Tag: darkreading

What the LockBit 4.0 Leak Reveals About RaaS Groups The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don’t prepare are going to face uncertainty caused by the lack of attackers’ accountability. Michele Campobasso Go to gbhackers.com

China Questions Security of AI Chips From Nvidia, AMD The US banned the sale of AI chips to China and then backed off. Now, Chinese sources are calling on NVIDIA to prove its AI chips have no backdoors. Robert Lemos, Contributing Writer Go to gbhackers.com

Elevation-of-Privilege Vulns Dominate Microsoft’s Patch Tuesday The company’s August security update consisted of patches for 111 unique Common Vulnerabilities and Exposures (CVEs). Jai Vijayan, Contributing Writer Go to gbhackers.com

Charon Ransomware Emerges With APT-Style Tactics The first documented deployment of the novel malware in a campaign against the Middle Eastern public sector and aviation industry may be tied to China’s state-sponsored actor Earth Baxia. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

How to Stay a Step Ahead of a Non-Obvious Threat Securing business logic isn’t just a technical requirement — it’s a business imperative. Dirk Schrader Go to gbhackers.com

ShinyHunters Tactics Now Mirror Scattered Spider There’s growing evidence that two of arguably the most dangerous cybercrime groups out there are tag-teaming big targets. Jai Vijayan, Contributing Writer Go to gbhackers.com

BlackSuit Ransomware Takes an Infrastructure Hit From Law Enforcement A swarm of US agencies joined with international partners to take down servers and domains and seize more than $1 million associated with BlackSuit (Royal) ransomware operations, a group that has been a chronic, persistent threat against critical infrastructure. Becky Bracken Go to gbhackers.com

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack REvil affiliate Yaroslav Vasinskyi, who was convicted last year for his role in the 2021 Kaseya ransomware supply chain attack, said the Russian government was instrumental to the attack’s execution. Alexander Culafi Go to gbhackers.com

Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours Researchers paired the jailbreaking technique with storytelling in an attack flow that used no inappropriate language to guide the LLM into producing directions for making a Molotov cocktail. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Utilities, Factories at Risk From Encryption Holes in Industrial Protocol The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways. Alexander Culafi Go to gbhackers.com

Will Secure AI Be the Hottest Career Path in Cybersecurity? Securing AI systems represents cybersecurity’s next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional demands. Melina Scotto Go to gbhackers.com

60 RubyGems Packages Steal Data From Annoying Spammers A Dark Web antihero has been stealing and then reselling credentials from unsavory online characters. Their motives are questionable, but the schadenfreude is irresistible. Nate Nelson, Contributing Writer Go to gbhackers.com

BigID Launches Shadow AI Discovery to Uncover Rogue Models and Risky AI Data Go to gbhackers.com

PwC Announces Addition of Morgan Adamski to Leadership of Cyber, Data & Technology Risk Platform Go to gbhackers.com

Cybersecurity Incident at Allianz Life Exposes Personal Information of Hundreds of Thousands Go to gbhackers.com

Ransomware Attacks Fall by Almost Half in Q2 Go to gbhackers.com

Redefining the Role: What Makes a CISO Great Security is everyone’s responsibility, but as a CISO, it starts with you. Lane Sullivan Go to gbhackers.com

Silver Fox APT Blurs the Line Between Espionage & Cybercrime Silver Fox is the Hannah Montana of Chinese threat actors, effortlessly swapping between petty criminal and nation-state-type attacks. Nate Nelson, Contributing Writer Go to gbhackers.com

Attackers Target the Foundations of Crypto: Smart Contracts A whole criminal ecosystem revolves around scamming users out of their crypto assets, but malicious — or vulnerable — smart contracts could be used against businesses as well. Robert Lemos, Contributing Writer Go to gbhackers.com

‘Samourai’ Cryptomixer Founders Plead Guilty to Money Laundering As part of their plea deal, the cybercriminal founders will also have to forfeit more than $200 million. Kristina Beek Go to gbhackers.com

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking A software developer discovered a way to abuse an undocumented protocol in Amazon’s Elastic Container Service to escalate privileges, cross boundaries, and gain access to other cloud resources. Rob Wright Go to gbhackers.com

