Category: darkreading

Federal Cuts Put Local, State Agencies at Cyber Risk Cyberattackers target local and state agencies, a problem as the Trump administration cuts cybersecurity funds and culls workers at federal security agencies. Robert Lemos, Contributing Writer Go to gbhackers.com

Phishing Empire Runs Undetected on Google, Cloudflare What’s believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Blast Radius of Salesloft Drift Attacks Remains Uncertain Many high-profile Salesloft Drift customers have disclosed data breaches as a result of a recent supply-chain attack, but the extent and severity of this campaign are unclear. Alexander Culafi Go to gbhackers.com

Why Threat Hunting Should Be Part of Every Security Program The more you hunt, the more you learn. Robert Lackey Go to gbhackers.com

How Gray-Zone Hosting Companies Protect Data the US Wants Erased The digital refuge: Abortion clinics, activist groups, and other organizations are turning to overseas hosting providers willing to keep their data — and their work — safe. Andrada Fiscutean Go to gbhackers.com

A Practical Approach for Post-Quantum Migration With Hybrid Clouds This Tech Tip outlines how organizations can make the shift to post-quantum cryptography for their hybrid cloud environment with minimal disruption. Go to gbhackers.com

Iran MOIS Phishes 50+ Embassies, Ministries, Int’l Orgs The Homeland Justice APT tried spying on countries and organizations from six continents, using more than 100 hijacked email accounts. Nate Nelson, Contributing Writer Go to gbhackers.com

Japan, South Korea Take Aim at North Korean IT Worker Scam With the continued success of North Korea’s IT worker scams, Asia-Pacific nations are working with private firms to blunt the scheme’s effectiveness. Robert Lemos, Contributing Writer Go to gbhackers.com

Russia’s APT28 Targets Microsoft Outlook With ‘NotDoor’ Malware The notorious Russian state-sponsored hacking unit, also known as Fancy Bear, is abusing Microsoft Outlook for covert data exfiltration. Rob Wright Go to gbhackers.com

Hacked Routers Linger on the Internet for Years, Data Shows While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked. Fahmida Y. Rashid Go to gbhackers.com

WhatsApp Bug Anchors Targeted Zero-Click iPhone Attacks A “sophisticated” attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Varonis Acquires Email Security Provider SlashNext to Enhance BEC Defenses Varonis plans to integrate SlashNext’s advanced phishing, BEC, and social engineering attack protection capabilities into its data security platform. Jeffrey Schwartz Go to gbhackers.com

UAE to Implement Cyber Education Initiative The initiative will be tailored to students and their growth in cybersecurity preparedness. Kristina Beek Go to gbhackers.com

Amazon Stymies APT29 Credential Theft Campaign A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft’s device code authentication flow. Jai Vijayan, Contributing Writer Go to gbhackers.com

Zscaler, Palo Alto Networks Breached via Salesloft Drift Two major security firms suffered downstream compromises as part of a large-scale supply chain attack involving Salesloft Drift, a marketing SaaS application from Salesforce. Alexander Culafi Go to gbhackers.com

Jaguar Land Rover Shuts Down in Scramble to Secure ‘Cyber Incident’ The luxury automaker said its retail and production activities have been “severely disrupted.” Kristina Beek Go to gbhackers.com

Hackers Are Sophisticated & Impatient — That Can Be Good You can’t negotiate with hackers from a place of fear — but you can turn their urgency against them with the right playbook, people, and preparation. Ensar Seker Go to gbhackers.com

NIST Enhances Security Controls for Improved Patching The U.S. National Institute of Standards and Technology released Security and Privacy Control version 5.2.0 to help organizations be more proactive regarding patching. Arielle Waldman Go to gbhackers.com

An Audit Isn’t a Speed Bump — It’s Your Cloud Co-Pilot Auditing must be seen for what it truly can be: a multiplier of trust, not a bottleneck of progress. Ravi Sharma Go to gbhackers.com

Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation Generating exploits with AI and large language models shrinks the time to target software flaws, giving security teams scant time to patch. Can enterprises adapt? Robert Lemos, Contributing Writer Go to gbhackers.com

CISA, FBI, NSA Warn of Chinese ‘Global Espionage System’ Three federal agencies were parties to a global security advisory this week warning about the extensive threat posed by Chinese nation-state actors targeting network devices. Alexander Culafi Go to gbhackers.com

