Tag: darkreading

Hand CVE Over to the Private Sector How MITRE has mismanaged the world’s vulnerability database for decades and wasted millions along the way. Brian Martin Go to gbhackers.com

Sandworm Blamed for Wiper Attack on Poland Power Grid Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations. Alexander Culafi Go to gbhackers.com

DPRK’s Konni Targets Blockchain Developers With AI-Generated Backdoor The North Korean threat group is using a new PowerShell backdoor to compromise development environments and target cryptocurrency holdings, according to researchers. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

2025 Was a Wake-Up Call to Protect Human Decisions, Not Just Systems Cybersecurity must shift from solely protecting systems to safeguarding human decision-making under uncertainty and system failures. Rashmi Tallapragada Go to gbhackers.com

Swipe, Plug-in, Pwned: Researchers Find New Ways to Hack Vehicles Security researchers exploited dozens of vulnerabilities in vehicle infotainment systems and EV chargers during the latest Pwn2Own contest at Automotive World 2026. Robert Lemos, Contributing Writer Go to gbhackers.com

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a complete system takeover. Rob Wright Go to gbhackers.com

Healthy Security Cultures Thrive on Risk Reporting The signs of an effective security culture are shifting as companies call on CISOs and security teams to raise their hands unabashedly. Arielle Waldman Go to gbhackers.com

Risky Chinese Electric Buses Spark Aussie Gov’t Review Deployed across Australia and Europe, China’s electric buses are vulnerable to cybercriminals and sport a virtual kill switch the Chinese state could activate. Nate Nelson, Contributing Writer Go to gbhackers.com

Fortinet Firewalls Hit With Malicious Configuration Changes Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files. Rob Wright Go to gbhackers.com

From a Whisper to a Scream: Europe Frets About Overreliance on US Tech Concern is growing across Europe about relying on US cybersecurity companies, and Greenland takeover talk is eroding trust across the EU even further. Rik Turner Go to gbhackers.com

Latin American Orgs Lack Confidence in Cyber Defenses, Skills Cybersecurity professionals in Latin America are least likely to have faith in their countries’ preparedness for cyberattacks on critical infrastructure, the World Economic Forum says. Robert Lemos, Contributing Writer Go to gbhackers.com

DPRK Actors Deploy VS Code Tunnels for Remote Hacking A spear-phishing campaign tied to the Democratic People’s Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

AI Agents Undermine Progress in Browser Security Web browser companies have put in substantial effort over the last three decades to strengthen the browser security stack to withstand abuses. Agentic browsers are undoing all that work. Robert Lemos, Contributing Writer Go to gbhackers.com

‘Contagious Interview’ Attack Now Delivers Backdoor Via VS Code Once trust is granted to the repository’s author, a malicious app executes arbitrary commands on the victim’s system with no other user interaction. Jai Vijayan, Contributing Writer Go to gbhackers.com

Phishing Campaign Zeroes in on LastPass Customers The bait incudes plausible subject lines and credible messages, most likely thanks to attackers’ use of large language models to craft them. Alexander Culafi Go to gbhackers.com

Complex VoidLink Linux Malware Created by AI Researchers say the advanced framework was built almost entirely by agents, marking a significant evolution in the use of AI to develop wholly original malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

‘Damn Vulnerable’ Training Apps Leave Vendors’ Clouds Exposed Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors. Nate Nelson, Contributing Writer Go to gbhackers.com

‘CrashFix’ Scam Crashes Browsers, Delivers Malware The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT. Jai Vijayan, Contributing Writer Go to gbhackers.com

Mass Spam Attacks Leverage Zendesk Instances The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability. Alexander Culafi Go to gbhackers.com

Vulnerabilities Threaten to Break Chainlit AI Framework Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud. Nate Nelson, Contributing Writer Go to gbhackers.com

Google Gemini Flaw Turns Calendar Invites Into Attack Vector The indirect prompt injection vulnerability allows an attacker to weaponize calendar invites to circumvent Google’s privacy controls and access private data. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