Air France, KLM Alert Authorities of Data Breach While no sensitive financial data like credit card information was compromised, the threat actors were able to get away with names, email addresses, phone numbers, and more. Kristina Beek Go to gbhackers.com

Startup Spotlight: Twine Security Tackles the Execution Gap The company, one of four finalists in this year’s Black Hat USA Startup Spotlight competition, uses multi-agent system to build AI Digital Employees. Dark Reading Staff Go to gbhackers.com

The Critical Flaw in CVE Scoring With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity. Ofri Ouzan Go to gbhackers.com

Researcher Deploys Fuzzer to Test Autonomous Vehicle Safety As autonomous vehicles continue to evolve, this research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems. Arielle Waldman Go to gbhackers.com

Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults Secrets managers hold all the keys to an enterprise’s kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities. Nate Nelson, Contributing Writer Go to gbhackers.com

‘ReVault’ Security Flaws Impact Millions of Dell Laptops The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems. Jai Vijayan, Contributing Writer Go to gbhackers.com

VexTrio Cybercrime Outfit Run by Legit Ad Tech Firms New research reveals that a malicious traffic distribution system (TDS) is run not by “hackers in hoodies,” but by a series of corporations operating in the commercial digital advertising industry. Rob Wright Go to gbhackers.com

Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence. Kristina Beek Go to gbhackers.com

Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw Two critical vulnerabilities affect the security vendor’s management console, one of which is under active exploitation. The company has updated cloud-based products but won’t have a patch for its on-premises version until mid-August. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

What CMMC 3.0 Really Means for Government Contractors The ultimate goal of CMMC 3.0 is not just compliance — it’s resilience. Kyle Dewar Go to gbhackers.com

Phishers Abuse Microsoft 365 to Spoof Internal Users The “Direct Send” feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways. Jai Vijayan, Contributing Writer Go to gbhackers.com

With Eyes on AI, African Orgs Push Security Awareness Against the backdrop of the artificial intelligence surge, most African organizations have some form of cybersecurity awareness training but fail to test frequently and don’t trust the results. Robert Lemos, Contributing Writer Go to gbhackers.com

Pandora Confirms Third-Party Data Breach, Warns of Phishing Attempts The jewelry retailer is warning customers that their data can and might be used maliciously. Kristina Beek Go to gbhackers.com

RCE Flaw in AI-Assisted Coding Tool Poses Software Supply Chain Risk A critical vulnerability in the trust model of Cursor, a fast-growing tool for LLM-assisted development, allows for silent and persistent remote code execution. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Cisco User Data Stolen in Vishing Attack The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including email addresses and phone numbers. Alexander Culafi Go to gbhackers.com

Why the Old Ways Are Still the Best for Most Cybercriminals While the cybercrime underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020. Jon Clay Go to gbhackers.com

Minimal, Hardened, and Updated Daily: The New Standard for Secure Containers Chainguard provides DevSecOps teams with a library of “secure-by-default” container images so that they don’t have to worry about software supply chain vulnerabilities. The startup is expanding its focus to include Java and Linux, as well. Jeffrey Schwartz Go to gbhackers.com

Nvidia Patches Critical RCE Vulnerability Chain The flaws in the company’s Triton Inference Server enables model theft, data leaks, and response manipulation. Jai Vijayan, Contributing Writer Go to gbhackers.com

CISA & FEMA Announce $100M+ in Community Cybersecurity Grants The grants are intended to help states, tribes, and localities enhance their cybersecurity resilience by providing them with monetary resources to reduce risks and implement new procedures. Kristina Beek Go to gbhackers.com

Threat Actors Increasingly Leaning on GenAI Tools From “eCrime” actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations. Alexander Culafi Go to gbhackers.com

Darktrace Acquires Mira Security Go to gbhackers.com

42% of Developers Using AI Say Their Codebase is Now Mostly AI-Generated Go to gbhackers.com