Hackers Steal 4M+ TransUnion Customers’ Data The credit reporting agency said the breach was “limited to specific data elements” and didn’t include credit reports or core credit information. Kristina Beek Go to gbhackers.com

Akira, Clop Top List of 5 Most Active Ransomware-as-a-Service Groups Flashpoint published its 2025 mid-year ransomware report that highlighted the top five most prolific groups currently in operation. Arielle Waldman Go to gbhackers.com

1,000+ Devs Lose Their Secrets to an AI-Powered Stealer One of the most sophisticated supply chain attacks to date caused immense amounts of data to leak to the Web in a matter of hours. Nate Nelson, Contributing Writer Go to gbhackers.com

Dark Reading Confidential: A Guided Tour of Today’s Dark Web Dark Reading Confidential Episode 9: Join us for a look around today’s Dark Web, and find out how law enforcement, AI, nation-state activities, and more are reshaping the way cybercriminals conduct their dirty business online. Keith Jarvis, senior security researcher at Sophos’ Counter Threat Unit…

CISA’s New SBOM Guidelines Get Mixed Reviews Updated SBOM rules from CISA are a solid step toward making them more useful for cyber defenders but don’t address many critical needs, experts say. Becky Bracken Go to gbhackers.com

CrowdStrike to Acquire Onum, Boost Falcon Next-Gen SIEM This acquisition will bring Onum’s real-time data pipeline to CrowdStrike’s Falcon Next-Gen SIEM platform to deliver autonomous threat detection capabilities. Fahmida Y. Rashid Go to gbhackers.com

Anthropic AI Used to Automate Data Extortion Campaign The company said the threat actor abused its Claude Code service to “an unprecedented degree,” automating reconnaissance, intrusions, and credential harvesting. Rob Wright Go to gbhackers.com

‘ZipLine’ Phishers Flip Script as Victims Email First “ZipLine” appears to be a sophisticated and carefully planned campaign that has already affected dozens of small, medium, and large organizations across multiple industry sectors. Jai Vijayan, Contributing Writer Go to gbhackers.com

Nevada’s State Agencies Shutter in Wake of Cyberattack In response to a cyberattack that was first detected on Sunday, the governor shut down in-person services for state offices while restoration efforts are underway. Kristina Beek Go to gbhackers.com

China Hijacks Captive Portals to Spy on Asian Diplomats The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites. Nate Nelson, Contributing Writer Go to gbhackers.com

Google: Salesforce Attacks Stemmed From Third-Party App A group tracked as UNC6395 engaged in “widespread data theft” via compromised OAuth tokens from a third-party app called Salesloft Drift. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Storm-0501 Hits Enterprise With ‘Cloud-Based Ransomware’ Attack The financially motivated threat group used cloud resources to conduct a complex, ransomware-style attack against an enterprise victim. Alexander Culafi Go to gbhackers.com

AI-Powered Ransomware Has Arrived With ‘PromptLock’ Researchers raise the alarm that a new, rapidly evolving ransomware strain uses an OpenAI model to render and execute malicious code in real time, ushering in a new era of cyberattacks against enterprises. Becky Bracken Go to gbhackers.com

African Law Enforcement Agencies Nab Cybercrime Syndicates African nations work with Interpol and private-sector partners to disrupt cybercriminal operations on the continent, but more work needs to be done. Robert Lemos, Contributing Writer Go to gbhackers.com

1M Farmers Insurance Customer Data Compromised Though the company is informing its customers of the breach, Farmers isn’t publicly divulging what kinds of personal data were affected. Kristina Beek Go to gbhackers.com

Citrix Under Active Attack Again With Another Zero-Day The flaw is one of three that the company disclosed affecting its NetScaler ADC and NetScaler Gateway technologies. Jai Vijayan, Contributing Writer Go to gbhackers.com

Data I/O Becomes Latest Ransomware Attack Victim The “incident” led to outages affecting a variety of the tech company’s operations, though the full scope of the breach is unknown. Kristina Beek Go to gbhackers.com

Hook Android Trojan Now Delivers Ransomware-Style Attacks New features to take over smartphones and monitor user activity demonstrate the continued evolution of the malware, which is now being spread on GitHub. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