ChatGPT Health Raises Big Security, Safety Concerns ChatGPT Health promises robust data protection, but elements of the rollout raise big questions regarding user security and safety. Alexander Culafi Go to gbhackers.com

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses. Rob Wright Go to gbhackers.com

CISOs Rise to Prominence: Security Leaders Join the Executive Suite Security professionals are moving on up the executive ranks as enterprises face rising regulatory and compliance standards. Arielle Waldman Go to gbhackers.com

AI System Reduces Attack Reconstruction Time From Weeks to Hours Pacific Northwest National Labs’ expert cybersecurity system, ALOHA, can recreate attacks and test them against organizations’ infrastructure to bolster defense. Robert Lemos, Contributing Writer Go to gbhackers.com

Predator Spyware Sample Indicates ‘Vendor-Controlled’ C2 Researchers detailed how Intellexa, Predator’s owner, uses failed deployments and thwarted infections to strengthen its commercial spyware and generate more effective attacks. Rob Wright Go to gbhackers.com

Winter Olympics Could Share Podium With Cyberattackers The upcoming Winter Games in the Italian Alps are attracting both hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the attending glitterati. Jai Vijayan, Contributing Writer Go to gbhackers.com

Vulnerabilities Surge, But Messy Reporting Blurs Picture MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in WordPress plugins surge. Robert Lemos, Contributing Writer Go to gbhackers.com

Trio of Critical Bugs Spotted in Delta Industrial PLCs Experts disagree on whether the vulnerabilities in a programmable logic controller from Delta are a five-alarm fire or not much to worry over. Nate Nelson, Contributing Writer Go to gbhackers.com

Retail, Services Industries Under Fire in Oceania Last year in Australia, New Zealand, and the South Pacific, Main Street businesses like retail and construction suffered more cyberattacks than their critical sector counterparts. Nate Nelson, Contributing Writer Go to gbhackers.com

Secure Your Spot at RSAC 2026 Conference Go to gbhackers.com

‘VoidLink’ Malware Poses Advanced Threat to Linux Systems Researchers discovered a modular, “cloud-first” framework that is feature-rich and designed to maintain stealthy, long-term access to Linux environments. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Taiwan Endures Greater Cyber Pressure From China Chinese cyberattacks on Taiwan’s critical infrastructure — including energy utilities and hospitals — rose 6% in 2025, averaging 2.63 million attacks a day. Robert Lemos, Contributing Writer Go to gbhackers.com

CISO Succession Crisis Highlights How Turnover Amplifies Security Risks When cybersecurity leadership turns over too fast, risk does not reset. It compounds. Joan Goodchild Go to gbhackers.com

‘Most Severe AI Vulnerability to Date’ Hits ServiceNow ServiceNow tacked agentic AI onto a largely unguarded legacy chatbot, exposing customers’ data and connected systems. Nate Nelson, Contributing Writer Go to gbhackers.com

Shadow#Reactor Uses Text Files to Deliver Remcos RAT Attackers use a sophisticated delivery mechanism of text-only files for RAT deployment, showcasing a clever way to bypass defensive tools and rely on the target’s own utilities. Alexander Culafi Go to gbhackers.com

Attackers Abuse Python, Cloudflare to Deliver AsyncRAT The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

BreachForums Breached, Exposing 324K Cybercriminals Massive data dump reveals real identities and details of administrators and members of the notorious hacker forum. Jai Vijayan, Contributing Writer Go to gbhackers.com

GoBruteforcer Botnet Targets 50K-plus Linux Servers Researchers detailed a souped-up version of the GoBruteforcer botnet that preys on servers with weak credentials and AI-generated configurations. Alexander Culafi Go to gbhackers.com

Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult No matter what new laws or regulations make the cut for 2026, it’s clear that compliance challenges will persist and federal legislation will be limited. Arielle Waldman Go to gbhackers.com

