Tag: darkreading

Claude Code Security Shows Promise, Not Perfection Claude Code’s introduction rippled across the stock market, but researchers and analysts say its impact was overstated, as they peel back the layers. Alexander Culafi Go to gbhackers.com

Marquis v. SonicWall Lawsuit Ups the Breach Blame Game When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provider. Nate Nelson Go to gbhackers.com

Cisco SD-WAN Zero-Day Under Exploitation for 3 Years The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. Rob Wright Go to gbhackers.com

Flaws in Claude Code Put Developers’ Machines at Risk The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains. Jai Vijayan Go to gbhackers.com

RAMP Forum Seizure Fractures Ransomware Ecosystem Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves. Alexander Culafi Go to gbhackers.com

Chinese Police Use ChatGPT to Smear Japan PM Takaichi A Chinese keyboard warrior inadvertently leaked information about politically motivated influence operations through a ChatGPT account. Nate Nelson Go to gbhackers.com

Malicious Next.js Repos Target Developers Via Fake Job Interviews Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent access to infected machines. Elizabeth Montalbano Go to gbhackers.com

Why ‘Call This Number’ TOAD Emails Beat Gateways Attackers are bypassing email gateways through telephone-oriented attack delivery (TOAD), in which the only email payload is a phone number. Alexander Culafi Go to gbhackers.com

‘Richter Scale’ Model Measures Magnitude of OT Cyber Incidents ICS/OT experts have devised a scoring system for rating the severity and effects of cybersecurity events in operational technology environments. Kelly Jackson Higgins Go to gbhackers.com

Operation Red Card 2.0 Leads to 651 Arrests in Africa In the latest operation targeting cybercrime groups, African law enforcement agencies cooperated with Interpol and cybersecurity firms to recover more than USD 4.3 million. Robert Lemos Go to gbhackers.com

Attackers Now Need Just 29 Minutes to Own a Network Credential misuse, AI tools, and security blind spots help attackers move through breached networks faster than ever, CrowdStrike finds. Jai Vijayan Go to gbhackers.com

Lazarus Group Picks a New Poison: Medusa Ransomware The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks. Rob Wright Go to gbhackers.com

As Cybersecurity Firms Chase AI, VC Market Skyrockets Investments in cybersecurity startups took off in 2025, as venture capital firms focused not just on AI-native tech, but talent as well. Robert Lemos Go to gbhackers.com

Spitting Cash: ATM Jackpotting Attacks Surged in 2025 The attacks cost banks more than $20 million in losses last year, as criminals used many of the same tools and tactics they have wielded for more than a decade. Jai Vijayan Go to gbhackers.com

Iran’s MuddyWater Targets Orgs With Fresh Malware as Tensions Mount The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa. Elizabeth Montalbano Go to gbhackers.com

Enigma Cipher Device Still Holds Secrets for Cyber Pros The Nazi relic’s history is riddled with resilience errors, and those lessons still apply to defending against modern cyber threats. Becky Bracken Go to gbhackers.com

Attackers Use New Tool to Scan for React2Shell Exposure Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation. Nate Nelson Go to gbhackers.com

‘God-Like’ Attack Machines: AI Agents Ignore Security Policies Microsoft Copilot recently summarized and leaked user emails; but any AI agent will go above and beyond to complete assigned tasks, even breaking through their carefully designed guardrails. Robert Lemos Go to gbhackers.com

Lessons From AI Hacking: Every Model, Every Layer Is Risky After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities. Robert Lemos Go to gbhackers.com

Latin America’s Cyber Maturity Lags Threat Landscape The slower pace of upgrades has the unintended impact of creating a haven for attackers, especially for initial access brokers and ransomware gangs. Alexander Culafi Go to gbhackers.com

Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges As scaled-down circuits with limited functions redefine computing for AI systems and autonomous vehicles, their flexibility demands new approaches to safeguard critical infrastructure. Agam Shah Go to gbhackers.com

Supply Chain Attack Secretly Installs OpenClaw for Cline Users The malicious version of Cline’s npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed. Rob Wright Go to gbhackers.com

Best-in-Class ‘Starkiller’ Phishing Kit Bypasses MFA A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites. Nate Nelson Go to gbhackers.com

Abu Dhabi Finance Week Exposed VIP Passport Details Unprotected cloud data sends the wrong signal at a time when the emirate’s trying to attract investors and establish itself as a global financial center. Jai Vijayan Go to gbhackers.com

