Tag: darkreading

Public-Private Ops Net Big Wins Against African Cybercrime Three cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals. Robert Lemos, Contributing Writer Go to gbhackers.com

OPSEC Nightmare: Leaking US Military Plans to a Reporter Experts say the leakage of US military plans to a reporter this month reflects a severe operational security failure on the part of US leadership. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

South African Poultry Company Reports $1M Loss After Cyber Intrusion The company reports that no sensitive information was breached or stolen in the cyber intrusion and that its operations are running normally again. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Accused Snowflake Attacker ‘Judische’ Agrees to US Extradition Though there is no confirmation as to when this extradition will occur, Alexander Moucka agreed to be transferred in writing before a judge. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

5 Considerations for a Data Loss Prevention Rollout Strong DLP can be a game-changer — but it can also become a slow-moving, overcomplicated mess if not executed properly. Michael Fox Go to gbhackers.com

Meet the Low-Key Access Broker Supercharging Russian State Cybercrime Raspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

23andMe Bankruptcy Filing May Put Sensitive Data at Risk Security experts worry the company’s Chapter 11 status and aim to sell its assets could allow threat actors to exploit and misuse the genetic information it collected. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Windows 10 End-of-Life Puts SMB at Risk Upgrading the organization’s Windows 10 systems to Windows 11 could potentially introduce vulnerabilities into the environment through misconfigured hardware. Stephen Lawton Go to gbhackers.com

Microsoft Gives Security Copilot Some Autonomy New agentic AI capabilities in Microsoft Security Copilot will allow agents to triage threats and provide recommendations. Jeffrey Schwartz Go to gbhackers.com

Chinese Hacker Group Tracked Back to iSoon APT Operation The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

FBI Warns of Document Converter Tools Due to Uptick in Scams The FBI’s Denver field office says the tools will convert documents while also dropping malware and scraping users’ systems for sensitive data. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Critical ‘IngressNightmare’ Vulns Imperil Kubernetes Environments More than 40% of all Internet-facing container orchestration clusters are at risk. Jai Vijayan, Contributing Writer Go to gbhackers.com

China-Nexus APT ‘Weaver Ant’ Caught in Yearslong Web Shell Attack The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

US Weakens Disinformation Defenses, as Russia & China Ramp Up Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies. Robert Lemos, Contributing Writer Go to gbhackers.com

Oracle Denies Claim of Oracle Cloud Breach of 6M Records A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Is the Middle East’s Race to Digitize a Threat to Infrastructure? As the region continues with its ambitious road map, cybersecurity must be woven into every step of the process. Apu Pavithran Go to gbhackers.com

What CISA’s Red Team Disarray Means for US Cyber Defenses DOGE is making wild moves at CISA, including bringing back fired probationary employees only to put them on paid leave, and reportedly gutting the agency’s red teams. Becky Bracken, Senior Editor, Dark Reading Go to gbhackers.com

Nation-State ‘Paragon’ Spyware Infections Target Civil Society Law enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers. Nate Nelson, Contributing Writer Go to gbhackers.com

Why Cyber Quality Is the Key to Security The time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security. António Vasconcelos Go to gbhackers.com

VexTrio Using 20,000 Hacked WordPress Sites in Traffic Redirect Scheme A massive cybercrime network known as “VexTrio” is using thousands of compromised WordPress sites to funnel traffic through a complex redirection scheme. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Why It’s So Hard to Stop Rising Malicious TDS Traffic Cybersecurity vendors say threat actors’ abuse of traffic distribution systems (TDS) is becoming more complex and sophisticated — and much harder to detect and block. Rob Wright Go to gbhackers.com

Ukraine Defense Sector Under Attack Via Dark Crystal RAT The UNC-200 threat group, active since last summer, has been utilizing the Signal messaging app to social engineer targets into downloading an infostealing remote access Trojan. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Are We Closing the Gender Gap in Cybersecurity? Answer: Nope. But let’s look at the trends — because they matter for security. Sharon Shochat Go to gbhackers.com

Mobile Jailbreaks Exponentially Increase Corporate Risk Both Android devices and iPhones are 3.5 times more likely to be infected with malware once “broken” and 250 times more likely to be totally compromised, recent research shows. Nate Nelson, Contributing Writer Go to gbhackers.com

India Is Top Global Target for Hacktivists, Regional APTs Global politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise. Robert Lemos, Contributing Writer Go to gbhackers.com