Hexnode Moves into Endpoint Security With Hexnode XDR Go to gbhackers.com

Two Separate Campaigns Target Exposed LLM Services A total of 91,403 sessions targeted public LLM endpoints to find leaks in organizations’ use of AI and map an expanding attack surface. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Deepfake Fraud Tools Are Lagging Behind Expectations Deepfakes are becoming more realistic and more popular. Luckily, defenders are still ahead in the arms race. Nate Nelson, Contributing Writer Go to gbhackers.com

Illicit Crypto Economy Surges as Nation-States Join in the Fray Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump. Robert Lemos, Contributing Writer Go to gbhackers.com

Notorious Russian APT Nabs Credentials From Global Targets “Fancy Bear” relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations. Nate Nelson, Contributing Writer Go to gbhackers.com

CrowdSrike to Buy SGNL to Expand Identity Security Capabilities The CrowdStrike-SGNL deal underscores how identity security has become a critical component of enterprise cybersecurity as companies add cloud services and deploy AI-driven tools. Fahmida Y. Rashid Go to gbhackers.com

Maximum Severity HPE OneView Flaw Exploited in the Wild Exploitation of CVE-2025-37164 can enable remote code execution on HPE’s IT infrastructure management platform, leading to devastating consequences. Rob Wright Go to gbhackers.com

Fake AI Chrome Extensions Steal 900K Users’ Data Threat actors ripped off a legitimate AI-powered Chrome extension in order to harvest ChatGPT and DeepSeek data before sending it to a C2 server. Alexander Culafi Go to gbhackers.com

ChatGPT’s Memory Feature Supercharges Prompt Injection The “ZombieAgent” exploit makes use of ChatGPT’s long-term memory and advanced capabilities. Nate Nelson, Contributing Writer Go to gbhackers.com

Here’s What Cloud Security’s Future Holds for the Year Ahead Here are the top cloud security trends I’m seeing in my crystal ball for the New Year — particularly arming us for AI adoption. Melinda Marks Go to gbhackers.com

Attackers Exploit Zero-Day in End-of-Life D-Link Routers Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands. Jai Vijayan, Contributing Writer Go to gbhackers.com

Phishers Exploit Office 365 Users Who Let Their Guard Down Microsoft said that Office 365 tenants with weak configurations and who don’t have strict anti-spoofing protection enabled are especially vulnerable. Alexander Culafi Go to gbhackers.com

Lack of MFA is Common Thread in Vast Cloud Credential Heist An emerging threat actor that goes by “Zestix” used an assortment of infostealers to obtain credentials and breach file-sharing instances of approximately 50 enterprises. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

DDoSia Powers Affiliate-Driven Hacktivist Attacks Pro-Russian group NoName057(16) uses a custom denial-of-service tool to mobilize volunteers and disrupt government, media, and institutional sites tied to Ukraine and the West. Jai Vijayan, Contributing Writer Go to gbhackers.com

Cyberattacks Likely Part of Military Operation in Venezuela Cyber’s role in the US raid on Venezuela remains a question, though President Trump alluded to “certain expertise” in shutting down the power grid in Caracas. Robert Lemos, Contributing Writer Go to gbhackers.com

Scattered Lapsus$ Hunters Snared in Cyber Researcher Honeypot Scattered Lapsus$ Hunters, also known as ShinyHunters, were drawn in using a realistic, yet mostly fake, dataset. Alexander Culafi Go to gbhackers.com

ClickFix Campaign Serves Up Fake Blue Screen of Death Threat actors are using the social engineering technique and a legitimate Microsoft tool to deploy the DCRat remote access Trojan against targets in the hospitality sector. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Startup Trends Shaking Up Browsers, SOC Automation, AppSec In 2025, these startups have reimagined browser security, pioneered application security for AI-generated code, and are building consensus on agentic vs. human costs. Paul Shomo Go to gbhackers.com