The Hidden Risk of Consumer Devices in the Hybrid Workforce Until businesses begin to account for uncontrolled variables in their threat models, attackers will continue to exploit the weakest link in the chain. Gene Moody Go to gbhackers.com

Hackers Lied In Wait, Then Knocked Out Iran Ship Comms Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list. Jai Vijayan, Contributing Writer Go to gbhackers.com

FTC Chair Tells Tech Giants to Hold the Line on Encryption The chairman sent letters out to companies like Apple, Meta, and Microsoft, advising them not to adhere to the demands of foreign governments to weaken their encryption. Kristina Beek Go to gbhackers.com

ClickFix Attack Tricks AI Summaries Into Pushing Malware Because instructions appear to come from AI-generated content summaries and not an external source, the victim is more likely to follow them without suspicion. Alexander Culafi Go to gbhackers.com

Fast-Spreading, Complex Phishing Campaign Installs RATs Attackers not only steal credentials but also can maintain long-term, persistent access to corporate networks through the global campaign. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Securing the Cloud in an Age of Escalating Cyber Threats As threats intensify and cloud adoption expands, organizations must leave outdated security models behind. Drew Firment, Matthew Lloyd Davies Go to gbhackers.com

Silk Typhoon Attacks North American Orgs in the Cloud A Chinese APT is going where most APTs don’t: deep into the cloud, compromising supply chains and deploying uncommon malware. Nate Nelson, Contributing Writer Go to gbhackers.com

ReVault Flaw Exposed Millions of Dell Laptops to Malicious Domination A bug in the control board that connects peripheral devices in commonly used Dell laptops allowed malicious access all the way down to the firmware running on the device chip, new research finds. Becky Bracken Go to gbhackers.com

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds Music tastes, location information, even encrypted messages — Apple’s servers are gathering a “surprising” amount of personal data through Apple Intelligence, Lumia Security’s Yoav Magid warns in his new analysis. Becky Bracken Go to gbhackers.com

Interpol Arrests Over 1K Cybercriminals in ‘Operation Serengeti 2.0’ The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds. Kristina Beek Go to gbhackers.com

The Growing Challenge of AI Agent and NHI Management The growing ecosystem of agents, chatbots, and machine credentials that outnumber human users by an order of magnitude is creating a poorly understood but potentially major security issue. Michael Morgenstern Go to gbhackers.com

Apple Patches Zero-Day Flaw Used in ‘Sophisticated’ Attack CVE-2025-43300 is the latest zero-day bug used in cyberattacks against “targeted individuals,” which could signify spyware or nation-state hacking. Rob Wright Go to gbhackers.com

Insurers May Limit Payments in Cases of Unpatched CVEs Some insurers look to limit payouts to companies that don’t remediate serious vulnerabilities in a timely manner. Unsurprisingly, most companies don’t like those restrictions. Robert Lemos, Contributing Writer Go to gbhackers.com

Do Claude Code Security Reviews Pass the Vibe Check? AI-assisted security reviews from Anthropic and others could help level up enterprise application security in the era of vibe coding. Ericka Chickowski, Contributing Writer Go to gbhackers.com

Personal Liability, Security Becomes Bigger Issues for CISOs While the furor from CISO prosecutions has died down, worries continue over a lack of liability protections and potential targeting by cybercriminals and hackers for their privileged roles. Robert Lemos, Contributing Writer Go to gbhackers.com

System Shocks? EV Smart Charging Tech Poses Cyber-Risks Trend Micro’s Salvatore Gariuolo talks with the Black Hat USA 2025 News Desk about how the new ISO 15118 standard for electric vehicle smart charging and vehicle-to-grid communications can be weaponized by threat actors. Rob Wright Go to gbhackers.com

Easy ChatGPT Downgrade Attack Undermines GPT-5 Security By using brief, plain clues in their prompts that are likely to influence the app to query older models, a user can downgrade ChatGPT for malicious ends. Nate Nelson, Contributing Writer Go to gbhackers.com

How Architectural Controls Help Can Fill the AI Security Gap NCC Group’s David Brauchler III shared how foundational controls and threat modeling strategies can help secure agentic AI tools in ways traditional guardrails can’t. Alexander Culafi Go to gbhackers.com

