Tag: darkreading

Hundreds of MCP Servers Expose AI Models to Abuse, RCE The servers that connect AI with real-world data are occasionally wide-open channels for cyberattacks. Nate Nelson, Contributing Writer Go to gbhackers.com

Generative AI Exacerbates Software Supply Chain Risks Malicious actors are exploiting AI-fabricated software components — presenting a major challenge for securing software supply chains. Georgianna Shea, Elaine Ly Go to gbhackers.com

XOR Marks the Flaw in SAP GUI The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user’s input history feature. Jai Vijayan, Contributing Writer Go to gbhackers.com

Africa Sees Surge in Cybercrime as Law Enforcement Struggles Cybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off. Robert Lemos, Contributing Writer Go to gbhackers.com

Threat Actor Trojanizes Copy of SonicWall NetExtender VPN App A threat actor hacked a version of SonicWall’s NetExtender SSL VPN application in an effort to trick users into installing a Trojanized version of the product. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

China-Nexus ‘LapDogs’ Network Thrives on Backdoored SOHO Devices The campaign infected devices in the US and Southeast Asia to build an operational relay box (ORB) network for use as an extensive cyber-espionage infrastructure. Rob Wright Go to gbhackers.com

Steel Giant Nucor Confirms Data Stolen in Cyberattack America’s largest steel producer initially disclosed the breach in May and took potentially affected systems offline to investigation the intrusion and contain any malicious activity. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

How the US Military Is Redefining Zero Trust Trust no longer comes from network boundaries alone but from continuously validating and protecting data and identities at every interaction. Kelly Davis Go to gbhackers.com

IBM Pushes for More Collaboration Between Security, Governance IBM integrates its governance and AI security tools to address the risks associated with the AI adoption boom. Jeffrey Schwartz Go to gbhackers.com

SparkKitty Swipes Pics from iOS, Android Devices Like its predecessor, SparkCat, the new malware appears to be going after sensitive data — such as seed phrases for cryptocurrency wallets — in device photo galleries. Jai Vijayan, Contributing Writer Go to gbhackers.com

‘Echo Chamber’ Attack Blows Past AI Guardrails An AI security researcher has developed a proof of concept that uses subtle, seemingly benign prompts to get GPT and Gemini to generate inappropriate content. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

DHS Warns of Rise in Cyberattacks in Light of US-Iran Conflict After President’s Trump decision to enter the US into the conflict in the Middle East, the Department of Homeland Security expects there to be an uptick in Iranian hacktivists and state-sponsored actors targeting US systems. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Attackers Use Docker APIs, Tor Anonymity in Stealthy Crypto Heist The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

A CISO’s AI Playbook In a market where security budgets flatten while threats accelerate, improving analyst throughput is fiscal stewardship. Erik Willie Go to gbhackers.com

AWS Enhances Cloud Security With Better Visibility Features At this week’s re:Inforce 2025 conference, the cloud giant introduced new capabilities to several core security products to provide customers with better visibility and more context on potential threats. Rob Wright Go to gbhackers.com

Hackers Post Dozens of Malicious Copycat Repos to GitHub As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers. Nate Nelson, Contributing Writer Go to gbhackers.com

Telecom Giant Viasat Is Latest Salt Typhoon Victim The communications company shared the discoveries of its investigation with government partners, but there is little information they can publicly disclose other than that there seems to be no impact to customers. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

How to Lock Down the No-Code Supply Chain Attack Surface Securing the no-code supply chain isn’t just about mitigating risks — it’s about enabling the business to innovate with confidence. Amichai Shulman Go to gbhackers.com

Security Evolution: From Pothole Repair to Road Building Instead of constantly fixing security vulnerabilities, organizations should proactively build secure foundations that enable businesses to move faster while reducing risk. Andy Ellis Go to gbhackers.com

Scammers Spread False Support Info Using Legitimate Websites In a new wrinkle on the tech support scam front, these search parameter injection attacks dupe victims into believing they are receiving technical help when they are actually speaking to fraudsters. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Paragon Commercial Spyware Infects Prominent Journalists An unnamed customer of Paragon’s Graphite product used the commercial spyware to target at least two prominent European journalists in recent months. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Iran-Israel War Triggers a Maelstrom in Cyberspace As Iran closes its cyberspace to the outside world, hacktivists are picking sides, while attacks against Israel surge and spread across the region. Nate Nelson, Contributing Writer Go to gbhackers.com