Critical ‘MongoBleed’ Bug Under Active Attack, Patch Now A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers. Jai Vijayan, Contributing Writer Go to gbhackers.com

US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity Two US citizens pleaded guilty to working as ALPHV/BlackCat ransomware affiliates in 2023, and both were previously employed by prominent security firms. Alexander Culafi Go to gbhackers.com

RondoDox Botnet Expands Scope With React2Shell Exploitation Recent attacks are targeting Next.js servers and pose a significant threat of cryptomining, botnet payloads, and other malicious activity to IoT networks and enterprises. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats Cybersecurity experts discuss 2026 predictions, highlighting the rise of AI-driven threats, the shift to resilience over prevention, and the urgent need for advanced security measures to combat evolving risks Kristina Beek, Rob Wright Go to gbhackers.com

CTO New Year Resolutions for a More Secure 2026 From securing MCPs and supply chain defenses to formal AI and quantum governance, experts share their wish lists for cyber safety in 2026. Ericka Chickowski, Contributing Writer Go to gbhackers.com

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks? The April/May zero-day exploitations of Ivanti’s mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT — and history will probably repeat itself. Tara Seals Go to gbhackers.com

When the Cloud Rains on Everyone’s IoT Parade What happens to all of those always-connected devices and Internet of Things when the cloud goes down? Disruptions to sleep, school, and smart homes, just to name a few issues. Arielle Waldman Go to gbhackers.com

Contrarians No More: AI Skepticism Is on the Rise Concerns about an economic bubble bursting, along with doubts regarding return on investment, suggest the tide may be turning for the artificial intelligence industry. Rob Wright Go to gbhackers.com

Identity Security 2026: Four Predictions and Recommendations Agentic AI adoption and identity security risks, IGA expands in mid-market, SOC-identity team collaboration, and identity platform consolidation—this 2026 predictions post previews identity trends. Todd Thiemann Go to gbhackers.com

Cybersecurity Predictions 2026: An AI Arms Race and Malware Autonomy The year ahead will see an intensified AI-driven cybersecurity arms race, with attackers leveraging autonomous malware and advanced AI technologies to outpace defenders, while security teams adopt increasingly sophisticated AI tools to combat evolving threats amidst growing vendor consolidation and platformization in the industry. Tyler…

New Tech Deployments Cyber Insurers Recommend for 2026 An analysis of cyber-insurance claims data shows which cyber defenses actually work for policyholders. Here are six technologies that will pay off for companies in 2026. Robert Lemos, Contributing Writer Go to gbhackers.com

SBOMs in 2026: Some Love, Some Hate, Much Ambivalence With a new year upon us, software and cybersecurity experts disagree on the utility of software bill of materials — in theory, SBOMs are great, but in practice, they’re a mess. Robert Lemos, Contributing Writer Go to gbhackers.com

5 Threats That Defined Security in 2025 2025 included a number of monumental threats, from the global attacks of Salt Typhoon to dangerous vulnerabilities like React2Shell. Alexander Culafi Go to gbhackers.com

Mentorship and Diversity: Shaping the Next Generation of Cyber Experts Patricia Voight, CISO at Webster Bank, shares her expertise on advancing cybersecurity careers, combating financial crimes, and championing diversity in a rapidly changing industry. Kristina Beek Go to gbhackers.com

As More Coders Adopt AI Agents, Security Pitfalls Lurk in 2026 Developers are leaning more heavily on AI for code generation, but in 2026, the development pipeline and security need to be prioritized. Robert Lemos, Contributing Writer Go to gbhackers.com

Dark Reading Opens The State of Application Security Survey Take part in the new survey from Dark Reading and help uncover trends, challenges, and solutions shaping the future of application security. Fahmida Y. Rashid Go to gbhackers.com

ServiceNow Buys Armis for $7.75B, Gets ‘AI Control Tower’ The latest cybersecurity acquisition will help further ServiceNow’s plans for autonomous cybersecurity and building a security stack to proactively manage AI. Go to gbhackers.com