Critical Fortinet Vulnerability Draws Fresh Attention CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw. Jai Vijayan, Contributing Writer Go to gbhackers.com

Nation-State Groups Abuse Microsoft Windows Shortcut Exploit Trend Micro uncovered a method that nation-state threat actors are using to target victims via the Windows .Ink shortcut file extension. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Enterprises Gain Control Over LLM Oversharing With Prompt Security’s GenAI Authorization Go to gbhackers.com

Women in CyberSecurity and ISC2 Announce the WiCyS + ISC2 Certified in CybersecuritySM Certification Spring Camp Go to gbhackers.com

Infosys Settles $17.5M Class Action Lawsuit After Sprawling Third-Party Breach Several major companies in the finance sector were impacted by the third-party breach, prompting them to notify thousands of customers of their compromised data. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

AI Cloud Adoption Is Rife With Cyber Mistakes Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Why Cybersecurity Needs More Business-Minded Leaders The question is no longer “Are we compliant?” but “Are we truly resilient?” Victoria Dimmick Go to gbhackers.com

Knostic Nabs $11M to Eliminate Enterprise AI Data Leaks Go to gbhackers.com

Wireless Airspace Defense Firm Bastille Reveals Top Threats of 2025 Go to gbhackers.com

Automox Demonstrates IT and Security Impact With Launch of Precision Analytics Go to gbhackers.com

Fujifilm Signs Strategic Collaboration Agreement With Amazon Web Services Go to gbhackers.com

Duke University & GCF Partner to Identify Pathways for Advancing Women’s Careers in Cybersecurity Go to gbhackers.com

Google to Acquire Wiz for $32B in Multicloud Security Play The all-cash deal offers a path for Google to better support cloud customers who have assets spread across public environments, including Azure and others. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Microsoft Sounds Warning on Multifunctional ‘StilachiRAT’ The sneaky malware packs capabilities for system reconnaissance as well as credential and cryptocurrency theft. Jai Vijayan, Contributing Writer Go to gbhackers.com

Black Basta Leader in League With Russian Officials, Chat Logs Show Though the chat logs were leaked a month ago, analysts are now seeing that Russian officials may have assisted Black Basta members according, to the shared messages. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Extortion Reboot: Ransomware Crew Threatens Leak to Snowden Though the group initially stuck to classic ransomware TTPs before demanding the ransom, it went off script when it began threatening the group and detailing potential consequences the victim would face. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Actively Exploited ChatGPT Bug Puts Organizations at Risk A server-side request forgery vulnerability in OpenAI’s chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Orion Security Startup Tackles Insider Threats With AI The data loss prevention company emerges from stealth with an AI-powered platform to help organizations distinguish between legitimate and risky activity. Arielle Waldman Go to gbhackers.com

3 AI-Driven Roles in Cybersecurity For candidates with a cybersecurity background who want to stay competitive, now is the time to invest in obtaining AI skills. Aimei Wei Go to gbhackers.com

OAuth Attacks Target Microsoft 365, GitHub In a cyber twist, attackers behind two of the campaigns are using the apps to redirect users to phishing and malware distribution sites. Jai Vijayan, Contributing Writer Go to gbhackers.com

ClickFix Attack Compromises 100+ Car Dealership Sites The ClickFix attack tactic seems to be gaining traction among threat actors. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Lexmark Expands Print Security Services Worldwide Go to gbhackers.com

Denmark Warns of Increased Cyber Espionage Against Telecom Sector A new threat assessment from the Danish Civil Protection Authority (SAMSIK) warned of cyberattacks targeting the telecommunications sector after citing a wave of incidents hitting European organizations the past few years. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Varonis Acquires Cyral to Reinvent Database Activity Monitoring Go to gbhackers.com

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

RansomHub Taps FakeUpdates to Target US Government Sector A ransomware activity wave using the SocGholish MaaS framework for initial access also has affected banking and consulting firms in the US, Taiwan, and Japan since the beginning of the year. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

How ‘Open Innovation’ Can Help Solve Problems Faster, Better & Cheaper Cybersecurity is not just a technical challenge but also a very human one. The more humans that organizations can get involved, the more diverse perspectives and experiences that can be tapped into. Javvad Malik Go to gbhackers.com