Connected and Compromised: When IoT Devices Turn Into Threats Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things’ attack surfaces more dangerous. Arielle Waldman Go to gbhackers.com

More Than 40% of South Africans Were Scammed in 2025 Survey underscores the reality that scammers follow “scalable opportunities and low friction,” rather than rich targets that tend to be better protected. Nate Nelson, Contributing Writer Go to gbhackers.com

Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto A convincing presale site for phony “Google Coin” features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users. Jai Vijayan, Contributing Writer Go to gbhackers.com

Dell’s Hard-Coded Flaw: A Nation-State Goldmine A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware. Alexander Culafi Go to gbhackers.com

A CISO’s Playbook for Defending Data Assets Against AI Scraping Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data harvesting. Areejit Banerjee Go to gbhackers.com

Singapore & Its 4 Major Telcos Fend Off Chinese Hackers After detecting a zero-day attack, the country’s effective response was attributed to the tight relationship between its government and private industry. Robert Lemos, Contributing Writer Go to gbhackers.com

Supply Chain Attack Embeds Malware in Android Devices Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge. Jai Vijayan, Contributing Writer Go to gbhackers.com

Poland Energy Survives Attack on Wind, Solar Infrastructure Russia-aligned groups are probable culprits behind the wiper attacks against renewable energy farms, a manufacturer, and a heating and power plant. Alexander Culafi Go to gbhackers.com

RMM Abuse Explodes as Hackers Ditch Malware It’s the path of lesser resistance, as remote monitoring and management (RMM) software offers stealth, persistence, and operational efficiency. Rob Wright Go to gbhackers.com

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Operation DoppelBrand: Weaponizing Fortune 500 Brands The GS7 cyberthreat group targets US financial institutions with near-perfect imitations of corporate portals to steal credentials and gain remote access. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

260K+ Chrome Users Duped by Fake AI Browser Extensions 30 copycat apps tricked users, and Google itself, into thinking they’re legitimate AI tools. Nate Nelson, Contributing Writer Go to gbhackers.com

Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities Zscaler’s acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks are also investing in secure browser technologies. Jeffrey Schwartz Go to gbhackers.com

Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight. Rob Wright Go to gbhackers.com

Nation-State Hackers Put Defense Industrial Base Under Siege Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors’ networks. Robert Lemos, Contributing Writer Go to gbhackers.com

AI Agents ‘Swarm,’ Security Complexity Follows Suit As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface. Alexander Culafi Go to gbhackers.com

Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again It’s time to phase out the “patch and pray” approach, eliminate needless public interfaces, and enforce authentication controls, one expert says. Nate Nelson, Contributing Writer Go to gbhackers.com

Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes. Go to gbhackers.com

SpecterOps Launches BloodHound Scentry to Accelerate the Practice of Identity Attack Path Management Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging threats. Go to gbhackers.com

Gone With the Shame: One in Two Americans Are Reluctant to Talk About Romance Scam Incidents Men should take extra care on Valentine’s Day because they are nearly twice as likely as women to fall victim to romance scams. Go to gbhackers.com

Senegalese Data Breaches Expose Lack of ‘Security Maturity’ Green Blood Group steals personal records and biometric data of the West African nation’s nearly 20 million residents. Nate Nelson, Contributing Writer Go to gbhackers.com

North Korea’s UNC1069 Hammers Crypto Firms With AI In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix. Alexander Culafi Go to gbhackers.com

AI Rising: Do We Know Enough About the Data Populating It? Organizations remain reluctant to address the fact that AI can dangerously expose business operations as well as personal data. Adam Strange Go to gbhackers.com

Top Cyber Industry Defenses Spike CO2 Emissions Organizations can improve their climate footprints by optimizing two specific cybersecurity protections, without incurring added risks. Nate Nelson, Contributing Writer Go to gbhackers.com

Asia Fumbles With Throttling Back Telnet Traffic in Region Only Taiwan made the top 10 list of governments, effectively blocking the threat-ridden protocol, but overall the region lagged in curbing Telnet traffic. Robert Lemos, Contributing Writer Go to gbhackers.com

SolarWinds WHD Attacks Highlight Risks of Exposed Apps Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers. Rob Wright Go to gbhackers.com

In Bypassing MFA, ZeroDayRAT Is ‘Textbook Stalkerware’ With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineering. Alexander Culafi Go to gbhackers.com

