Category: darkreading

76% of All Crypto Stolen in 2026 Is Now in North Korea North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them. Nate Nelson Go to gbhackers.com

If AI’s So Smart, Why Does It Keep Deleting Production Databases? The issue isn’t artificial intelligence, but rather an industry adding AI agent integrations into production environments before proper security testing. Alexander Culafi Go to gbhackers.com

Name That Toon: Mark of (Security) Progress Feeling creative? Have something to say about the last 20 years of cybersecurity? Our editors will award the best cybersecurity-related caption with a $20 gift card. John Klossner Go to gbhackers.com

20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage On this day in 2006, Dark Reading went live. We have a celebration planned that spans our two decades of covering the industry, and you, dear readers, are invited. Kelly Jackson Higgins Go to gbhackers.com

TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack Several npm packages for SAP’s cloud application development ecosystem have been compromised as TeamPCP’s supply chain attacks broaden. Rob Wright Go to gbhackers.com

Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available. Nate Nelson Go to gbhackers.com

Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber In this latest installment of the Reporters’ Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what industry leaders are telling the press. Becky Bracken, Kristina Beek Go to gbhackers.com

Oracle Red Bull Racing Team Revs Up Automation to Boost Security While drivers race to shave off seconds on the track, the team’s IT and engineering staff are speeding up how they deliver security. Arielle Waldman Go to gbhackers.com

Claude Mythos Fears Startle Japan’s Financial Services Sector Global financial institutions are panicked over Anthropic’s new superhacker AI model. Cyber experts aren’t quite as worried. Nate Nelson Go to gbhackers.com

Reverse Engineering With AI Unearths High-Severity GitHub Bug Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake. Alexander Culafi Go to gbhackers.com

AI Finds 38 Security Flaws in Electronic Health Record Platform Flaws in OpenEMR’s platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft. Jai Vijayan Go to gbhackers.com

Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error The emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decryptor. Elizabeth Montalbano Go to gbhackers.com

Lotus Wiper Attack Targeted Venezuelan Energy Firms, Utilities An analysis of the destructive malware reveals sophisticated living-off-the-land (LotL) techniques and detailed strategies for the widespread deletion of data. Robert Lemos Go to gbhackers.com

BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives. Jai Vijayan Go to gbhackers.com

NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later Chris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and “enculturation.” Dark Reading Staff Go to gbhackers.com

Feuding Ransomware Groups Leak Each Other’s Data When 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations. Alexander Culafi Go to gbhackers.com

Vidar Rises to Top of Chaotic Infostealer Market The malware has filled the gap created by last year’s law enforcement takedowns of Lumma and Rhadamanthys. Jai Vijayan Go to gbhackers.com

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain Attackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware. Elizabeth Montalbano Go to gbhackers.com

UNC6692 Combines Social Engineering, Malware, Cloud Abuse A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom “Snow” malware in a multipronged campaign. Alexander Culafi Go to gbhackers.com

Unpatched ‘PhantomRPC’ Flaw in Windows Enables Privilege Escalation A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows’ Remote Procedure Call (RPC) mechanism handles connections to unavailable services. Elizabeth Montalbano Go to gbhackers.com

20-Year-Old Malware Rewrites History of Cyber Sabotage Researchers have uncovered a malware framework dubbed “fast16” that predates Stuxnet by 5 years. Jai Vijayan Go to gbhackers.com

Parsing Agentic Offensive Security’s Existential Threat Some fear frontier LLMs like Claude Mythos and Anthropic’s GPT-5.5 will lead to cybersecurity annihilation. Ari Herbert-Voss notes this could be an opportunity. Tara Seals Go to gbhackers.com

Helping Romance Scam Victims Require a Proactive, Empathic Approach People targeted by confidence schemes find getting help is a lonely road. Experts want law enforcement, financial and government institutions to work together and protect them. Bree Fowler Go to gbhackers.com

US Busts Myanmar Ring Targeting US Citizens in Financial Fraud Some 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites. Nate Nelson Go to gbhackers.com