OpenAI Awarded $200M Contract to Work With DoD OpenAI intends to help streamline the Defense Department’s administrative processes using artificial intelligence. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped Many cybersecurity professionals still don’t feel comfortable admitting when they need a break. And the impact goes beyond being overworked. Arielle Waldman Go to gbhackers.com

GodFather Banking Trojan Debuts Virtualization Tactic The Android malware is targeting Turkish financial institutions, completely taking over legitimate banking and crypto apps by creating an isolated virtualized environment on a device. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

How CISOs Can Govern AI & Meet Evolving Regulations Security teams are no longer just the last line of defense — they are the foundation for responsible AI adoption. Ben de Bont Go to gbhackers.com

Serpentine#Cloud Uses Cloudflare Tunnels in Sneak Attacks An unidentified threat actor is using .lnk Windows shortcut files in a series of sophisticated attacks utilizing in-memory code execution and living-off-the-land cyberattack strategies. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Indian Car-Sharing Firm Zoomcar Latest to Suffer Breach The company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails. Robert Lemos, Contributing Writer Go to gbhackers.com

‘HoldingHands’ Acts Like a Pickpocket With Taiwan Orgs Since at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies. Jai Vijayan, Contributing Writer Go to gbhackers.com

Private 5G: New Possibilities — and Potential Pitfalls While ushering in “great operational value” for organizations, private 5G networks add yet another layer to CISOs’ responsibilities. Richard Thurston Go to gbhackers.com

Operation Endgame: Do Takedowns and Arrests Matter? Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals. James Shank Go to gbhackers.com

Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

WestJet Airlines App, Website Suffer After Cyber Incident Though its operations are running smoothly, the airline warned customers and employees to exercise caution when sharing personal information online. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Malicious Chimera Turns Larcenous on Python Package Index Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks. Jai Vijayan, Contributing Writer Go to gbhackers.com

Anubis Ransomware-as-a-Service Kit Adds Data Wiper The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Washington Post Staffer Emails Targeted in Cyber Breach Journalists’ Microsoft accounts were breached, which would have given attackers access to emails of staff reporters covering national security, economic policy, and China. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

‘Water Curse’ Targets Infosec Pros Via Poisoned GitHub Repositories The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Security Is Only as Strong as the Weakest Third-Party Link Third-party risks are increasing dramatically, requiring CISOs to evolve from periodic assessments to continuous monitoring and treating partner vulnerabilities as their own to enhance organizational resilience. Shimon Modi Go to gbhackers.com

NIST Outlines Real-World Zero-Trust Examples SP 1800-35 offers 19 examples of how to implement zero-trust architecture (ZTA) using off-the-shelf commercial technologies. Fahmida Y. Rashid Go to gbhackers.com

CISA Reveals ‘Pattern’ of Ransomware Attacks Against SimpleHelp RMM A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January. Arielle Waldman Go to gbhackers.com

Threat Actor Abuses TeamFiltration for Entra ID Account Takeovers Proofpoint researchers discovered a large-scale campaign using the open source penetration-testing framework that has targeted more than 80,000 Microsoft accounts. Rob Wright Go to gbhackers.com

Why CISOs Must Align Business Objectives & Cybersecurity This alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals. Chad E. LeMaire Go to gbhackers.com

Cyberattacks on Humanitarian Orgs Jump Worldwide These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common. Robert Lemos, Contributing Writer Go to gbhackers.com

Researchers Detail Zero-Click Copilot Exploit ‘EchoLeak’ Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Hacking the Hackers: When Bad Guys Let Their Guard Down A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders. Jai Vijayan, Contributing Writer Go to gbhackers.com

Foundations of Cybersecurity: Reassessing What Matters To truly future-proof your cybersecurity approach, it’s vital to ensure that your security program is flexible and adaptable to both current and future business demands. Brent Stackhouse Go to gbhackers.com

Infostealer Ring Bust-up Takes Down 20,000 Malicious IPs Interpol’s Operation Secure arrested more than 30 suspects across Vietnam, Sri Lanka, and Nauru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams. Becky Bracken Go to gbhackers.com

Infostealer Ring Bust-up Takes Down 20,000 Malicious IPs Interpol’s Operation Secure arrested more than 20 suspects across Vietnam, Sri Lanka, and Naru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams. Becky Bracken Go to gbhackers.com

ConnectWise to Rotate Code-Signing Certificates The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher. Rob Wright Go to gbhackers.com

