concerto Orchestrator Three zero-days could have allowed an attacker to completely compromise the Concerto application and the host system running it. Nate Nelson, Contributing Writer Go to gbhackers.com

Critical Bugs Left Unpatched in Versa’s Concerto Tool Three zero-days allow an attacker to completely compromise the Concerto application and the host system running it. The vendor has yet to address the issues after being notified three months ago. Nate Nelson, Contributing Writer Go to gbhackers.com

Companies Look to AI to Tame the Chaos of Event Security, Operations As the summer event season kicks off, venue managers and security firms aim to make AI part of the solution for keeping control of crowds and protecting against cyber-physical threats. Robert Lemos, Contributing Writer Go to gbhackers.com

Picus Launches Exposure Validation to Safely Deprioritize CVEs Go to gbhackers.com

Following Data Breach, Multiple Stalkerware Apps Go Offline The same easily exploitable vulnerability was found in three of the apps that led to the compromise of victims’ data. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

3am Ransomware Adopts Email Bombing, Vishing Combo Attack The emerging threat group is the latest to adopt the combo attack tactic, which Black Basta and other groups already are using to gain initial access for ransomware deployment. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

CISA: Russia’s Fancy Bear Targeting Logistics, IT Firms The mission is to gather information that could help Russia in its war against Ukraine. Jai Vijayan, Contributing Writer Go to gbhackers.com

Security Threats of Open Source AI Exposed by DeepSeek DeepSeek’s risks must be carefully considered, and ultimately mitigated, in order to enjoy the many benefits of generative AI in a manner that is safe and secure for all organizations and users. Maurice Uenuma Go to gbhackers.com

Keeping LLMs on the Rails Poses Design, Engineering Challenges Despite adding alignment training, guardrails, and filters, large language models continue to jump their imposed rails and give up secrets, make unfiltered statements, and provide dangerous information. Robert Lemos, Contributing Writer Go to gbhackers.com

GitLab’s AI Assistant Opened Devs to Code Theft Even after a fix was issued, lingering prompt injection risks in GitLab’s AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more. Nate Nelson, Contributing Writer Go to gbhackers.com

Experts Chart Path to Creating Safer Online Spaces for Women Gaps in laws, technology, and corporate accountability continue to put women’s safety and privacy online at risk. Joan Goodchild Go to gbhackers.com

GitHub’s AI Assistant Opened Devs to Code Theft Even after a fix was issued, lingering prompt injection risks in GitLab’s AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more. Nate Nelson, Contributing Writer Go to gbhackers.com

Lumma Stealer Takedown Reveals Sprawling Operation The FBI and partners have disrupted “the world’s most popular malware,” a sleek enterprise with thousands of moving parts, responsible for millions of cyberattacks in every part of the world. Tara Seals Go to gbhackers.com

Ivanti EPMM Exploitation Tied to Previous Zero-Day Attacks Wiz researchers found an opportunistic threat actor has been targeting vulnerable edge devices, including Ivanti VPNs and Palo Alto firewalls. Rob Wright Go to gbhackers.com

Marks & Spencer Projects $400M Loss After Cyberattack The company expects it will continue to struggle with online disruptions until at least July, due to the attack. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Pandas Galore: Chinese Hackers Boost Attacks in Latin America Vixen Panda, Aquatic Panda — both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike. Jai Vijayan, Contributing Writer Go to gbhackers.com

Unimicron, Presto Attacks Mark Industrial Ransomware Surge A number of major industrial organizations suffered ransomware attacks last quarter, such as PCB manufacturer Unimicron, appliance maker Presto, and more — a harbinger of a rapidly developing and diversifying threat landscape. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Coinbase Breach Compromises Nearly 70K Customers’ Information Coinbase asserts that this number is only a small fraction of the number of its verified users, though its still offering a $20 million reward to catch the criminals. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Unpatched Windows Server Flaw Threatens Active Directory Users Attackers can exploit a vulnerability present in the delegated Managed Service Account (dMSA) feature that fumbles permission handling and is present by default. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

NIST’s ‘LEV’ Equation to Determine Likelihood a Bug Was Exploited A new equation introduced by the National Institute of Standards and Technology (NIST) aims to offer a mathematical likelihood that a vulnerability has been exploited in the wild. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