How Economic Headwinds Influence the Ransomware Ecosystem Inflation, cryptocurrency market volatility, and the ability to invest in defenses all influence the impact and severity of a ransomware attack, according to incident response efforts and ransomware negotiators. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Iran Threatens Israel’s Critical Infrastructure With ‘Polonium’ Proxy Cyber mimics life, as Iran uses Lebanese hackers to attack its bête noire. Nate Nelson, Contributing Writer Go to gbhackers.com

Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms A stealthy malware is infecting the systems of telecoms and other verticals in Thailand, remaining under the radar for two years after its code first appeared on VirusTotal. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Proxy Trojan Targets macOS Users for Traffic Redirection Apple users who end up with the Trojan on their machines face a number of bad outcomes, including potential criminal liability. Nathan Eddy, Contributing Writer Go to gbhackers.com

ProvenRun Secures €15M Series A to Accelerate its Growth Go to gbhackers.com

Cloudbrink Presents Firewall-as-Service for the Hybrid Workplace Go to gbhackers.com

Energy One Investigates Cyberattack Energy One is trying to determine the initial point of entry and whether personal information has been compromised. Dark Reading Staff Go to gbhackers.com

Considerations for Reducing Risk When Migrating to the Cloud Proper planning is an essential part of reducing security and compliance risks before, during, and after a migration to a new cloud environment. Rob Sadowski Go to gbhackers.com

Somalia Orders ISPs to Block Telegram and TikTok Officials said the apps were used to “spread horrific content and misinformation to the public.” Dan Raywood, Senior Editor, Dark Reading Go to gbhackers.com

South African Department of Defence Denies Stolen Data Claims Attackers leaked 1.6TB of stolen data, which government officials dismissed as “fake news.” Dan Raywood, Senior Editor, Dark Reading Go to gbhackers.com

UK Agrees to Support Kuwait’s Cybersecurity Center The UK has agreed to help the Kuwaitis meet their stated goal of information-sharing and achieving globally coordinated incident response going forward. Dark Reading Staff Go to gbhackers.com

Intel’s Secure Data Tunnel Moves AI Training Models to Data Sources The chip maker’s Tiber Secure Federated AI service creates a secure tunnel between AI models on remote servers and data sources on origin systems. Agam Shah Go to gbhackers.com

Threat Actor Impersonates Booking.com in Phishing Scheme Microsoft detailed a sophisticated campaign that relies on a social engineering technique, “ClickFix,” in which a phisher uses security verification like captcha to give the target a false sense of safety. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Man-in-the-Middle Vulns Provide New Research Opportunities for Car Security A pair of researchers plan on detailing effective tools to dig into the effectiveness of vehicle cybersecurity without breaking the bank. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Ransomware Developer Extradited, Admits Working for LockBit Law enforcement discovered admin credentials on the suspect’s computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Threat Actor Tied to LockBit Ransomware Targets Fortinet Users The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

CISA Cuts $10M in ISAC Funding & 100s of Employees President Trump has long complained about perceived threats to election security. Now his DHS has kneecapped the agencies designed to support it. Experts are worried about what comes next. Nate Nelson, Contributing Writer Go to gbhackers.com

Biggest Cyber Threats to the Healthcare Industry Today Healthcare organizations must enhance their cybersecurity arsenal. Doing so can help them prevent financial, compliance, and reputational damage. Bhavya Jain Go to gbhackers.com

Remote Access Infra Remains Riskiest Corp. Attack Surface Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance. Robert Lemos, Contributing Writer Go to gbhackers.com

OBSCURE#BAT Malware Highlights Risks of API Hooking Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit. Rob Wright Go to gbhackers.com

Car Exploit Allows You to Spy on Drivers in Real Time Just like with any regular computer, researchers figured out how to crack into, force restart, and upload malware to an aftermarket in-vehicle infotainment system. Nate Nelson, Contributing Writer Go to gbhackers.com

Salt Typhoon: A Wake-up Call for Critical Infrastructure The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape. Gabrielle Hempel Go to gbhackers.com

F5 Integrates API Security and Networking to Address AI Onslaught The new The F5 Application Delivery Controller and Security Platform combines BIG-IP, NGNIX and Distributed Cloud Services and new AI Gateway and AI Assistants. Jeffrey Schwartz Go to gbhackers.com

OpenAI Operator Agent Used in Proof-of-Concept Phishing Attack Researchers from Symantec showed how OpenAI’s Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Abu Dhabi Guidelines Offer Blueprint for Cybersecurity in Health Following increasing attacks on healthcare organizations, the United Arab Emirates has refined its regulatory strategy for improving cybersecurity in healthcare. Robert Lemos, Contributing Writer Go to gbhackers.com