Agentic AI Takes Over Gartner’s SRM Summit Agentic AI was everywhere at Gartner’s Security & Risk Management Summit in Washington, DC, this year, as the AI security product engine chugs ahead at full speed. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Google Bug Allowed Brute-Forcing of Any User Phone Number The weakness in Google’s password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks. Go to gbhackers.com

Security Pitfalls & Solutions of Multiregion Cloud Architectures Cloud resilience is no longer just about surviving service interruptions; it’s about operating securely under any circumstances, across any geographic area. Sachin Suryawanshi Go to gbhackers.com

Mirai Botnets Exploit Flaw in Wazuh Security Platform The two campaigns are good examples of the ever-shrinking time-to-exploit timelines that botnet operators have adopted for newly published CVEs. Rob Wright Go to gbhackers.com

Bridging the Secure Access Gap in Third-Party, Unmanaged Devices ESG research suggests security teams are using enterprise browsers to complement existing security tools and address network access issues. Fahmida Y. Rashid Go to gbhackers.com

India’s Security Leaders Struggle to Keep Up With Threats Business and security executives in the South Asian nation worry over AI, cybersecurity, new digital privacy regulations, and a talent gap that hobbles innovation. Robert Lemos, Contributing Writer Go to gbhackers.com

Stealth Falcon APT Exploits Microsoft RCE Zero-Day in Mideast The bug is one of 66 disclosed and patched today by Microsoft as part of its June 2025 Patch Tuesday set of security vulnerability fixes. Tara Seals Go to gbhackers.com

PoC Code Escalates Roundcube Vuln Threat The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server. Jai Vijayan, Contributing Writer Go to gbhackers.com

Red Canary Expands AI Innovations to Cut Alert Overload Go to gbhackers.com

United Natural Food’s Operations Limp Through Cybersecurity Incident It’s unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company’s operations. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Poisoned npm Packages Disguised as Utilities Aim for System Wipeout Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

New Trump Cybersecurity Order Reverses Biden, Obama Priorities The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government’s cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design. Becky Bracken Go to gbhackers.com

New Trump Cybersecurity Order Reverses Biden, Obama Priorities The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government’s cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design. Becky Bracken Go to gbhackers.com

OpenAI Bans ChatGPT Accounts Linked to Nation-State Threat Actors The AI company’s investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

‘Librarian Ghouls’ Cyberattackers Strike at Night Since at least December, the advanced persistent threat (APT) group has been using legit tools to steal data, dodge detection, and drop cryptominers on systems belonging to organizations in Russia. Jai Vijayan, Contributing Writer Go to gbhackers.com

Gartner: How Security Teams Can Turn Hype Into Opportunity During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture. Alexander Culafi, Senior News Writer, Dark Reading Go to…

SIEMs Missing the Mark on MITRE ATT&CK Techniques CardinalOps’ report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Next-Gen Developers Are a Cybersecurity Powder Keg AI coding tools promise productivity but deliver security problems, too. As developers embrace “vibe coding,” enterprises face mounting risks from insecure code generation that security teams can’t keep pace with. Pieter Danhieux Go to gbhackers.com

Cutting-Edge ClickFix Tactics Snowball, Pushing Phishing Forward Several widespread ClickFix campaigns are underway, bent on delivering malware to business targets, and they represent a new level of phishing sophistication that defenders need to be prepared for, researchers warn. Tara Seals Go to gbhackers.com

F5 Acquires Agentic AI Security Startup Fletch Agentic AI technology will be integrated into the recently launched F5 Application Delivery and Security Platform. Jeffrey Schwartz Go to gbhackers.com

BADBOX 2.0 Targets Home Networks in Botnet Campaign, FBI Warns Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Synthetic Data Is Here to Stay, but How Secure Is It? Synthetic data offers organizations a way to develop AI while maintaining privacy compliance but requires careful management to prevent re-identification risks and ensure model accuracy. Hadi Chami Go to gbhackers.com

MSFT-CrowdStrike ‘Rosetta Stone’ for Naming APTs: Meh? Microsoft and CrowdStrike announced an effort to deconflict the overlapping names of threat groups and reduce confusion for companies, but we’ve been here before. Robert Lemos, Contributing Writer Go to gbhackers.com

Prep for Layoffs Before They Compromise Security Mass layoffs create cybersecurity vulnerabilities through dormant accounts and disgruntled employees. Mercedes Cardona Go to gbhackers.com