Akira Ramps Up Assault on SonicWall Firewalls, Suggesting Zero-Day An uptick of ransomware activity by the group in late July that uses the vendor’s SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Turning Human Vulnerability Into Organizational Strength Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls. Erich Kron Go to gbhackers.com

What is the Role of Provable Randomness in Cybersecurity? Random numbers are the cornerstone of cryptographic security — cryptography depends on generating random keys. As organizations adopt quantum-resistant algorithms, it’s equally important to examine the randomness underpinning them Duncan Jones Go to gbhackers.com

Dark Reading News Desk Turns 10, Back at Black Hat USA for 2025 Dark Reading’s 2025 News Desk marks a decade of Black Hat USA memories. We’re making our return with a slate of interviews that help you stay up on the latest research from Black Hat — no trip to Las Vegas required. Becky…

LLMs’ AI-Generated Code Remains Wildly Insecure Security debt ahoy: only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time. Robert Lemos, Contributing Writer Go to gbhackers.com

Building the Perfect Post-Security Incident Review Playbook By creating a safe environment for open discussion, prioritizing human context alongside technical data, and involving diverse stakeholders, organizations can turn security incidents into accelerators of resilience. Pritesh Parekh Go to gbhackers.com

New ‘Shade BIOS’ Technique Beats Every Kind of Security What if malware didn’t require an operating system to function? How would anyone possibly notice, let alone disable it? Nate Nelson, Contributing Writer Go to gbhackers.com

GITEX GLOBAL 2025 Go to gbhackers.com

SIEMs: Dying a Slow Death or Poised for AI Rebirth? The SIEM market is at a pivotal point as XDR platforms and generative AI shake up the security analytics space. Rob Wright Go to gbhackers.com

Gen Z Falls for Scams 2x More Than Older Generations Forget gullible old people — Gen Z is the most at-risk age group on the Web. Older folks might want to ignore it, but employers are likely to feel the brunt. Nate Nelson, Contributing Writer Go to gbhackers.com

DragonForce Ransom Cartel Profits Off Rivals’ Demise The fall of RansomHub led to a major consolidation of the ransomware ecosystem last quarter, which was a boon for the DragonForce and Qilin gangs. Alexander Culafi Go to gbhackers.com

SafePay Claims Ingram Micro Breach, Sets Ransom Deadline The ransomware gang claims to have stolen 3.5TB of data, and told the technology distributor to pay up or suffer a data breach. Rob Wright Go to gbhackers.com

3 Things CFOs Need to Know About Mitigating Threats To reposition cybersecurity as a strategic, business-critical investment, CFOs and CISOs play a critical role in articulating the significant ROI that robust security measures can deliver. Raymond Daoud Go to gbhackers.com

Russia’s Secret Blizzard APT Gains Embassy Access via ISPs An ongoing AitM campaign by the infamous Moscow-sponsored cyber threat actor has widened its scope, dropping the dangerous ApolloShadow custom backdoor malware thanks to lawful intercept systems. Tara Seals Go to gbhackers.com

Getting a Cybersecurity Vibe Check on Vibe Coding Following a number of high-profile security and development issues surrounding the use of LLMs and GenAI to code and create applications, it’s worth taking a temperature check to ask: Is this technology ready for prime time? Alexander Culafi Go to gbhackers.com

What the Coinbase Breach Says About Insider Risk The lesson from the breach is not just about what went wrong — but what could have gone right. Verrion Wright Go to gbhackers.com

Dark Reading Confidential: Funding the CVE Program of the Future Dark Reading Confidential Episode 8: Federal funding for the CVE Program expires in April 2026, and a trio of experts agree the industry isn’t doing enough to deal with the looming crisis. Bugcrowd’s Trey Ford, expert Adam Shostack, and CVE historian Brian Martin sit down…

Low-Code Tools in Microsoft Azure Allowed Unprivileged Access Using the API Connections for Azure Logic Apps, a security researcher found unauthenticated users could access sensitive data of other customers. Robert Lemos, Contributing Writer Go to gbhackers.com

Koreans Hacked, Blackmailed by 250+ Fake Mobile Apps A swath of copycat Korean apps are hiding spyware, occasionally leading to highly personal, disturbing extortions. Nate Nelson, Contributing Writer Go to gbhackers.com