China-Backed Hackers Backdoor US Carrier-Grade Juniper MX Routers Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called “TinyShell.” Rob Wright Go to gbhackers.com

Apple Drops Another WebKit Zero-Day Bug A threat actor leveraged the vulnerability in an “extremely sophisticated” attack on targeted iOS users, the company says. Jai Vijayan, Contributing Writer Go to gbhackers.com

Volt Typhoon Strikes Massachusetts Power Utility The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

‘Ballista’ Botnet Exploits 2023 Vulnerability in TP-Link Routers In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it’s being used once more for another botnet campaign with its own malware. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

The CISO as Business Resilience Architect To truly become indispensable in the boardroom, CISOs need to meet the dual demands of defending against sophisticated adversaries while leading resilience strategies. Randolph Barr Go to gbhackers.com

Whopping Number of Microsoft Zero-Days Under Attack The number of zero-day vulnerabilities getting patched in Microsoft’s March update is the company’s second largest ever. Jai Vijayan, Contributing Writer Go to gbhackers.com

Trump Taps Sean Plankey To Fill Empty CISA Director Chair Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Hot Button Facebook Ads Tag Middle East, N. Africa Victims A Libya-linked threat actor has resurfaced, using the same old political phishing tricks to deliver AsyncRAT that have worked for years. Nate Nelson, Contributing Writer Go to gbhackers.com

Democratizing Security to Improve Security Posture Analysts weigh in on how democratizing cybersecurity could benefit organizations, particularly SMBs, as threats increase across the landscape. Arielle Waldman Go to gbhackers.com

‘SideWinder’ Intensifies Attacks on Maritime Sector The likely India-based threat group is also targeting logistics companies in a continued expansion of its activities. Jai Vijayan, Contributing Writer Go to gbhackers.com

Google Pays Out Nearly $12M in 2024 Bug Bounty Program The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

APT ‘Blind Eagle’ Targets Colombian Government The South American-based advanced persistent threat group is using an exploit with a “high infection rate,” according to research from Check Point. Alexander Culafi, Senior News Writer, Dark Reading Go to gbhackers.com

Ex-Employee Found Guilty in Revenge Kill-Switch Scheme Clandestine kill switch was designed to lock out other users if the developer’s account in the company’s Windows Active Directory was ever disabled. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

When Seconds Count: How to Survive Fast-and-Furious DDoS Microbursts In the battle against two-minute micro-attacks that can knock out critical communication services, the difference between success and failure can literally come down to seconds. Jérôme Meyer Go to gbhackers.com

MITRE EMB3D for OT & ICS Threat Modeling Takes Flight Manufacturers and infrastructure providers are gaining options to satisfy regulations and boost cyber safety for embedded and industrial control systems, as EMB3D, STRIDE, and ATT&CK for ICS gain traction. Robert Lemos, Contributing Writer Go to gbhackers.com

‘Spearwing’ RaaS Group Ruffles Feathers in Cyber Threat Scene The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high ransoms. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

Static Scans, Red Teams and Frameworks Aim to Find Bad AI Models With hundreds of AI models found to harbor malicious code, cybersecurity firms are releasing technology to help companies manage their AI development and deployment efforts. Robert Lemos, Contributing Writer Go to gbhackers.com

Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers’ most prized attack tools, with massive takedowns. Nate Nelson, Contributing Writer Go to gbhackers.com

Zero-Days Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week. Rob Wright Go to gbhackers.com

Taylor Swift Ticket Thieves Charged in Court for Resale Operation The pair found a loophole through StubHub’s services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars. Kristina Beek, Associate Editor, Dark Reading Go to gbhackers.com

How Cyberattacks Affect Your Staff Businesses have a responsibility to safeguard their workforce, which is best achieved by preparing and equipping the whole organization to better face these worst-case cyber scenarios. Chris Butler Go to gbhackers.com

Intel Maps New vPro Chips to MITRE’s ATT&CK Framework The PC Security Stack Mappings project improves the security posture of corporate PCs by aligning each of the security features found in vPro PC and Core Ultra chips with the techniques described in MITRE’s ATT&CK. Agam Shah Go to gbhackers.com

Armis Acquires OTORIO to Expand OT Exposure Management Platform Armis will integrate OTORIO’s Titan platform with its cloud-based Centrix, bringing an on-premise option to the cloud-only offering. Jeffrey Schwartz Go to gbhackers.com