SecOps Need to Tackle AI Hallucinations to Improve Accuracy AI is increasingly embedded into threat detection and response tools, but hallucinations can lead to false positive and inaccurate guidance. The AI-associated risk can’t be completely eradicated, but SecOps teams can take steps to at least limit the effects. Arielle Waldman Go to gbhackers.com

Digital Forensics Firm Cellebrite to Acquire Corellium Cellebrite, a controversial digital forensics firm, is set to acquire virtualization vendor Corellium in a $170 million deal. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Backdoored Malware Reels in Newbie Cybercriminals Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Questions Swirl Around ConnectWise Flaw Used in Attacks ConnectWise issued a patch to stave off attacks on ScreenConnect customers, but the company’s disclosures don’t explain what the vulnerability is and when it was first exploited. Rob Wright Go to gbhackers.com

Finding Balance in US AI Regulation The US can’t afford to wait for political consensus to catch up to technological change. John Hurley Go to gbhackers.com

Iranian APT ‘BladedFeline’ Hides in Network for 8 Years ESET published research on the Iranian APT “BladedFeline,” which researchers believe is a subgroup of the cyber-espionage entity APT34. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Cybersecurity Training in Africa Aims to Bolster Professionals’ Ranks The United Nations, Carnegie Mellon University, and private organizations are all aiming to train the next generation of cybersecurity experts, boost economies, and disrupt pipelines to armed groups. Robert Lemos, Contributing Writer Go to gbhackers.com

35K Solar Devices Vulnerable to Potential Hijacking A little more than three-quarters of these exposed devices are located in Europe, followed by Asia, with 17%. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Vishing Crew Targets Salesforce Data A group Google is tracking as UNC6040 has been tricking users into installing a malicious version of a Salesforce app to gain access to and steal data from the platform. Jai Vijayan, Contributing Writer Go to gbhackers.com

How Neuroscience Can Help Us Battle ‘Alert Fatigue’ By understanding the neurological realities of human attention, organizations can build more sustainable security operations that protect not only their digital assets but also the well-being of those who defend them. Boaz Barzel Go to gbhackers.com

Researchers Bypass Deepfake Detection With Replay Attacks An international group of researchers found that simply rerecording deepfake audio with natural acoustics in the background allows it to bypass detection models at a higher-than-expected rate. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data Malicious RubyGems pose as a legitimate plug-in for the popular Fastlane rapid development platform in a geopolitically motivated attack with global supply chain reach. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Beware of Device Code Phishing Hackers are exploiting trusted authentication flows — like Microsoft Teams and IoT logins — to trick users into handing over access tokens, bypassing MFA and slipping undetected into corporate networks. Stu Sjouwerman Go to gbhackers.com

How to Approach Security in the Era of AI Agents Organizations need to implement these five essential security controls to safely harness the power of autonomous AI agents while still protecting enterprise assets. Chris Betz Go to gbhackers.com

LayerX Launches ExtensionPedia Go to gbhackers.com

TXOne Networks Introduces Capability for Intelligent Vulnerability Mitigation Go to gbhackers.com

‘Crocodilus’ Sharpens Its Teeth on Android Users The data-stealing malware initially targeted users in Turkey but has since evolved into a global threat. Jai Vijayan, Contributing Writer Go to gbhackers.com

Victoria’s Secret Delays Earnings Call Due to Cyber Incident But that didn’t stop the clothing retailer from issuing preliminary results for the first quarter of 2025. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

LummaC2 Fractures as Acreed Malware Becomes Top Dog LummaC2 formerly accounted for almost 92% of Russian Market’s credential theft log alerts. Now, the Acreed infostealer has replaced its market share. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Chrome Drops Trust for Chunghwa, Netlock Certificates Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Chrome Drops Trust for Chunghwa, Netlock Certificates Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Is Your CISO Navigating Your Flight Path? If your CISO isn’t wielding influence with the CEO and helping top leaders clearly see the flight path ahead, your company is dangerously exposed. Richard Marcus Go to gbhackers.com

Open-Weight Chinese AI Models Drive Privacy Innovation in LLMs Edge computing and stricter regulations may usher in a new era of AI privacy. Go to gbhackers.com

EMR-ISAC Shuts Down: What Happens Now? The Emergency Management and Response – Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations. Arielle Waldman Go to gbhackers.com

Exploitation Risk Grows for Critical Cisco Bug New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say. Jai Vijayan, Contributing Writer Go to gbhackers.com

Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com