Silk Typhoon Linked to Powerful Offensive Tools, PRC-Backed Companies An unsealed indictment associated with the Chinese threat group shows its members worked for companies closely aligned with the PRC as part of a larger contractor ecosystem. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

The CrowdStrike Outage Was Bad, but It Could Have Been Worse A year after the largest outage in IT history, organizations need to make an active effort to diversify their technology and software vendors and create a more resilient cyber ecosystem moving forward. Roger Cressey Go to gbhackers.com

Attackers Can Use Browser Extensions to Inject AI Prompts A proof-of-concept attack shows how threat actors can use a poisoned browser extension to inject malicious prompts into a generative AI tool. Alexander Culafi Go to gbhackers.com

African Orgs Fall to Mass Microsoft SharePoint Exploits The National Treasury of South Africa is among the half-dozen known victims in South Africa — along with other nations — of the mass compromise of on-premises Microsoft SharePoint servers. Robert Lemos, Contributing Writer Go to gbhackers.com

Nimble ‘Gunra’ Ransomware Evolves With Linux Variant The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

The Hidden Threat of Rogue Access With the right IGA tools, governance policies, and risk thresholds, enterprises can continuously detect and act on rogue access before attackers do. Durgaprasad Balakrishnan Go to gbhackers.com

Critical Flaw in Vibe-Coding Platform Base44 Exposed Apps A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44. Jai Vijayan, Contributing Writer Go to gbhackers.com

Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains. Nate Nelson, Contributing Writer Go to gbhackers.com

Root Evidence Bets on New Concept for Vulnerability Patch Management The number of concerning vulnerabilities may be much smaller than organizations think, and this cybersecurity startup aims to narrow down the list to the most critical ones. Arielle Waldman Go to gbhackers.com

Insurance Giant Allianz Life Grapples With Breach Affecting ‘Majority’ of Customers The company has yet to report an exact number of how many individuals were impacted by the breach and plans to start the notification process around Aug. 1. Kristina Beek Go to gbhackers.com

Chaos Ransomware Rises as BlackSuit Gang Falls Researchers detailed a newer double-extortion ransomware group made up of former members of BlackSuit, which was recently disrupted by international law enforcement. Alexander Culafi Go to gbhackers.com

Sophisticated Shuyal Stealer Targets 19 Browsers, Demonstrates Advanced Evasion A new infostealing malware making the rounds can exfiltrate credentials and other system data even from browsing software considered more privacy-focused than mainstream options. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

How to Spot Malicious AI Agents Before They Strike The rise of agentic AI means the battle of the machines is just beginning. To win, we’ll need our own agents — human and machine — working together. Alisdair Faulkner Go to gbhackers.com

Cyber Career Opportunities: Weighing Certifications vs. Degrees Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry. Kristina Beek, Tara Seals Go to gbhackers.com

‘Fire Ant’ Cyber Spies Compromise Siloed VMware Systems Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims’ networks. Rob Wright Go to gbhackers.com

AI-Generated Linux Miner ‘Koske’ Beats Human Malware AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do. Nate Nelson, Contributing Writer Go to gbhackers.com

North Korea’s IT Worker Rampage Continues Amid DoJ Action Arrests and indictments keep coming, but the North Korean fake IT worker scheme is only snowballing, and businesses can’t afford to assume their applicant-screening processes are up to the task of weeding the imposters out. Tara Seals Go to gbhackers.com

Why Security Nudges Took Off Nudges can be powerful — but they are not immune to overuse or misapplication. Swati Babbar Go to gbhackers.com

The Young and the Restless: Young Cybercriminals Raise Concerns National governments warn that many hacker groups attract young people through a sense of community, fame, or the promise of money and the perception of a lack of risk of prosecution. Robert Lemos, Contributing Writer Go to gbhackers.com

Can Security Culture Be Taught? AWS Says Yes Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key. Rob Wright Go to gbhackers.com

Law Enforcement Cracks Down on XSS — But Will it Last? The arrest of a suspected administrator for the popular cybercrime forum was one of several enforcement actions in the past week targeting malicious activity. Rob Wright Go to gbhackers.com

