Tag: darkreading

Cyberattacks Intensify Pressure on Latin American Governments Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector. Robert Lemos Go to gbhackers.com

Venom Stealer MaaS Platform Commoditizes ClickFix Attacks A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks. Elizabeth Montalbano Go to gbhackers.com

Are We Training AI Too Late? Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors. Nishawn Smagh Go to gbhackers.com

Axios NPM Package Compromised in Precision Attack The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors. Alexander Culafi Go to gbhackers.com

Google’s Vertex AI Has an Over-Privileged Problem Palo Alto researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure. Jai Vijayan Go to gbhackers.com

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials The threat group’s shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. Rob Wright Go to gbhackers.com

Rethinking Vulnerability Management Strategies for Mid-Market Security Intruder’s Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management. Terry Sweeney Go to gbhackers.com

AI and Quantum Are Forcing a Rethink of Digital Trust In a conversation with Dark Reading’s Terry Sweeney, DigiCert CEO Amit Sinha explains how AI-driven identities and quantum threats are reshaping the foundations of digital trust. Terry Sweeney Go to gbhackers.com

Black Hat USA Go to gbhackers.com

AI-Powered ‘DeepLoad’ Malware Steals Credentials, Evades Detection The massive amount of junk code that hides the malware’s logic from security scans was almost certainly generated by AI, researchers say. Jai Vijayan Go to gbhackers.com

Fortinet BIG-IP Vulnerability Reclassified as RCE, Under Exploitation CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous. Rob Wright Go to gbhackers.com

Manufacturing and Healthcare Share Struggles with Passwords The two key economic sectors struggle with security for a reason: Many insiders view access management as a roadblock, while attackers see it as a way in. Arielle Waldman Go to gbhackers.com

Storm Brews Over Critical, No-Click Telegram Flaw The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists. Elizabeth Montalbano Go to gbhackers.com

China Upgrades the Backdoor It Uses to Spy on Telcos Globally Chinese APT Red Menshen’s super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down. Nate Nelson Go to gbhackers.com

Wartime Usage of Compromised IP Cameras Highlight Their Danger The list of countries exploiting internet-connected cameras to give them eye’s inside their adversaries’ borders continues to expand, with Russia, Iran, Israel, Ukraine, and the United States all using the tactic. What should companies look out for? Robert Lemos Go to gbhackers.com

Infrastructure Attacks With Physical Consequences Down 25% Operational technology (OT) at industrial and critical infrastructure sites seem to have been benefitting from a lull in ransomware, and hackers’ relative ignorance of OT systems. Nate Nelson Go to gbhackers.com

Google Sets 2029 Deadline for Quantum-Safe Cryptography The post-quantum future may be coming sooner than you think, as Google plans to have PQC migration in place by 2029. Alexander Culafi Go to gbhackers.com

Is the FCC’s Router Ban the Wrong Fix? The agency put foreign-made consumer routers on its list of prohibited communications devices, but the ban could create more problems down the road. Jai Vijayan Go to gbhackers.com

Critical Flaw in Langflow AI Platform Under Attack Threats actors pounced on the code injection vulnerability within hours of its disclosure, demonstrating that organizations have little time to address critical bugs. Rob Wright Go to gbhackers.com

How Organizations Can Use Blunders to Level Up Their Security Programs The industry highlights how organizations repeatedly make common security mistakes but one session during RSAC detailed ways to avoid them. Arielle Waldman Go to gbhackers.com

AI-Powered Dependency Decisions Introduce, Ignore Security Bugs AI models often hallucinate or make costly mistakes when tasked with recommending software versions, upgrade paths, and security fixes — leading to significant technical debt. Rob Wright Go to gbhackers.com

Intermediaries Driving Global Spyware Market Expansion Third-party resellers and brokers foil transparency efforts and allow spyware to spread despite government restrictions, a study finds. Robert Lemos Go to gbhackers.com

At RSAC, the EU Leads While US Officials Are Sidelined While US government sits out this year, EU officials are on the ground in San Francisco leading the conversations on today’s top cybersecurity challenges. Becky Bracken Go to gbhackers.com

Blame Game: Why Public Cyber Attribution Carries Risks Publicly accusing an entity of a cyberattack could have negative consequences that organizations should consider before taking the plunge. Alexander Culafi Go to gbhackers.com

