Category: darkreading

Ollama, Nvidia Flaws Put AI Infrastructure at Risk Security researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code execution. Alexander Culafi Go to gbhackers.com

Sora 2 Makes Videos So Believable, Reality Checks Are Required Threat actors will continue to abuse deepfake technology to conduct fraudulent activity, so organizations need to implement strong security protocols – even if it adds to user friction. Arielle Waldman Go to gbhackers.com

SonicWall Firewall Backups Stolen by Nation-State Actor The network security vendor said the MySonicWall breach was unrelated to the recent wave of Akira ransomware attacks targeting the company’s devices. Rob Wright Go to gbhackers.com

Multiple ChatGPT Security Bugs Allow Rampant Data Theft Attackers can use them to inject arbitrary prompts, exfiltrate personal user information, bypass safety mechanisms, and take other malicious actions. Jai Vijayan, Contributing Writer Go to gbhackers.com

APT ‘Bronze Butler’ Exploits Zero-Day to Root Japan Orgs A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses. Nate Nelson, Contributing Writer Go to gbhackers.com

Nikkei Suffers Breach Via Slack Compromise The Japanese media giant said thousands of employee and business partners were impacted by an attack that compromised Slack account data and chat histories. Rob Wright Go to gbhackers.com

Operational Technology Security Poses Inherent Risks for Manufacturers Despite increased awareness, manufacturers continue to face an onslaught of attacks. Arielle Waldman Go to gbhackers.com

Critical Site Takeover Flaw Affects 400K WordPress Sites Attackers are already targeting a vulnerability in the Post SMTP plugin that allows them to fully compromise an account and website for nefarious purposes. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Closing the AI Execution Gap in Cybersecurity — A CISO Framework CISOs must navigate five critical dimensions of AI in cybersecurity: augmenting security with AI, automating security with AI, protecting AI systems, defending against AI-powered threats, and aligning AI strategies with business goals. Neglecting any of these areas is a recipe for disaster. Adam Etherington,…

Risk ‘Comparable’ to SolarWinds Incident Lurks in Popular Software Update Tool Some of the world’s biggest technology companies use a program liable to introduce malware into their software. The potential consequences are staggering, but there’s an easy fix. Nate Nelson, Contributing Writer Go to gbhackers.com

Elusive Iranian APT Phishes Influential US Policy Wonks Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. Nate Nelson, Contributing Writer Go to gbhackers.com

Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users The well-known North Korean threat group continues to improve the obfuscation and anti-analysis features of its attack toolchain. Robert Lemos, Contributing Writer Go to gbhackers.com

Pro-Russian Hackers Use Linux VMs to Hide in Windows A threat actor known as “Curly COMrades” is using Linux VMs to remain undetected in Windows environments while conducting Russia-aligned activities. Alexander Culafi Go to gbhackers.com

Europe Sees Increase in Ransomware, Extortion Attacks European organizations face an escalating cyber threat landscape as attackers leverage geopolitical tensions and AI-enhanced social engineering for attacks. Kristina Beek Go to gbhackers.com

SesameOp Backdoor Uses OpenAI API for Covert C2 Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Android Malware Mutes Alerts, Drains Crypto Wallets Android/BankBot-YNRK is currently targeting users in Indonesia by masquerading as legitimate applications. Jai Vijayan, Contributing Writer Go to gbhackers.com

Hackers Weaponize Remote Tools to Hijack Cargo Freight Researchers uncovered a new threat campaign in which attackers use RMM tools to steal physical cargo out of the supply chain. Alexander Culafi Go to gbhackers.com

Let’s Get Physical: A New Convergence for Electrical Grid Security The power grid is being attacked online and IRL. Increasingly, regulators and industry experts agree: Security teams need to focus on both cyber and physical threats, together. Nate Nelson, Contributing Writer Go to gbhackers.com

AI Developed Code: 5 Critical Security Checkpoints for Human Oversight To write secure code with LLMs developers must have the skills to use AI as a collaborative assistant rather than an autonomous tool, Madou argues. Matias Madou Go to gbhackers.com

UNC6384 Targets European Diplomatic Entities With Windows Exploit The spear-phishing campaign uses fake European Commission and NATO-themed lures to trick diplomatic personnel into clicking malicious links. Kristina Beek Go to gbhackers.com