Glasswing Secured the Code. The Rest of Your Stack Is Still on You Forgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don’t need sophisticated AI models to take advantage. Ron Peled Go to gbhackers.com

AI Phishing Is No. 1 With a Bullet for Cyberattackers In the last six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks. Robert Lemos Go to gbhackers.com

North Korea’s Lazarus Targets macOS Users via ClickFix Lazarus continues leveraging ClickFix for initial access and data theft, in this case, against Mac-centric organizations and their high-value leaders. Alexander Culafi Go to gbhackers.com

Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it’s branching out in tools, victimology, and TTPs. Tara Seals Go to gbhackers.com

Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage. Nate Nelson Go to gbhackers.com

Bad Memories Still Haunt AI Agents Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue threaten AI systems. Robert Lemos Go to gbhackers.com

‘Zealot’ Shows What AI’s Capable of in Staged Cloud Attack The proof of concept revealed AI-based attacks unfold too fast for human defenders to respond, and that AI evinced more autonomous behavior than expected. Jai Vijayan Go to gbhackers.com

‘The Gentlemen’ Rapidly Rises to Ransomware Prominence Not nearly as polite as the name suggests, the ransomware gang has impressed researchers with its speed in scaling up operations — and its sophistication. Alexander Culafi Go to gbhackers.com

DPRK Fake Job Scams Self-Propagate in ‘Contagious Interview’ A compromised developer’s repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware. Elizabeth Montalbano Go to gbhackers.com

Ransomware Negotiator Pleads Guilty to BlackCat Scheme A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted. Alexander Culafi Go to gbhackers.com

Exploits Turn Windows Defender into Attacker Tool Three proof-of-concept exploits are being used in active attacks against Microsoft’s built-in security platform; two are unpatched. Jai Vijayan Go to gbhackers.com

Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains. Elizabeth Montalbano Go to gbhackers.com

Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution. Elizabeth Montalbano Go to gbhackers.com

Chinese APT Targets Indian Banks, Korean Policy Circles China is spying on India’s financial sector, for some reason, and it’s not putting much effort into it, judging by some stale TTPs. Nate Nelson Go to gbhackers.com

Vercel Employee’s AI Tool Access Led to Data Breach Stolen OAuth tokens, which are at the root of these breaches, “are the new attack surface, the new lateral movement,” a researcher noted. Alexander Culafi Go to gbhackers.com

Serial-to-IP Devices Hide Thousands of Old and New Bugs The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say. Nate Nelson Go to gbhackers.com

WhatsApp Leaks User Metadata to Attackers Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity. Nate Nelson Go to gbhackers.com

How NIST’s Cutback of CVE Handling Impacts Cyber Teams Industry and ad hoc coalitions appear poised to help fill the gap created by NIST’s decision to cut back on CVE data enrichment. Becky Bracken Go to gbhackers.com

Every Old Vulnerability Is Now an AI Vulnerability AI’s danger isn’t that it’s creating new bugs, it’s that it’s amplifying old ones. Nik Kale Go to gbhackers.com

Coast Guard’s New Cybersecurity Rules Offers Lessons for CISOs The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role. Robert Lemos Go to gbhackers.com

NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws. Arielle Waldman Go to gbhackers.com

North Korea Uses ClickFix to Target macOS Users’ Data Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. Alexander Culafi Go to gbhackers.com

‘Harmless’ Global Adware Transforms Into an AV Killer A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender. Nate Nelson Go to gbhackers.com

Two-Factor Authentication Breaks Free from the Desktop Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world. Arielle Waldman Go to gbhackers.com

Microsoft’s Original Windows Secure Boot Certificate Is Expiring The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon. Jeffrey Schwartz Go to gbhackers.com

6-Year Ransomware Campaign Targets Turkish Homes & SMBs While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption. Nate Nelson Go to gbhackers.com