Phishers Pose as Palo Alto Networks’ Recruiters for Months in Job Scam A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles. Elizabeth Montalbano Go to gbhackers.com

SANS: Top 5 Most Dangerous New Attack Techniques to Watch For the first time, SANS Institute’s five top attack techniques all have one thing in common – AI. Becky Bracken Go to gbhackers.com

Why a ‘Near Miss’ Database Is Key to Improving Information Sharing Organizations disclose attack details, though information may be limited, following a breach, but what if they did the same with close calls? Arielle Waldman Go to gbhackers.com

AI-Native Security Is a Must to Counter AI-Based Attacks Attacks by artificial intelligence agents are a reality. Experts at Nvidia’s GTC conference say defenders need to use the same tools to fight them off. Agam Shah Go to gbhackers.com

Iran Hacktivists Make Noise but Have Little Impact on War Iran-aligned groups are trying to make their mark in the Gulf, but the results have fallen short of remarkable. Nate Nelson Go to gbhackers.com

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx’s KICS and VS Code plug-ins, and the LiteLLM AI library — and all signs point to more attacks to come. Jai Vijayan Go to gbhackers.com

How AI Coding Tools Crushed the Endpoint Security Fortress Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have brought the walls down. Rob Wright Go to gbhackers.com

GitHub ‘OpenClaw Deployer’ Repo Delivers Trojan Instead An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game cheats. Elizabeth Montalbano Go to gbhackers.com

How a Large Bank Uses AI Digital Twins for Threat Hunting JPMorgan Chase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts. Bree Fowler Go to gbhackers.com

How a Large Bank Uses AI Digital Twins for Threat Hunting JPMorgan Chase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts. Bree Fowler Go to gbhackers.com

Microsoft Proposes Better Identity, Guardrails for AI Agents Companies need better controls to manage key threats rising from the growth of agentic AI. These new features provide a starting point. Robert Lemos Go to gbhackers.com

AI in the SOC: What Could Go Wrong? Two cybersecurity leaders tested out AI in their respective SOCs for six months — and here’s what they learned. Becky Bracken Go to gbhackers.com

Trivy Supply Chain Attack Targets CI/CD Secrets A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets. Jai Vijayan Go to gbhackers.com

CISOs Debate Human Role in AI-Powered Security The idea of a “human in the loop” in AI deployment was challenged during a security executive panel at the RSAC 2026 Conference this week. Alexander Culafi Go to gbhackers.com

Attackers Hide Infostealer in Copyright Infringement Notices A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detection. Elizabeth Montalbano Go to gbhackers.com

AI Dominates RSAC Innovation Sandbox The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year. Dark Reading Staff Go to gbhackers.com

Patch Now: Oracle’s Fusion Middleware Has Critical RCE Flaw Attackers can execute arbitrary code without authentication if Oracle’s Identity or Web Services Managers are exposed to the Web. Nate Nelson Go to gbhackers.com

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP. Robert Lemos Go to gbhackers.com

Interlock Ransomware Targets Cisco Enterprise Firewalls The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed. Alexander Culafi Go to gbhackers.com

AI Conundrum: Why MCP Security Can’t Be Patched Away MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says at RSAC 2026 Conference. Jai Vijayan Go to gbhackers.com

EU Sanctions Companies in China, Iran for Cyberattacks Already sanctioned in the US and the UK, these rulings prohibit companies and a couple of principals from entering or doing business in the European Union. Nate Nelson Go to gbhackers.com

C2 Implant ‘SnappyClient’ Targets Crypto Wallets In addition to enabling remote access, the malware supports a wide range of capabilities, including data theft and spying. Jai Vijayan Go to gbhackers.com

DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike A sophisticated iOS exploit chain leverages multiple zero-day vulnerabilities and is targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine. Alexander Culafi Go to gbhackers.com

‘Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft A prompt injection vulnerability paired with other flaws can turn a Google search into a full attack chain that could threaten enterprise networks. Elizabeth Montalbano Go to gbhackers.com

SideWinder Espionage Campaign Expands Across Southeast Asia The suspected India-linked threat group targets governments, telecom, and critical infrastructure using spear-phishing, old vulnerabilities, and rapidly rotating infrastructure to maintain persistent access. Robert Lemos Go to gbhackers.com

Meta, TikTok Steal Users’ Sensitive PII When They Click on Ads Tracking pixels let social media companies spy on their own customers when they click over to advertiser sites, gleaning credit card info, currency type, and more. Nate Nelson Go to gbhackers.com