Ribbon Communications Breach Marks Latest Telecom Attack The US telecom company disclosed that suspected nation-state actors first gained access to its network in December of last year, though it’s unclear if attackers obtained sensitive data. Rob Wright Go to gbhackers.com

Cyber’s Role in the Rapid Rise of Digital Authoritarianism Dark Reading Confidential Episode 11: Enterprise cyber teams are in prime position to push back against our current “Golden Age of Surveillance,” according to our guests Ronald Deibert from Citizen Lab and David Greene from the EFF. Dark Reading Staff Go to gbhackers.com

Claroty Patches Authentication Bypass Flaw CVE-2025-54603 gave attackers an opening to disrupt critical operational technology (OT) environments and steal data from them. Jai Vijayan, Contributing Writer Go to gbhackers.com

LotL Attack Hides Malware in Windows Native AI Stack Security programs trust AI data files, but they shouldn’t: they can conceal malware more stealthily than most file types. Nate Nelson, Contributing Writer Go to gbhackers.com

Data Leak Outs Students of Iran’s MOIS Training Academy A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked. Nate Nelson, Contributing Writer Go to gbhackers.com

Malicious NPM Packages Disguised With ‘Invisible’ Dependencies In the “PhantomRaven” campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86,000 downloads. Rob Wright Go to gbhackers.com

Dentsu Subsidiary Breached, Employee Data Stolen A subsidiary of Japanese marketing and PR giant Dentsu lost sensitive data to unidentified threat actors, the parent company said. Alexander Culafi Go to gbhackers.com

Microsoft Security Change for Azure VMs Creates Pitfalls Firms using Azure infrastructure gained a reprieve from a security-focused switch that could have broken apps that relied on public Internet access. Robert Lemos, Contributing Writer Go to gbhackers.com

Botnets Step Up Cloud Attacks Via Flaws, Misconfigurations Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Cybersecurity Firms See Surge in AI-Powered Attacks Across Africa Africa becomes a proving ground for AI-driven phishing, deepfakes, and impersonation, with attackers testing techniques against governments and enterprises. Robert Lemos, Contributing Writer Go to gbhackers.com

From Chef to CISO: An Empathy-First Approach to Cybersecurity Leadership Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership. Kristina Beek Go to gbhackers.com

YouTube Ghost Network Utilizes Spooky Tactics to Target Users The malware operation uses compromised accounts and bot networks to distribute infostealers and has tripled its output in 2025. Kristina Beek Go to gbhackers.com

Oracle EBS Attack Victims May Be More Numerous Than Expected Numerous organizations have been attacked via Oracle EBS zero-day CVE-2025-61882, and evidence suggests more like Schneider Electric could be on that list. Alexander Culafi Go to gbhackers.com

North Korea’s BlueNoroff Expands Scope of Crypto Heists Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

‘Jingle Thief’ Highlights Retail Cyber Threats A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season. Jai Vijayan, Contributing Writer Go to gbhackers.com

Memento Spyware Tied to Chrome Zero-Day Attacks While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team. Rob Wright Go to gbhackers.com

CISOs Finally Get a Seat at the Board’s Table — But There’s a Catch AI’s explosive growth has lifted cybersecurity to the top of the board’s agenda. Here’s how CISOs can seize the moment, according to Diana Kelley. Diana Kelley Go to gbhackers.com

Qilin Targets Windows Hosts With Linux-Based Ransomware The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Microsoft Issues Emergency Patch for Critical Windows Server Bug Microsoft initially fixed CVE-2025-59287 in the WSUS update mechanism in the October 2025 Patch Tuesday release, but the company has now issued a second, out-of-band update for the flaw, which is under attack in the wild. Rob Wright Go to gbhackers.com

Shutdown Sparks 85% Increase in US Government Cyberattacks Attackers are pouncing on financially strapped US government agencies and furloughed employees. And the effects of this period might be felt for a long time hereafter. Nate Nelson, Contributing Writer Go to gbhackers.com

US Crypto Bust Offers Hope in Battle Against Cybercrime Syndicates A $14 billion seizure by US investigators presents a warning for cybercriminals’ reliance on bitcoin but is still a positive development for the cryptocurrency industry. Robert Lemos, Contributing Writer Go to gbhackers.com