Critical MCP Integration Flaw Puts NGINX at Risk Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files. Jai Vijayan Go to gbhackers.com

Navigating the Unique Security Risks of Asia’s Digital Supply Chain Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle. Alexander Culafi Go to gbhackers.com

Prepping for ‘Q-Day’: Why Quantum Risk Management Should Start Now Quantum computers are coming and may impact systems in unexpected ways, and it will “take years to be fully quantum-safe, if ever,” cryptography expert warns. Rob Wright Go to gbhackers.com

Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests Google, Meta, and Microsoft about half the time don’t comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds. Elizabeth Montalbano Go to gbhackers.com

Microsoft, Salesforce Patch AI Agent Data Leak Flaws Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data. Alexander Culafi Go to gbhackers.com

Microsoft Bets $10 Billion to Boost Japan’s AI, Cybersecurity The deal aims to accelerate AI adoption, train workers, and develop cybersecurity partnerships — the latest move by a hyperscaler to compete for sovereign AI and data centers. Robert Lemos Go to gbhackers.com

Privilege Elevation Dominates Massive Microsoft Patch Update Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix. Jai Vijayan Go to gbhackers.com

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible. Rob Wright Go to gbhackers.com

Wargame Exercise Demonstrates How Social Media Manipulation Works In an educational game called “Capture the Narrative,” students created bots to sway a fictional election, simulating influence in real-world political scenarios. Elizabeth Montalbano Go to gbhackers.com

CSA: CISOs Should Prepare for Post-Mythos Exploit Storm Security experts warn of an “AI vulnerability storm” triggered by the introduction of Anthropic’s Claude Mythos in a new paper from the Cloud Security Alliance (CSA). Alexander Culafi Go to gbhackers.com

Adobe Patches Actively Exploited Zero-Day That Lingered for Months An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months. Jai Vijayan Go to gbhackers.com

Empty Attestations: OT Lacks the Tools for Cryptographic Readiness OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security. Brad McInnis Go to gbhackers.com

APT41 Delivers ‘Zero-Detection’ Backdoor to Harvest Cloud Credentials The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication. Elizabeth Montalbano Go to gbhackers.com

Hims Breach Exposes the Most Sensitive Kinds of PHI Threat actors breached the telehealth brand, and now they may know who’s bald, overweight, and impotent. What could they do with that information? Nate Nelson Go to gbhackers.com

Your Next Breach Will Look Like Business as Usual These are the fundamental detection model shifts cybersecurity teams need to make to keep up with the rising number of credential-based attacks. Jeanette Miller-Osborn Go to gbhackers.com

FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats Go to gbhackers.com

Orange Business Reimagines Enterprise Voice Communications With Trust and AI Go to gbhackers.com

Industrial Controllers Still Vulnerable As Conflicts Move to Cyber The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices. Robert Lemos Go to gbhackers.com

Russia’s ‘Fancy Bear’ APT Continues Its Global Onslaught Victims don’t need to match the cybercrime group’s technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable. Alexander Culafi Go to gbhackers.com

‘BlueHammer’ Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues Under the alias ‘Chaotic Eclipse,’ a researcher released a PoC exploit for a zero-day flaw that allows for system takeover by a local user, citing an undisclosed beef with Microsoft. Elizabeth Montalbano Go to gbhackers.com

Do Ceasefires Slow Cyberattacks? History Suggests Not The cybersecurity community is waiting with bated breath to see if Iranian hackers will honor a ceasefire that doesn’t actually name or directly involve them. Nate Nelson Go to gbhackers.com

Russia’s Forest Blizzard Nabs Rafts of Logins Via SOHO Routers Heard of fileless malware? How about malwareless cyber espionage? Russia’s APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers. Nate Nelson Go to gbhackers.com

Threat Actors Get Crafty With Emojis to Escape Detection When 🤖 means “bot available,” 🧰 signifies “toolkit,” or 💰💰💰 translates to “big ransom,” bad actors can evade filters and keep it all on the down-low. Jai Vijayan Go to gbhackers.com