More Attackers Are Logging In, Not Breaking In Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering. Jai Vijayan Go to gbhackers.com

Less Lucrative Ransomware Market Makes Attackers Alter Methods Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges. Alexander Culafi Go to gbhackers.com

Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish The cyberattackers leveraged trusted brands and domains in an attempt to redirect a C-suite executive at Outpost24 to give up his credentials. Jai Vijayan Go to gbhackers.com

Warlock Ransomware Group Augments Post-Exploitation Activities In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools. Elizabeth Montalbano Go to gbhackers.com

China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years Researchers uncovered an extensive cyberespionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets. Rob Wright Go to gbhackers.com

GlassWorm Malware Evolves to Hide in Dependencies Researchers have identified dozens of malicious GlassWorm extensions that come with new evasion techniques. Alexander Culafi Go to gbhackers.com

Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 Discover how Franz Regul, former CISO for the Paris 2024 Olympics, tackled unique cybersecurity challenges to protect the Olympics from evolving threats. Kristina Beek Go to gbhackers.com

Attackers Abuse LiveChat to Phish Credit Card, Personal Data A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info. Elizabeth Montalbano Go to gbhackers.com

Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos The excitement around Cisco’s latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked risks. Nate Nelson Go to gbhackers.com

Will AI Save Consumers From Smartphone-Based Phishing Attacks? Sophisticated phishing attacks are bypassing on-device protections with troubling frequency, making it more critical than ever for users to protect themselves from potential threats, new research from Omdia shows. Hollie Hennessy, Aaron West Go to gbhackers.com

Real-Time Banking Trojan Strikes Brazil’s Pix Users The latest banking Trojan campaign to hit Brazil combines classic malware with a real-time human operator, waiting for the perfect moment to strike. Alexander Culafi Go to gbhackers.com

Iran MOIS Colludes With Criminals to Boost Cyberattacks Iranian APTs have long pretended to be cybercriminal groups. Now they’re working with actual cybercriminal groups. Nate Nelson Go to gbhackers.com

Commercial Spyware Opponents Fear US Policy Shifting Rescinded sanctions and reactivated contracts have created confusion about the Trump administration’s spyware policy and where it draws the line. Rob Wright Go to gbhackers.com

Why Stryker’s Outage Is a Disaster Recovery Wake-Up Call The Iranian cyberattack on Stryker is the kind of stress test that business continuity and disaster recovery programs often do not plan for. Jai Vijayan Go to gbhackers.com

INC Ransomware Group Holds Healthcare Hostage in Oceania Government agencies, emergency clinics, and others in Australia, New Zealand, and Tonga have had serious run-ins with the prolific ransomware outfit. Nate Nelson Go to gbhackers.com

Xygeni GitHub Action Compromised Via Tag Poison Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni’s xygeni/xygeni-action in that time. Alexander Culafi Go to gbhackers.com

Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict Two attacks on Qatari entities signal a shift in focus for China-backed actors and demonstrate how quickly they can pivot in response to geopolitical events. Elizabeth Montalbano Go to gbhackers.com

Middle East Conflict Highlights Cloud Resilience Gaps Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well. Robert Lemos Go to gbhackers.com

Microsoft Patches 83 CVEs in March Update For a change, there’s little in this month’s Patch Tuesday that should cause panic, according to security experts. Jai Vijayan Go to gbhackers.com

‘Overly Permissive’ Salesforce Cloud Configs in the Crosshairs Some customers have mishandled guest user configurations otherwise intended to allow third-party access to important — and sensitive — client data. Alexander Culafi Go to gbhackers.com

Russian Threat Actor Sednit Resurfaces With Sophisticated Toolkit After several years of using simple implants, the Russia-affiliated actor is back with two new sophisticated malware tools. Jai Vijayan Go to gbhackers.com

‘BlackSanta’ EDR Killer Targets HR Workflows A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection. Elizabeth Montalbano Go to gbhackers.com

White House Cyber Strategy Prioritizes Offense In a seven-page strategy document, the Trump administration signaled a shift to preemption and deterrence to handling cyber threats. Jai Vijayan Go to gbhackers.com

‘InstallFix’ Attacks Spread Fake Claude Code Sites A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces. Rob Wright Go to gbhackers.com