Microsoft Patches 6 Actively Exploited Zero-Days Three of those zero-days are security feature bypass flaws, which give attackers a way to slip past built-in protections in multiple Microsoft products. Jai Vijayan, Contributing Writer Go to gbhackers.com

OT Attacks Get Scary With ‘Living-off-the-Plant’ Techniques Ironically, security by obscurity has helped prevent dangerous OT attacks in recent years. It won’t be that way forever. Nate Nelson, Contributing Writer Go to gbhackers.com

TransUnion’s Real Networks Deal Focuses on Robocall Blocking The acquisition allows the credit reporting agency to add SMS spam and scam prevention to its robocall blocking capabilities. Jeffrey Schwartz Go to gbhackers.com

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs The ransomware group breached SmarterTools through a vulnerability in the company’s own SmarterMail product. Alexander Culafi Go to gbhackers.com

TeamPCP Turns Cloud Infrastructure into Crime Bots The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces. Jai Vijayan, Contributing Writer Go to gbhackers.com

Black Basta Bundles BYOVD With Ransomware Payload Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta’s ransomware, illustrating the increasing popularity of the defense-evasion technique. Rob Wright Go to gbhackers.com

“Encrypt It Already” Campaign Pushes Big Tech to Prioritize E2E Encryption The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption by default across their services, as privacy concerns mount amid increased AI use. Arielle Waldman Go to gbhackers.com

Shai-hulud: The Hidden Cost of Supply Chain Attacks Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify. Alexander Culafi Go to gbhackers.com

OpenClaw’s Gregarious Insecurities Make Safe Usage Difficult Malicious “skills” and persnickety configuration settings are just some of the issues that security researchers have found when installing — and removing — the OpenClaw AI assistant. Robert Lemos, Contributing Writer Go to gbhackers.com

Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful A disconnect exists between the organization’s cybersecurity needs and lists like CISA’s KEV Catalog. KEV Collider combines data from multiple open-source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities. Robert Lemos, Contributing Writer Go to gbhackers.com

EnCase Driver Weaponized as EDR Killers Persist The forensic tool’s driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it. Rob Wright Go to gbhackers.com

Agentic AI Site ‘Moltbook’ Is Riddled With Security Risks Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly accessible API. Nate Nelson, Contributing Writer Go to gbhackers.com

Cyber Success Trifecta: Education, Certifications & Experience Colonel Georgeo Xavier Pulikkathara, CISO at iMerit discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of AI-driven cybersecurity evolution. Kristina Beek Go to gbhackers.com

Protests Don’t Impede Iranian Spying on Expats, Syrians, Israelis Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering. Nate Nelson, Contributing Writer Go to gbhackers.com

Ransomware Gang Goes Full ‘Godfather’ With Cartel Since its launch in 2023, DragonForce has pushed a cartel model, emphasizing cooperation and coordination among ransomware gangs. Jai Vijayan, Contributing Writer Go to gbhackers.com

CISA Makes Unpublicized Ransomware Updates to KEV Catalog A third of the “flipped” CVEs affected network edge devices, leading one researcher to conclude, “Ransomware operators are building playbooks around your perimeter.” Rob Wright Go to gbhackers.com

Attackers Use Windows Screensavers to Drop Malware, RMM Tools By tapping the unusual .scr file type, attackers leverage “executables that don’t always receive executable-level controls,” one researcher noted. Alexander Culafi Go to gbhackers.com

Extra Extra! Announcing DR Global: Latin America Dark Reading has something new hitting the newsstand: a content section purpose-built for Latin American readers, featuring news, analysis, features, and multimedia. Tara Seals Go to gbhackers.com

Big Breach or Nada de Nada? Mexican Gov’t Faces Leak Allegations A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government. Robert Lemos, Contributing Writer Go to gbhackers.com

Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil Attackers could even have used one vulnerable Lookout user to gain access to other GCP tenants’ environments. Nate Nelson, Contributing Writer Go to gbhackers.com

Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days APT28’s attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads. Jai Vijayan, Contributing Writer Go to gbhackers.com

GlassWorm Malware Returns to Shatter Developer Ecosystems The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims with infostealer infections. Alexander Culafi Go to gbhackers.com

8-Minute Access: AI Accelerates Breach of AWS Environment The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Dark Patterns Undermine Security One Click at a Time People trust organizations to do the right thing, but websites’ and apps’ dark patterns pose a hidden threat that can lead to inadequate security behaviors. Arielle Waldman Go to gbhackers.com

