Tag: darkreading

React2Shell Exploits Flood the Internet as Attacks Continue As exploitation activity against CVE-2025-55182, researchers are finding some proof-of-concept exploits contain bypasses for Web application firewall (WAF) rules. Rob Wright Go to gbhackers.com

Vibe Coding: Innovation Demands Vigilance Unmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers, Constantine warns. Chrissa Constantine Go to gbhackers.com

Microsoft Will Bundle Security Copilot with M365 Enterprise Licenses The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company’s Ignite conference last week. Jeffrey Schwartz Go to gbhackers.com

Supply Chain Attacks Targeting GitHub Actions Increased in 2025 At this week’s Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle. Jeffrey Schwartz Go to gbhackers.com

Are Trade Concerns Trumping US Cybersecurity? The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say. Robert Lemos, Contributing Writer Go to gbhackers.com

Hamas-Linked Hackers Probe Middle Eastern Diplomats Hamas’s best hackers have been maturing, building better malware, and spreading their attacks more widely across the region. Nate Nelson, Contributing Writer Go to gbhackers.com

Attackers Exploited Gogs Zero-Day Flaw for Months Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year. Alexander Culafi Go to gbhackers.com

AI in OT Sparks Cascade of Complex Challenges Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges. Arielle Waldman Go to gbhackers.com

Storm-0249 Abuses EDR Processes in Stealthy Attacks The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks. Jai Vijayan, Contributing Writer Go to gbhackers.com

Copilot’s No-Code AI Agents Liable to Leak Company Data Microsoft puts the power of AI in the hands of everyday non-technical Joes. It’s a nice idea, and a surefire recipe for security issues. Nate Nelson, Contributing Writer Go to gbhackers.com

ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims’ computers. Alexander Culafi Go to gbhackers.com

Feds: Pro-Russia Hactivists Target US Critical Infrastructure So far the attacks, which compromise virtual network computing (VNC) connections in OT systems, have not been particularly destructive, but this could change as they evolve. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Japanese Firms Suffer Long Tail of Ransomware Damage Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover. Robert Lemos, Contributing Writer Go to gbhackers.com

Microsoft Fixes Exploited Zero Day in Light Patch Tuesday Proof-of-concept exploit code is publicly available for two other flaws in this month’s Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year. Jai Vijayan, Contributing Writer Go to gbhackers.com

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target. Alexander Culafi Go to gbhackers.com

Analysts Warn of Cybersecurity Risks in Humanoid Robots Think “Blade Runner,” but the robots can be hacked more easily than your home computer. Nate Nelson, Contributing Writer Go to gbhackers.com

Gemini Enterprise No-Click Flaw Exposes Sensitive Data Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Apache Issues Max-Severity Tika CVE After Patch Miss The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. Jai Vijayan, Contributing Writer Go to gbhackers.com

Exploitation Activity Ramps Up Against React2Shell Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw. Rob Wright Go to gbhackers.com

US Treasury Tracks $4.5B in Ransom Payments since 2013 The US Treasury’s Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time. Alexander Culafi Go to gbhackers.com

‘Broadside’ Mirai Variant Targets Maritime Logistics Sector ‘Broadside’ is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Rust Code Delivers Better Security, Also Streamlines DevOps Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review. Robert Lemos, Contributing Writer Go to gbhackers.com

India Rolls Back App Mandate Amid Surveillance Concerns Remember when Apple put that U2 album in everyone’s music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn’t a good idea. Nate Nelson, Contributing Writer Go to gbhackers.com

Threat Landscape Grows Increasingly Dangerous for Manufacturers Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise. Robert Lemos, Contributing Writer Go to gbhackers.com

CISOs Should Be Asking These Quantum Questions Today As quantum quietly moves beyond lab experiment and into production workflows, here’s what enterprise security leaders should be focused on, according to Lineswala. Rut Lineswala Go to gbhackers.com

How Agentic AI Can Boost Cyber Defense Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference. Jeffrey Schwartz Go to gbhackers.com

CISA Warns of ‘Ongoing’ Brickstorm Backdoor Attacks State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations. Rob Wright Go to gbhackers.com

CISA Publishes Security Guidance for Using AI in OT Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure. Alexander Culafi Go to gbhackers.com