Ransomware Actors Pile on ‘ToolShell’ SharePoint Bugs Storm-2603, a China-based threat actor, is targeting SharePoint customers in an ongoing ransomware campaign. Alexander Culafi Go to gbhackers.com

Translating Cyber-Risk for the Boardroom When security leaders embrace this truth and learn to speak in the language of leadership, they don’t just protect the enterprise, they help lead it forward. Ashley Rose Go to gbhackers.com

Fixed Ivanti Bugs Still Haunt Japan Orgs 6 Months Later Chinese threat actors have been feeding off the same Ivanti RCE vulnerabilities we’ve known about since last year, partly thanks to complications in patching. Nate Nelson, Contributing Writer Go to gbhackers.com

Banking Trojan Coyote Abuses Windows UI Automation It’s the first known instance of malware that abuses the UIA framework and has enabled dozens of attacks against banks and crypto exchanges in Brazil. Jai Vijayan, Contributing Writer Go to gbhackers.com

Dark Web Hackers Moonlight as Travel Agents Hackers are using stolen goods such as credit cards and loyalty points to book travel for sometimes unsuspecting clients, and remote workers, SMBs, travel brands, and others are at risk. Alexander Culafi Go to gbhackers.com

Department of Education Site Mimicked in Phishing Scheme An ongoing phishing campaign is using fake versions of the department’s G5 grant portal, taking advantage of political turmoil associated with the DoE’s 1,400 layoffs. Alexander Culafi Go to gbhackers.com

Stop AI Bot Traffic: Protecting Your Organization’s Website As crawlers and bots bog down websites in the era of AI, some researchers say that the solution for the Internet’s most vulnerable websites is already here. Kristina Beek Go to gbhackers.com

Lumma Stealer Is Back & Stealthier Than Ever The operators of the popular and prolific malware wasted no time in regrouping after an FBI takedown in May, and they’re back to their old tricks. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

China Introduces National Cyber ID Amid Privacy Concerns China officially rolled out a voluntary Internet identity system to protect citizens’ online identities and personal information, but critics worry about privacy and surveillance. Robert Lemos, Contributing Writer Go to gbhackers.com

3 China Nation-State Actors Target SharePoint Bugs Hackers and cybercrime groups are part of a virtual feeding frenzy, after Microsoft’s recent disclosure of new vulnerabilities in on-premises editions of SharePoint Server. Jai Vijayan, Contributing Writer Go to gbhackers.com

Dell Breached by Extortion Group, Says Data Stolen Was ‘Fake’ The World Leaks group accessed and released data from the company’s Customer Solution Center, which is separated from customer and partner systems and stores primarily “synthetic” datasets used for demos and testing, Dell said. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Darktrace Acquires Mira Security for Network Visibility The acquisition gives the British cybersecurity solutions provider more insights into encrypted network traffic and additional decryption capabilities. Dark Reading Staff Go to gbhackers.com

Marine Transportation Final Cyber Rule Goes Into Effect The cybersecurity rule has several requirements that must be met and will follow an extended timeline over the next two years. Kristina Beek Go to gbhackers.com

China-Backed APT41 Cyberattack Surfaces in Africa Up to now, the prolific China-sponsored cyber-espionage group has been mostly absent from the region, but a sophisticated and highly targeted attack on an African IT company shows Beijing is branching out. Jai Vijayan, Contributing Writer Go to gbhackers.com

Malicious Implants Are Coming to AI Components, Applications A red teamer is publishing research next month about how weaknesses in modern security products lay the groundwork for stealthy implants in AI-powered applications. Alexander Culafi Go to gbhackers.com

Europol Sting Leaves Russian Cybercrime’s ‘NoName057(16)’ Group Fractured National authorities have issued seven arrest warrants in total relating to the cybercrime collective known as NoName057(16), which recruits followers to carry out DDoS attacks on perceived enemies of Russia. Kristina Beek Go to gbhackers.com

Microsoft Rushes Emergency Patch for Actively Exploited SharePoint ‘ToolShell’ Bug Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and other businesses in ongoing and widespread attacks. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com