Attackers Harvest Dropbox Logins Via Fake PDF Lures A malware-free phishing campaign targets corporate inboxes and asks employees to view “request orders,” ultimately leading to Dropbox credential theft. Alexander Culafi Go to gbhackers.com

County Pays $600K to Wrongfully Jailed Pen Testers Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises. Nate Nelson, Contributing Writer Go to gbhackers.com

Chinese Hackers Hijack Notepad++ Updates for 6 Months State-sponsored threat actors compromised the popular code editor’s hosting provider to redirect targeted users to malicious downloads. Jai Vijayan, Contributing Writer Go to gbhackers.com

ShinyHunters Expands Scope of SaaS Extortion Attacks Following its attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation Investors poured $140 million into Torq’s Series D Round, bringing the startup’s valuation to $1.2 billion, to bring AI-based “hyper automation” to SOCs. Jeffrey Schwartz Go to gbhackers.com

2026: The Year Agentic AI Becomes the Attack-Surface Poster Child Dark Reading asked readers whether agentic AI attacks, advanced deepfake threats, board recognition of cyber as a top priority, or password-less technology adoption would be most likely to become a trending reality for 2026. Tara Seals Go to gbhackers.com

Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools. Jeffrey Schwartz Go to gbhackers.com

OpenClaw AI Runs Wild in Business Environments The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users’ computers. Robert Lemos, Contributing Writer Go to gbhackers.com

Chinese APTs Hacking Asian Orgs With High-End Malware Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region. Nate Nelson, Contributing Writer Go to gbhackers.com

Trump Administration Rescinds Biden-Era SBOM Guidance Federal agencies will no longer be required to solicit software bills of material (SBOMs) from tech vendors, nor attestations that they comply with NIST’s Secure Software Development Framework (SSDF). What that means long term is unclear. Alexander Culafi Go to gbhackers.com

More Critical Flaws on n8n Could Compromise Customer Security A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials. Jai Vijayan, Contributing Writer Go to gbhackers.com

‘Semantic Chaining’ Jailbreak Dupes Gemini Nano Banana, Grok 4 If an attacker splits a malicious prompt into discrete chunks, some large language models (LLMs) will get lost in the details and miss the true intent. Nate Nelson, Contributing Writer Go to gbhackers.com

How Can CISOs Respond to Ransomware Getting More Violent? Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multi-factor authentication. James Doggett Go to gbhackers.com

Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July. Alexander Culafi Go to gbhackers.com

Fortinet Confirms New Zero-Day Behind Malicious SSO Logins To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication for all devices. Rob Wright Go to gbhackers.com

China-Backed ‘PeckBirdy’ Takes Flight for Cross-Platform Attacks In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government entities with new backdoors. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Surging Cyberattacks Boost Latin America to Riskiest Region The region is up against tactics like data-leak extortion, credential-stealing campaigns, edge-device exploitation, and attackers leveraging AI. Robert Lemos, Contributing Writer Go to gbhackers.com

AI & the Death of Accuracy: What It Means for Zero-Trust AI “model collapse,” where LLMs over time train on more and more AI-generated data and become degraded as a result, can introduce inaccuracies, promulgate malicious activity, and impact PII protections. Alexander Culafi Go to gbhackers.com

Vibe-Coded ‘Sicarii’ Ransomware Can’t Be Decrypted A new ransomware strain that entered the scene last year has poorly designed code and an odd “Hebrew” identity that might be a false flag. Alexander Culafi Go to gbhackers.com

Critical Telnet Server Flaw Exposes Forgotten Attack Surface While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access. Rob Wright Go to gbhackers.com

Microsoft Rushes Emergency Patch for Office Zero-Day To exploit the vulnerability, an attacker would need either system access or be able to convince a user to open a malicious Office file. Jai Vijayan, Contributing Writer Go to gbhackers.com

‘Stanley’ Toolkit Turns Chrome Into Undetectable Phishing Vector The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security. Jai Vijayan, Contributing Writer Go to gbhackers.com

WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data The sportswear brand is investigating an alleged breach of its network that exposed some 188,347 files of highly sensitive corporate data. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Beauty in Destruction: Exploring Malware’s Impact Through Art Artistic initiatives turn cybersecurity into immersive exhibits at the Museum of Malware Art, transforming digital threats into thought-provoking experiences. Andrada Fiscutean Go to gbhackers.com