ServiceNow’s Acquisition of NHI Provider Veza Strengthens Governance Portfolio The deal, believed to be valued at $1 billion, will bring non-human identity access control of agents and machines to ServiceNow’s offerings including its new AI Control Tower. Jeffrey Schwartz Go to gbhackers.com

Student Sells Gov’t, University Sites to Chinese Actors It’s the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each. Nate Nelson, Contributing Writer Go to gbhackers.com

‘MuddyWater’ Hackers Target Israeli Orgs With Retro Game Tactic Iran’s top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game. Nate Nelson, Contributing Writer Go to gbhackers.com

‘ShadyPanda’ Hackers Weaponize Millions of Browsers The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. Jai Vijayan, Contributing Writer Go to gbhackers.com

Critical React Flaw Triggers Calls for Immediate Action The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers. Rob Wright Go to gbhackers.com

GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event Go to gbhackers.com

Arizona AG Sues Temu Over ‘Stealing’ User Data The suit alleges the Chinese retailer’s app secretly accesses and harvests users’ sensitive information without their knowledge or consent. Alexander Culafi Go to gbhackers.com

The Ransomware Holiday Bind: Burnout or Be Vulnerable Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag. Arielle Waldman Go to gbhackers.com

China Researches Ways to Disrupt Satellite Internet While satellite constellations — such as Starlink — are resilient, 2,000 drones could cut communications to a region the size of Taiwan, researchers find. Robert Lemos, Contributing Writer Go to gbhackers.com

Iran’s ‘MuddyWater’ Levels Up With MuddyViper Backdoor New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations. Jai Vijayan, Contributing Writer Go to gbhackers.com

Researchers Use Poetry to Jailbreak AI Models When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase. Alexander Culafi Go to gbhackers.com

DPRK’s ‘Contagious Interview’ Spawns Malicious Npm Package Factory North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Tomiris Unleashes ‘Havoc’ With New Tools, Tactics The Russian-speaking group is targeting government and diplomatic entities in CIS member states and Central Asia in its latest cyber-espionage campaign. Jai Vijayan, Contributing Writer Go to gbhackers.com

CodeRED Emergency Alert Platform Shut Down Following Cyberattack The Inc ransomware gang took responsibility for the attack earlier this month and claimed it stole sensitive subscriber data. Rob Wright Go to gbhackers.com

Police Disrupt ‘Cryptomixer,’ Seize Millions in Crypto Multiple European law enforcement agencies recently disrupted Cryptomixer, a service allegedly used by cybercriminals to launder ill-gotten gains from ransomware and other cyber activities. Alexander Culafi Go to gbhackers.com

Shai-hulud 2.0 Variant Threatens Cloud Ecosystem The latest attack from the self-replicating, npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Digital Fraud at Industrial Scale: 2025 Wasn’t Great Advanced fraud attacks surged 180% in 2025 as cyber-scammers used generative AI to churn out flawless IDs, deepfakes, and autonomous bots at levels never before seen. Jai Vijayan, Contributing Writer Go to gbhackers.com

‘Dark LLMs’ Aid Petty Criminals, But Underwhelm Technically As in the wider world, AI is not quite living up to the hype in the cyber underground. But it’s definitely helping low-level cybercriminals do competent work. Nate Nelson, Contributing Writer Go to gbhackers.com

Prompt Injections Loom Large Over ChatGPT’s Atlas Browser It’s the law of unintended consequences: equipping browsers with agentic AI opens the door to an exponential volume of prompt injections. Alexander Culafi Go to gbhackers.com

Enterprises Aren’t Confident They Can Secure Non-Human Identities (NHIs) More than half of organizations surveyed aren’t sure they can secure non-human identities (NHIs), underscoring the lag between the rollout of these identities and the tools to protect them. Don Tait Go to gbhackers.com

Iran Exploits Cyber Domain to Aid Kinetic Strikes The country deploys “cyber-enabled kinetic targeting” prior to — and following — real-world missile attacks against ships and land-based targets. Robert Lemos, Contributing Writer Go to gbhackers.com

Advanced Security Isn’t Stopping Ancient Phishing Tactics New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures. Kristina Beek Go to gbhackers.com