Fear the ‘SessionReaper’: Adobe Commerce Flaw Under Attack CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform. Rob Wright Go to gbhackers.com

Mideast, African Hackers Target Gov’ts, Banks, Small Retailers In the hotly political Middle East, you’d expect hacktivism and disruption of services. But retail attacks? Nate Nelson, Contributing Writer Go to gbhackers.com

Lazarus Group Hunts European Drone Manufacturing Data The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang. Jai Vijayan, Contributing Writer Go to gbhackers.com

It Takes Only 250 Documents to Poison Any AI Model Researchers find it takes far less to manipulate a large language model’s (LLM) behavior than anyone previously assumed. Jai Vijayan, Contributing Writer Go to gbhackers.com

WhatsApp Secures Ban on NSO Group After 6-Year Legal Battle NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware. Kristina Beek Go to gbhackers.com

Russia Pivots, Cracks Down on Low-Level Hackers Thanks to improving cybersecurity and law enforcement action from the West, Russia’s government is reevaluating which cybercriminals it wants to protect from the law. Nate Nelson, Contributing Writer Go to gbhackers.com

MuddyWater Targets 100+ Gov Entites in MEA with Phoenix Backdoor The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Verizon: Mobile Blindspot Leads to Needless Data Breaches People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half. Nate Nelson, Contributing Writer Go to gbhackers.com

Electronic Warfare Puts Commercial GPS Users on Notice Interference with the global positioning system (GPS) isn’t just a problem for airlines, but for shipping, trucking, car navigation, agriculture, and even the financial sector. Robert Lemos, Contributing Writer Go to gbhackers.com

Streaming Fraud Campaigns Rely on AI Tools, Bots Fraudsters are using generative AI to generate fake music and boost the popularity of the fake content. Fahmida Y. Rashid Go to gbhackers.com

‘PassiveNeuron’ Cyber Spies Target Orgs with Custom Malware A persistent cyber espionage campaign focused on SQL servers is targeting government, industrial and financial sectors across Asia, Africa, and Latin America. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

ColdRiver Drops Fresh Malware on Targets The Russia-backed threat actor’s latest cyber spying campaign is a classic example of how quickly sophisticated hacking groups can pivot when exposed. Jai Vijayan, Contributing Writer Go to gbhackers.com

Is Your Car a BYOD Risk? Researchers Demonstrate How If an employee’s phone connects to their car and then their corporate network, an attack against the car can reach the company. Nate Nelson, Contributing Writer Go to gbhackers.com

International Sting Takes Down SIM Box Criminal Network The operation took down a massive SIM card fraud network that provided fake phone numbers from more than 80 countries to criminals. Kristina Beek Go to gbhackers.com

Self-Propagating GlassWorm Attacks VS Code Supply Chain The sophisticated worm — which uses invisible code to steal credentials and turn developer systems into criminal proxies — has so far infected nearly 36k machines. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

New Microchip Tech Protects Vehicles from Laser Attacks “FD-SOI” makes hardware attacks on silicon chips more difficult. And, researchers argue, it’ll help OEMs with regulatory compliance. Nate Nelson, Contributing Writer Go to gbhackers.com

Flawed Vendor Guidance Exposes Enterprises to Avoidable Risk Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues. Dan Andrew Go to gbhackers.com

Cyber Academy Founder Champions Digital Safety for All Aliyu Ibrahim Usman, founder of the Cyber Cadet Academy in Nigeria, shares his passion for raising cybersecurity awareness in the wake of mounting security concerns worldwide. Arielle Waldman Go to gbhackers.com

Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks. Rob Wright Go to gbhackers.com

AI Agent Security: Whose Responsibility Is It? The shared responsibility model of data security, familiar from cloud deployments, is key to agentic services, but cybersecurity teams and corporate users often struggle with awareness and managing that risk. Alexander Culafi Go to gbhackers.com

AI Chat Data Is History’s Most Thorough Record of Enterprise Secrets, Secure it Wisely AI interactions are becoming one of the most revealing records of human thinking; and we’re only beginning to understand what that means for law enforcement, accountability, and privacy. Rob T. Lee Go to gbhackers.com