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation’s the bottleneck, which bounties don’t fund. Jai Vijayan Go to gbhackers.com

Fraud Rockets Higher in Mobile-First Latin America Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react. Robert Lemos Go to gbhackers.com

Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus Go to gbhackers.com

Niobium Introduces The Fog Go to gbhackers.com

Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams Go to gbhackers.com

Storm-1175 Deploys Medusa Ransomware at ‘High Velocity’ Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns predicated on speed. Rob Wright Go to gbhackers.com

Grafana Patches AI Bug That Could Have Leaked User Data By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders as benign and return sensitive data to the attacker’s server. Alexander Culafi Go to gbhackers.com

RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever Dark Reading’s Kelly Jackson Higgins shares insights on the past, present, and future of cybersecurity after attending RSAC 2026 Conference. Kristina Beek, Kelly Jackson Higgins Go to gbhackers.com

Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends As AI dominated RSAC 2026, CISOs and industry leaders debated its role in security, from agentic applications to the challenges of scaling human involvement in decision-making. Alexander Culafi, Kristina Beek Go to gbhackers.com

Lies, Damned Lies, and Cybersecurity Metrics A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn’t improving results. Joan Goodchild Go to gbhackers.com

Focusing on the People in Cybersecurity at RSAC 2026 Conference AI dominated the RSAC 2026 Conference and showed it’s still humans in cybersecurity who matter most. Melinda Marks Go to gbhackers.com

AI-Assisted Supply Chain Attack Targets GitHub PRT-scan is the second in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration. Jai Vijayan Go to gbhackers.com

Axios Attack Shows Social Complex Engineering Is Industrialized The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns. Alexander Culafi Go to gbhackers.com

Fortinet Issues Emergency Patch for FortiClient Zero-Day The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild. Rob Wright Go to gbhackers.com

Automated Credential Harvesting Campaign Exploits React2Shell Flaw An emerging threat cluster tracked as UAT-10608 is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to exfiltrate credentials, secrets, and other system data. Elizabeth Montalbano Go to gbhackers.com

Shadow AI in Healthcare is Here to Stay Medical professionals are not going to stop using AI tools to manage growing workloads. Organizations should prioritize bolstering security protocols to limit their blast radius. Arielle Waldman Go to gbhackers.com

OWASP GenAI Security Project Gets Update, New Tools Matrix In recognition of 21 generative AI risks, the standards groups recommends that companies take separate but linked approaches to defending GenAI and agentic AI systems. Robert Lemos Go to gbhackers.com

Inconsistent Privacy Labels Don’t Tell Users What They Are Getting Data privacy labels are a great idea for mobile apps, but the current versions just aren’t good enough. Bree Fowler Go to gbhackers.com

Apple Breaks Precedent, Patches DarkSword for iOS 18 Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe, OSS mobile cracking tool. Nate Nelson Go to gbhackers.com

Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting As organizations disclose breaches tied to TeamPCP’s supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises. Rob Wright Go to gbhackers.com

Picking Up ‘Skull Vibrations’? Could Be XR Headset Authentication “Skull vibration harmonics generated by vital signs” can be used to sign in to VR, AR, and MR headsets, according to emerging research. Alexander Culafi Go to gbhackers.com

Source Code Leaks Highlight Lack of Supply Chain Oversight Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. Robert Lemos Go to gbhackers.com

CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry. Jeffrey Schwartz Go to gbhackers.com

Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026 AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference. Becky Bracken, Kristina Beek Go to gbhackers.com

Bank Trojan ‘Casbaneiro’ Worms Through Latin America Augmented Marauder’s multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly. Nate Nelson Go to gbhackers.com

Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short or long-term outages. Arielle Waldman Go to gbhackers.com

LatAm’s Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut A newly released study exclusively shared with Dark Reading details the unique circumstances that make up Latin America’s labor pool, and why organizations may want to expand their talent search. Alexander Culafi Go to gbhackers.com