Tree of AST: A Bug-Hunting Framework Powered by LLMs Teenaged security researchers Sasha Zyuzin and Ruikai Peng discuss how their new vulnerability discovery framework leverages LLMs to address limitations of the past. Alexander Culafi Go to gbhackers.com

Hackers Abuse VPS Infrastructure for Stealth, Speed New research highlights how threat actors abuse legitimate virtual private server offerings in order to spin up infrastructure cheaply, quietly, and fast. Alexander Culafi Go to gbhackers.com

Prepping the Front Line for MFA Social Engineering Attacks Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest security assets. Paul Underwood Go to gbhackers.com

Tailing Hackers, Columbia University Uses Logging to Improve Security Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia’s research labs. Mercedes Cardona Go to gbhackers.com

DARPA: Closing the Open Source Security Gap With AI DARPA’s Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale. Alexander Culafi Go to gbhackers.com

DPRK, China Suspected in South Korean Embassy Attacks Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both. Nate Nelson, Contributing Writer Go to gbhackers.com

How Warlock Ransomware Targets Vulnerable SharePoint Servers Researchers highlight how Warlock, a new ransomware heavyweight, uses its sophisticated capabilities to target on-premises SharePoint instances. Alexander Culafi Go to gbhackers.com

Hacktivist Tied to Multiple Cyber Groups Sentenced to Jail At one point, Al-Tahery Al-Mashriky was hacking thousands of websites within the span of three months while stealing personal data and sensitive information. Kristina Beek Go to gbhackers.com

Cybercriminals Abuse Vibe Coding Service to Create Malicious Sites Some LLM-created scripts and emails can lower the barrier of entry for low-skill attackers, who can use services like Lovable to create convincing, effective websites in minutes. Rob Wright Go to gbhackers.com

FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw In the past year, “Static Tundra,” aka “Energetic Bear,” has breached thousands of end-of-life Cisco devices unpatched against a 2018 flaw, in a campaign targeting enterprises and critical infrastructure. Jai Vijayan, Contributing Writer Go to gbhackers.com

Side of Fries With That Bug? Hacker Finds Flaws in McDonald’s Staff, Partner Hubs Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

How Outer Space Became the Next Big Attack Surface VisionSpace Technologies’ Andrzej Olchawa and Milenko Starcik discussed a set of vulnerabilities capable of ending space missions at the Black Hat USA 2025 News Desk. Alexander Culafi Go to gbhackers.com

Incode Acquires AuthenticID to Enhance AI-Driven Identity Verification The combination of Incode’s AI models and AuthenticID’s experience running identity programs at scale in regulated environments will provide customers with holistic fraud signal analysis, multi-modal intelligence, real-time personhood verification, and advanced deepfake detection. Fahmida Y. Rashid Go to gbhackers.com

Europe’s Ransomware Surge Is a Warning Shot for US Defenders We can strip attackers of their power by implementing layered defenses, ruthless patch management, and incident response that assumes failure and prioritizes transparency. Grayson Milbourne Go to gbhackers.com

Asian Orgs Shift Cybersecurity Requirements to Suppliers The uptick in breaches in Asia has prompted a Japanese chipmaker and the Singaporean government to require vendors to pass cybersecurity checks to do business. Robert Lemos, Contributing Writer Go to gbhackers.com

Russian Hacktivists Take Aim at Polish Power Plant, Again This attack was seemingly more successful than the first iteration, causing disruptions at the plant. Kristina Beek Go to gbhackers.com

How to Vibe Code With Security in Mind As more organizations integrate vibe coding and AI-assisted coding into their application development processes, it’s important to remember to put security first. Alexander Culafi Go to gbhackers.com

‘RingReaper’ Sneaks Right Past Linux EDRs The highly sophisticated post-compromise tool abuses the Linux kernel’s io_uring interface to remain hidden from endpoint detection and response systems. Jai Vijayan, Contributing Writer Go to gbhackers.com

AI Agents Access Everything, Fall to Zero-Click Exploit Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has “grown arms and legs” —and what that means for cyber risk. Rob Wright Go to gbhackers.com

Millions Allegedly Affected in Allianz Insurance Breach Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers. Kristina Beek Go to gbhackers.com

PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

10 Major GitHub Risk Vectors Hidden in Plain Sight By addressing these overlooked risk vectors, organizations can continue leveraging GitHub’s innovation while protecting against sophisticated supply chain attacks targeting interconnected software. Liad Cohen, Eyal Paz Go to gbhackers.com