Cyberattackers Target LastPass, Top Password Managers Be aware: a rash of phishing campaigns are leveraging the anxiety and trust employees have in password vaults securing all of their credentials. Nate Nelson, Contributing Writer Go to gbhackers.com

Leaks in Microsoft VS Code Marketplace Put Supply Chain at Risk Researchers discovered more than 550 unique secrets exposed in Visual Studio Code marketplaces, prompting Microsoft to bolster security measures. Rob Wright Go to gbhackers.com

China Hackers Test AI-Optimized Attack Chains in Taiwan AI might help some threat actors in certain respects, but one group is proving that its use for cyberattacks has its limits. Nate Nelson, Contributing Writer Go to gbhackers.com

LevelBlue Announces Plans to Acquire XDR Provider Cybereason The deal, which builds on LevelBlue’s recent acquisition of Trustwave and Aon, aims to provide customers with a broad portfolio of extended detection and response (XDR), managed detection and response (MDR), and forensic services. Jeffrey Schwartz Go to gbhackers.com

‘Mysterious Elephant’ Moves Beyond Recycled Malware The cyber-espionage group has been using sophisticated custom tools to target government and diplomatic entities in South Asia since early 2025. Jai Vijayan, Contributing Writer Go to gbhackers.com

F5 BIG-IP Environment Breached by Nation-State Actor F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information. Alexander Culafi Go to gbhackers.com

Harvard University Breached in Oracle Zero-Day Attack The Clop ransomware group claimed responsibility for stealing the university’s data as part of a broader campaign against Oracle customers. Kristina Beek Go to gbhackers.com

Africa Remains Top Global Target, Even as Attacks Decline Organizations across the continent saw 10% fewer attacks in September, but Africa remains the most attacked region in the world, leading the Global South. Robert Lemos, Contributing Writer Go to gbhackers.com

Microsoft Drops Terrifyingly Large October Patch Update October 2025’s enormous Patch Tuesday offers plenty of nightmares for admins, including actively exploited zero-days and insidious high-severity privilege-escalation bugs — and it spells curtains for Windows 10 updates. Jai Vijayan, Contributing Writer Go to gbhackers.com

China’s Flax Typhoon Turns Geo-Mapping Server into a Backdoor Chinese APT threat actors compromised an organization’s ArcGIS server, modifying the widely used geospatial mapping software for stealth access. Rob Wright Go to gbhackers.com

Pixnapping Attack Lets Attackers Steal 2FA on Android The proof-of-concept exploit allows an attacker to steal sensitive data from Gmail, Google Accounts, Google Authenticator, Google Maps, Signal, and Venmo. Alexander Culafi Go to gbhackers.com

Financial, Other Industries Urged to Prepare for Quantum Computers Despite daunting technical challenges, a quantum computer capable of breaking public-key encryption systems may only be a decade or two off. Robert Lemos, Contributing Writer Go to gbhackers.com

Critical infrastructure CISOs Can’t Ignore ‘Back-Office Clutter’ Data OT and ICS systems indeed hold the crown jewels of critical infrastructure organizations, but unmonitored data sprawl is proving to be pure gold for increasingly brazen nation-state threat actors like Volt Typhoon, Pearce argues. Go to gbhackers.com

Generation AI: Why Today’s Tech Graduates Are At a Disadvantage With artificial intelligence supplanting entry-level security jobs, new cyber professionals will have to up their game to stay competitive in the industry. Kristina Beek Go to gbhackers.com

1Password Addresses Critical AI Browser Agent Security Gap The security company looks to tackle new authentication challenges that could lead to credential leakage, as enterprises increasingly leverage AI browser agents. Arielle Waldman Go to gbhackers.com

RondoDox Botnet: an ‘Exploit Shotgun’ for Edge Vulns RondoDox takes a hit-and-run, shotgun approach to exploiting bugs in consumer edge devices around the world. Nate Nelson, Contributing Writer Go to gbhackers.com

Feds Shutter ShinyHunters Salesforce Extortion Site The group warned that law-enforcement crackdowns are imminent in the wake of the takedown, but its extortion threats against Salesforce victims remain active. Kristina Beek Go to gbhackers.com