The Hidden Cybersecurity Risks of M&A Merger and acquisition due diligence typically focuses on financials, legal risks, and operational efficiencies. Cybersecurity is often an afterthought — and that’s a problem. Denny LeCompte Go to gbhackers.com

The Day I Found an APT Group In the Most Unlikely Place Dark Reading Confidential Episode 6: Cyber researchers Ismael Valenzuela and Vitor Ventura share riveting stories about the creative tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way. Dark Reading Staff Go to gbhackers.com

Asia Produces More APT Actors, As Focus Expands Globally China and North Korea-aligned groups account for more than half of global attacks, and an increasing number of countries look to cyber to balance power in the region. Robert Lemos, Contributing Writer Go to gbhackers.com

Fake Kling AI Malvertisements Lure Victims With False Promises Researchers noted that they found several similar websites, two of which are still operating and require the same kind of behavior on behalf of the victim. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Virgin Media 02 Vuln Exposes Call Recipient Location A hacker exploiting the security flaw in the mobile provider’s network could have potentially located a call recipient with accuracy of up to 100 square meters. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Tenable Adds Third-Party Connectors to Exposure Management Platform TenableOne now pulls in data from AWS, Microsoft, and competitors to provide a holistic security view of the organization’s attack surface. Jeffrey Schwartz Go to gbhackers.com

Regeneron Pledges Privacy Protection in $256M Bid for 23andMe Regeneron’s acquisition of 23andMe raises significant privacy concerns as experts warn about the lack of comprehensive federal regulations governing the transfer of genetic information. Arielle Waldman Go to gbhackers.com

Bumblebee Malware Takes Flight via Trojanized VMware Utility An employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Large Retailers Land in Scattered Spider’s Ransomware Web The threat group games IT help desks to gain entry into retailer networks, and signs show it has shifted its attention from the UK to US targets. Becky Bracken Go to gbhackers.com

‘Hazy Hawk’ Cybercrime Gang Swoops In for Cloud Resources Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites. Jai Vijayan, Contributing Writer Go to gbhackers.com

Novel Phishing Attack Combines AES With Poisoned npm Packages Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

‘Operation RoundPress’ Targets Ukraine in XSS Webmail Attacks A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

S. Dakota CIO Gottumukkala Signs on as CISA Deputy Director The addition is an important hire for the No. 2 position at the cyber agency. The main director role remains unfilled post-Easterly, with Bridget Bean taking over acting duties for now. Tara Seals Go to gbhackers.com

Legal Aid Agency Warns Lawyers, Defendants on Data Breach The online service has since been shut down as the agency grapples with the cyberattack, though it assures the public that those most in need of legal assistance will still be able to access help. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Coinbase Extorted, Offers $20M for Info on Its Hackers Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto- and blockchain-targeting cyberattacks. Nate Nelson, Contributing Writer Go to gbhackers.com

CVE Disruption Threatens Foundations of Defensive Security If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain. Haris Pylarinos Go to gbhackers.com

Australian Human Rights Commission Leaks Docs in Data Breach An internal error led to public disclosure of reams of sensitive data that could be co-opted for follow-on cyberattacks. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Dynamic DNS Emerges as Go-to Cyberattack Facilitator Scattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate well-known brands. Rob Wright Go to gbhackers.com

Attacker Specialization Puts Threat Modeling on Defensive Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack. Robert Lemos, Contributing Writer Go to gbhackers.com

How to Develop and Communicate Metrics for CSIRPs A well-documented cybersecurity incident response program (CSIRP) provides the transparency needed for informed decision-making, protecting the organization in a constantly changing threat environment. Craig Porter Go to gbhackers.com

Turkish APT Exploits Chat App Zero-Day to Spy Kurds Even after their zero-day vulnerability turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger. Nate Nelson, Contributing Writer Go to gbhackers.com

Big Steelmaker Halts Operations After Cyber Incident Nucor made it clear its investigation is still in the early stages and didn’t specify the nature or scope of the breach, nor who the threat actor might be. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

International Crime Rings Defraud US Gov’t Out of Billions Fraudsters worldwide apply for money from the US government using stolen and forged identities, making off with hundreds of billions of dollars annually. Nate Nelson, Contributing Writer Go to gbhackers.com