Industry Continues to Push Back on HIPAA Security Rule Overhaul Healthcare cyberattacks are on the rise, but industry organizations say the proposed changes to the security rules fall short of what’s needed. Arielle Waldman Go to gbhackers.com

Amazon Fends Off 1,800 Suspected DPRK IT Job Scammers The tech giant has been beset by a deluge of state-sponsored North Korean operatives, showcasing the sheer scale of the IT worker scam problem. Alexander Culafi Go to gbhackers.com

Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks. Rob Wright Go to gbhackers.com

Uzbek Users Under Attack by Android SMS Stealers Telegram users in Uzbekistan are being targeted with Android SMS stealer malware, and what’s worse, the attackers are improving their methods. Alexander Culafi Go to gbhackers.com

Cisco VPNs, Email Services Hit in Separate Threat Campaigns The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart. Nate Nelson, Contributing Writer Go to gbhackers.com

LongNosedGoblin Caught Snooping on Asian Governments New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan. Becky Bracken Go to gbhackers.com

Identity Fraud Among Home Care Workers Puts Patients at Risk Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication. Arielle Waldman Go to gbhackers.com

A Good Year for North Korean Cybercriminals North Korea shifted its strategy to patiently target “bigger fish” for larger payouts, using sophisticated methods to execute attacks at opportune times. Robert Lemos, Contributing Writer Go to gbhackers.com

A Cybersecurity Playbook for AI Adoption AI adds real value to cybersecurity today, but it cannot yet serve as a single security guardian. Here’s how organizations can safely combine AI-driven analysis with deterministic rules and proven security practices. Dirk Schrader Go to gbhackers.com

SonicWall Edge Access Devices Hit by Zero-Day Attacks In the latest attacks against the vendor’s SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year. Rob Wright Go to gbhackers.com

Dormant Iran APT is Still Alive, Spying on Dissidents “Prince of Persia” has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-control server. Nate Nelson, Contributing Writer Go to gbhackers.com

Critical Fortinet Flaws Under Active Attack Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and other sensitive information. Jai Vijayan, Contributing Writer Go to gbhackers.com

In Cybersecurity, Claude Leaves Other LLMs in the Dust Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so. Nate Nelson, Contributing Writer Go to gbhackers.com

‘Cellik’ Android RAT Leverages Google Play Store The remote access Trojan lets an attacker remotely control a victim’s phone and can generate malicious apps from inside the Play Store. Alexander Culafi Go to gbhackers.com

Attackers Use Stolen AWS Credentials in Cryptomining Campaign Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors. Robert Lemos, Contributing Writer Go to gbhackers.com

Venezuelan Oil Company Downplays Alleged US Cyberattack But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company. Jai Vijayan, Contributing Writer Go to gbhackers.com

Russia Hits Critical Orgs Via Misconfigured Edge Devices Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector. Alexander Culafi Go to gbhackers.com

Browser Extension Harvests 8M Users’ AI Chatbot Data Urban VPN Proxy, which claims to protect users’ privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot and other AI assistants. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Enterprises Gear Up for 2026’s IT Transformation Experts predict big changes are coming for IT infrastructure in 2026 driven by AI adoption, hybrid cloud strategies, and evolving security demands. Arielle Waldman Go to gbhackers.com

How Cyber Insurance MGAs Shape Policies for Evolving Cyber Risks Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with. Ericka Chickowski, Contributing Writer Go to gbhackers.com

Apple Patches More Zero-Days Used in ‘Sophisticated’ Attack Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week. Alexander Culafi Go to gbhackers.com

Think Like an Attacker: Cybersecurity Tips From Cato Networks’ CISO Etay Mayor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity. Kristina Beek Go to gbhackers.com

Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

The CISO-COO Partnership: Protecting Operational Excellence Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISO and COO. George V. Hulme, Contributing Writer Go to gbhackers.com