Chinese Hackers Use Velociraptor IR Tool in Ransomware Attacks In a new wrinkle for adversary tactics, the Storm-2603 threat group is abusing the digital forensics and incident response (DFIR) tool to gain persistent access to victim networks. Rob Wright Go to gbhackers.com

Deepfake Awareness High at Orgs, But Cyber Defenses Badly Lag The vast majority of organizations are encountering AI-augmented threats, but remain confident in their defenses, despite inadequate detection investment and more than half falling to successful attacks. Robert Lemos, Contributing Writer Go to gbhackers.com

Commentary Section Launches New, More Opinionated Era Dark Reading is looking for leading industry experts with a point of view they want to share with the rest of the cybersecurity community for our new Commentary section. Becky Bracken Go to gbhackers.com

GitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates Data While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot. Nate Nelson, Contributing Writer Go to gbhackers.com

SonicWall: 100% of Firewall Backups Were Breached SonicWall said a breach it disclosed last month affected firewall configuration files for all customers who have used SonicWall’s cloud backup service — up from its previous 5% estimate. Alexander Culafi Go to gbhackers.com

Fastly CISO: Using Major Incidents as Career Catalysts Marshall Erwin shares how crisis leadership shaped his path from CIA analyst to the US Congress to protecting global Web traffic at Fastly. Kristina Beek Go to gbhackers.com

Chaos Ransomware Upgrades with Aggressive New C++ Variant New encryption, wiper, and cryptocurrency-stealing capabilities make the evolving ransomware-as-a-service operation more dangerous than ever. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Take Note: Cyber-Risks With AI Notetakers Transcription applications are joining your online meetings. Here’s how to create policies for ensuring compliance and security of your information. Gadi Evron, Joe Sullivan Go to gbhackers.com

Vampire Bot Malware Sinks Fangs Into Job Hunters The campaign is the latest by BatShadow, one of a growing number of cybercrime groups operating out of Vietnam. Jai Vijayan, Contributing Writer Go to gbhackers.com

Red Hat Hackers Team Up With Scattered Lapsus$ Hunters Crimson Collective, which recently breached the GitLab instance of Red Hat Consulting, has teamed up with the notorious cybercriminal collective. Rob Wright Go to gbhackers.com

3 Extortion Gangs Join Forces in Ransomware ‘Cartel’ LockBit, Qilin, and DragonForce also invited other attackers to join their collaboration to share attack information and resources. Alexander Culafi Go to gbhackers.com

Figma MCP Server Opens Orgs to Agentic AI Compromise Patch now: A bug (CVE-2025-53967) in the popular Web design tool’s option for talking to agentic AI can lead to remote code execution (RCE). Tara Seals Go to gbhackers.com

China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead. Nate Nelson, Contributing Writer Go to gbhackers.com

Calling All Influencers: Spear-Phishers Dangle Tesla, Red Bull Jobs Wanna work for a hot brand? Cyberattackers continue to evolve lures for job seekers in an impersonation campaign aimed at stealing resumes from social media pros. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Cyberattack Leads to Beer Shortage as Asahi Recovers A ransomware last week left the Asahi brewery in Japan struggling to take orders and deliver its products domestically, as manufacturers become a favored target. Robert Lemos, Contributing Writer Go to gbhackers.com

Attackers Season Spam With a Touch of ‘Salt’ Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms. Jai Vijayan, Contributing Writer Go to gbhackers.com

Security Concerns Shadow Vibe Coding Adoption In a recent poll, readers shared how they’re using vibe coding in AppDev (if they are at all). While some found success, others found the risks too great. Alexander Culafi Go to gbhackers.com

Medusa Ransomware Actors Exploit Critical Fortra GoAnywhere Flaw Researchers say exploitation of CVE-2025-10035 requires a private key, and it’s unclear how Storm-1175 threat actors pulled this off. Rob Wright Go to gbhackers.com

Patch Now: ‘RediShell’ Threatens Cloud Via Redis RCE A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Cyberattackers Exploit Zimbra Zero-Day Via ICS A threat actor purporting to be from the Libyan Navy’s Office of Protocol targeted Brazil’s military earlier this year using the rare tactic. Jai Vijayan, Contributing Writer Go to gbhackers.com

Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability. Alexander Culafi Go to gbhackers.com