Attackers Target Samsung MagicINFO Server Bug, Patch Now CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don’t fall victim next. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

RealDefense Partner Program Surpasses $100M in Annual Revenue Go to gbhackers.com

RSAC 2025: AI Everywhere, Trust Nowhere We’re at an inflection point. AI is changing the game, but the rules haven’t caught up. Amir Khayat Go to gbhackers.com

Critical Infrastructure Under Siege: OT Security Still Lags With critical infrastructure facing constant cyber threats from the Typhoons and other corners, federal agencies and others are warning security for the OT network, a core technology in many critical sectors, is not powered up enough. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Infosec Layoffs Aren’t the Bargain that Boards May Think Salary savings come with hidden costs, including insider threats and depleted cybersecurity defenses, conveying advantages to skilled adversaries, experts argue. Becky Bracken Go to gbhackers.com

AI Agents May Have a Memory Problem A new study by researchers at Princeton University and Sentient shows it’s surprisingly easy to trigger malicious behavior from AI agents by implanting fake “memories” into the data they rely on for making decisions. Jai Vijayan, Contributing Writer Go to gbhackers.com

Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against “a very limited number of customers” — for now — and stem from open source libraries. Rob Wright Go to gbhackers.com

Marks & Spencer Confirms Customer Data Stolen in Cyberattack The British retailer said no account passwords were compromised in last month’s cyberattack, but the company will require customers to reset passwords “for extra peace of mind.” Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Congress Should Tackle Cyber Threats, Not Competition Some members of Congress seem more intent on grabbing headlines than actually working to make America more cyber secure. Greg Guice Go to gbhackers.com

Orca Security Gets AI-Powered Remediation From Opus Deal The acquisition will enhance Orca’s CNAPP offering with autonomous vulnerability remediation and prevention technologies from Opus. Jeffrey Schwartz Go to gbhackers.com

Hacktivists Make Little Impact During India-Pakistan Conflict While hacktivists claimed more than 100 successful attacks against Indian government, education, and military targets, the attacks were overblown in most cases and often did not even happen. Robert Lemos, Contributing Writer Go to gbhackers.com

Building Effective Security Programs Requires Strategy, Patience, and Clear Vision Capital One executives share insights on how organizations should design their security program, implement passwordless technologies, and reduce their attack surface. Arielle Waldman Go to gbhackers.com

North Korea’s TA406 Targets Ukraine for Intel The threat group’s goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more. Jai Vijayan, Contributing Writer Go to gbhackers.com

NSO Group’s Legal Loss May Do Little to Curtail Spyware The $168 million judgment against NSO Group underscores how citizens put little store in the spyware industry’s justifications for circumventing security — but will it matter? Robert Lemos, Contributing Writer Go to gbhackers.com

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim’s computer. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

4 Hackers Arrested After Millions Made in Global Botnet Business The cybercriminals infected older wireless Internet routers with Anyproxy and 5socks malware in order to reconfigure them — all without the users’ knowledge. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Can Cybersecurity Keep Up In the AI Arms Race? New research shows China is quickly catching up with the US in AI innovation. Experts weigh in on what it means for cyber defenders. Becky Bracken Go to gbhackers.com

Vulnerability Detection Tops Agentic AI at RSAC’s Startup Competition Agentic-native startups threaten to reduce the zero-day problem to just a zero-hour issue. Of course, AI agents will accelerate offensive attacks as well. Paul Shomo Go to gbhackers.com

Rapid7 Launches Managed Detection & Response (MDR) for Enterprise Go to gbhackers.com

LockBit Ransomware Gang Hacked, Operations Data Leaked Exposed data from LockBit’s affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials. Rob Wright Go to gbhackers.com

Cyber Then & Now: Inside a 2-Decade Industry Evolution On Dark Reading’s 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget’s RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what’s next beyond AI. Tara Seals Go to gbhackers.com

Commvault: Vulnerability Patch Works as Intended The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says. Jai Vijayan, Contributing Writer Go to gbhackers.com

Insight Partners Data Breach: Bigger Impact Than Anticipated The investigation is ongoing, but the VC giant intends to inform affected customers on a rolling basis as more of the breach details come to light. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com