‘DripDropper’ Hackers Patch Their Own Exploit An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw. Jai Vijayan, Contributing Writer Go to gbhackers.com

Secure AI Use Without the Blind Spots Why every company needs a clear, enforceable AI policy — now. Joan Goodchild Go to gbhackers.com

Noodlophile Stealer Hides Behind Bogus Copyright Complaints Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures. Alexander Culafi Go to gbhackers.com

Workday Breach Likely Linked to ShinyHunters Salesforce Attacks The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system but did not gain access to customer information; only “commonly available” business contact info was exposed. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

How Evolving RATs Are Redefining Enterprise Security Threats A more unified and behavior-aware approach to detection can significantly improve security outcomes. Aditya K. Sood Go to gbhackers.com

Defending Against Cloud Threats Across Multicloud Environments The vast majority of companies are using more than one cloud platform, yet struggle to establish and monitor security across different environments giving attackers an opening. Robert Lemos, Contributing Writer Go to gbhackers.com

New Quantum-Safe Alliance Aims to Accelerate PQC Implementation The new Quantum-Safe 360 Alliance will provide roadmaps, technology, and services to help organizations navigate the post-quantum cryptography transition before the 2030 deadline. Jeffrey Schwartz Go to gbhackers.com

RealDefense Opens $10M Fund to Help OEMs Monetize Installs With SmartScan Cybersecurity SDK Go to gbhackers.com

Colt Telecommunications Struggles in Wake of Cyber Incident The UK telco said it temporarily took some systems offline as a “protective” measure in its investigation. Kristina Beek Go to gbhackers.com

Using Security Expertise to Bridge the Communication Gap Security-focused leadership delivers better products and business outcomes. Mike Riemer Go to gbhackers.com

Water Systems Under Attack: Norway, Poland Blame Russia Actors Water and wastewater systems have become a favored target of nation-state actors, drawing increasing scrutiny following attacks on systems in multiple countries. Robert Lemos, Contributing Writer Go to gbhackers.com

Downgrade Attack Allows Phishing Kits to Bypass FIDO You probably can’t break FIDO authentication. Still, researchers have shown that there are ways to get around it. Nate Nelson, Contributing Writer Go to gbhackers.com

State and Local Leaders Lobby Congress for Cybersecurity Resources Federal funding cuts to the Multi-State Information Sharing and Analysis Center (MS-ISAC) are about to leave more than 18,000 state and local organizations without access to basic cybersecurity resources they need to protect US national security, a letter sent to Congressional appropriators warns. Becky Bracken Go…

Police & Government Email Access For Sale on Dark Web Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentially, a higher success rate than ever. Kristina Beek Go to gbhackers.com

CISA Warns N-able Bugs Under Attack, Patch Now Two critical N-able vulnerabilities enable local code execution and command injection, and require authentication to exploit, suggesting they wouldn’t be seen at the beginning of an exploit chain. Alexander Culafi Go to gbhackers.com

Cybersecurity Spending Slows & Security Teams Shrink Security budgets are lowest in healthcare, professional and business services, retail, and hospitality, but budget growth remained above 5% in financial services, insurance, and tech. Kristina Beek Go to gbhackers.com

Navigating the Cybersecurity Budget Tug-of-War Companies ready to move beyond reactive defense and toward full-spectrum protection need to invest in strategies that rally around resiliency, unified cybersecurity, and data protection. Scott Cooper Go to gbhackers.com

North Korea Attacks South Koreans With Ransomware DPRK hackers are throwing every kind of malware at the wall and seeing what sticks, deploying stealers, backdoors, and ransomware all at once. Nate Nelson, Contributing Writer Go to gbhackers.com

Fortinet Products Are in the Crosshairs Again The company disclosed a critical FortiSIEM flaw with a PoC exploit for it the same week researchers warned of an ominous surge in malicious traffic targeting the vendor’s SSL VPNs. Jai Vijayan, Contributing Writer Go to gbhackers.com

Whispers of XZ Utils Backdoor Live on in Old Docker Images Developers maintaining the images made the “intentional choice” to leave the artifacts available as “a historical curiosity,” given the improbability they’d be exploited. Alexander Culafi Go to gbhackers.com

Patch Now: Attackers Target OT Networks via Critical RCE Flaw Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com