Are We Ready for Auto Remediation With Agentic AI? With the rapid innovations in AI, we are entering an exciting era of automated risk remediation. Learn about security team readiness to leverage agentic AI for threat and exposure management. Melinda Marks Go to gbhackers.com

Chinese Cyber Threat Lurks In Critical Asian Sectors for Years An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying. Elizabeth Montalbano Go to gbhackers.com

Cylake Offers AI-Native Security Without Relying on Cloud Services Cylake’s platform will analyze security data locally and identify potential attacks for organizations concerned about data sovereignty. Dark Reading Staff Go to gbhackers.com

North Korean APTs Use AI to Enhance IT Worker Scams DPRK worker scams are old hat, but they’re still working, thanks to AI tools that help with everything from face swapping to daily emails. Nate Nelson Go to gbhackers.com

EU Auto Rules Shift Gears on Cybersecurity Standards The European Union is taking new precautions as climate change and cybersecurity threats rise across the automotive industry. Arielle Waldman Go to gbhackers.com

Iran’s Cyber-Kinetic War Doctrine Takes Shape Iran has been hacking IP cameras to plan missile strikes against its enemies, and mounting other attacks on physical assets, showing how cyber and kinetic warfare are fast becoming one in the same. Alexander Culafi Go to gbhackers.com

Cyberattack on Mexico’s Gov’t Agencies Highlight AI Threat Using Anthropic’s Claude, OpenAI’s ChatGPT, and a detailed playbook prompt, a handful of cyberattackers reportedly gained access to government agencies and its citizens’ data. Robert Lemos Go to gbhackers.com

Nation-State Actor Embraces AI Malware Assembly Line Pakistan’s APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses. Jai Vijayan Go to gbhackers.com

Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses. Rob Wright Go to gbhackers.com

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical Edge bugs are so fetch, and Cisco just dropped 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale. Nate Nelson Go to gbhackers.com

Software Development Practices Help Enterprises Tackle Real-Life Risks Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error. Arielle Waldman Go to gbhackers.com

LatAm Now Faces 2x More Cyberattacks Than US Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage. Nate Nelson Go to gbhackers.com

VMware Aria Operations Bug Exploited, Cloud Resources at Risk Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims’ cloud environments. Alexander Culafi Go to gbhackers.com

Stranger Things Meets Cybersecurity: Lessons from the Hive Mind Events and concepts from the Stranger Things television series illustrate how enterprises can defend their networks and stay “right side up.” Nadir Izrael Go to gbhackers.com

Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants.…

Vehicle Tire Pressure Sensors Enable Silent Tracking Like many other features and systems in modern cars, tire pressure sensors leak sensitive data that can be abused by threat actors. Jai Vijayan Go to gbhackers.com

Qualcomm Zero-Day Exploited in Targeted Android Attacks The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. Alexander Culafi Go to gbhackers.com

Speakeasies to Shadow AI: Banning AI Browsers Will Fail Lessons from history highlight why AI-enabled browsers require controlled enablement. Or Eshed Go to gbhackers.com

AI Agent Overload: How to Solve the Workload Identity Crisis Workloads keep getting more complicated and organizations are struggling to keep up. So what’s the play? Alexander Culafi Go to gbhackers.com

As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks Iran and its supporters have taken to cyberspace to retaliate for US-Israeli military action, with an aim to cause economic and physical disruption. Elizabeth Montalbano Go to gbhackers.com

Critical OpenClaw Vulnerability Exposes AI Agent Risks The now-patched flaw is the latest in a growing string of security issues associated with the viral AI tool, which has seen rapid adoption among developers. Jai Vijayan Go to gbhackers.com

30 Alleged Members of ‘The Com’ Arrested in Project Compass The global law enforcement crackdown, which began in January 2025, also identified nearly 180 members of the notorious cybercriminal collective. Rob Wright Go to gbhackers.com

Bug in Google’s Gemini AI Panel Opens Door to Hijacking Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. Elizabeth Montalbano Go to gbhackers.com

Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL HBO’s “The Pitt” is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack. Nate Nelson Go to gbhackers.com

Cities Hosting Major Events Need More Focus on Wireless, Drone Defense Major events like the FIFA World Cup need to look beyond traditional physical and cyber security to active and passive wireless threats, say experts. Robert Lemos Go to gbhackers.com

The Case for Why Better Breach Transparency Matters It’s become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all. Elizabeth Montalbano Go to gbhackers.com