With Friends Like These: China Spies on Russian IT Orgs State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications. Nate Nelson, Contributing Writer Go to gbhackers.com

‘JackFix’ Attack Circumvents ClickFix Mitigations A new ClickFix variant ratchets up the psychological pressure to 100 and addresses some technical mitigations to classic ClickFix attacks. Nate Nelson, Contributing Writer Go to gbhackers.com

ShadowRay 2.0 Turns AI Clusters into Crypto Botnets A threat actor is leveraging a flaw in the Ray framework to hijack AI infrastructure worldwide and distribute a self-propagating cryptomining and data theft botnet. Jai Vijayan, Contributing Writer Go to gbhackers.com

Critical Flaw in Oracle Identity Manager Under Exploitation The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers. Rob Wright Go to gbhackers.com

Infamous Shai-hulud Worm Resurfaces From the Depths This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said. Alexander Culafi Go to gbhackers.com

Vision Language Models Keep an Eye on Physical Security Advancements in vision language models expanded models reasoning capabilities to help protect employee safety. Arielle Waldman Go to gbhackers.com

Deja Vu: Salesforce Customers Hacked Again, Via Gainsight In a repeat of similar attacks during the summer, threat actors affiliated with the ShinyHunters extortion group used a third-party application to steal organizations’ Salesforce data. Nate Nelson, Contributing Writer Go to gbhackers.com

Hack the Hackers: 6 Laws for Staying Ahead of the Attackers A new security framework responds to a shift in attackers’ tactics, one that allows them to infiltrate enterprises ‘silently’ through their own policies. Arielle Waldman Go to gbhackers.com

LINE Messaging Bugs Open Asian Users to Cyber Espionage In a potential gift to geopolitical adversaries, the encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure from chats. Tara Seals Go to gbhackers.com

With AI Reshaping Entry-Level Cyber, What Happens to the Security Talent Pipeline? Automation is rewriting early-career cybersecurity work, raising urgent questions about how the next generation of security professionals will gain real-world expertise. Joan Goodchild Go to gbhackers.com

Switching to Offense: US Makes Cyber Strategy Changes The US national cyber director describes the next cyber strategy as focusing “on shaping adversary behavior,” adding consequences and aggressive response. Robert Lemos, Contributing Writer Go to gbhackers.com

Inside Iran’s Cyber Objectives: What Do They Want? The regime’s cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives. Alexander Culafi Go to gbhackers.com

Chinese APT Infects Routers to Hijack Software Updates A unique take on the software update gambit has allowed “PlushDaemon” to evade attention as it mostly targets Chinese organizations. Nate Nelson, Contributing Writer Go to gbhackers.com

Same Old Security Problems: Cyber Training Still Fails Miserably Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and phishing attacks. Tara Seals Go to gbhackers.com

‘Matrix Push’ C2 Tool Hijacks Browser Notifications for Phishing Have you ever given two seconds of thought to a browser notification? No? That’s what hackers are counting on. Nate Nelson, Contributing Writer Go to gbhackers.com

WhatsApp ‘Eternidade’ Trojan Self-Propagates Through Brazil The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks. Nate Nelson, Contributing Writer Go to gbhackers.com

Fortinet Woes Continue With Another WAF Zero-Day Flaw A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor’s disclosure practices. Rob Wright Go to gbhackers.com

Do National Data Laws Carry Cyber-Risks for Large Orgs? When international corporations have to balance competing cyber laws from different countries, the result is fragmented, potentially vulnerable systems. Nate Nelson, Contributing Writer Go to gbhackers.com

The AI Attack Surface: How Agents Raise the Cyber Stakes Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent’s goals and how agent interaction can be altered to compromise whole networks. Alexander Culafi Go to gbhackers.com

Cloudflare Blames Outage on Internal Configuration Error Initially though to be a DDoS attack, the incident was actually due to a routine change in permissions that caused widespread software failure. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Critical Railway Braking Systems Open to Tampering It only takes recycled cans, copper, and cheap gadgets off the Web to trick a train conductor into doing something dangerous. Nate Nelson, Contributing Writer Go to gbhackers.com

Cloud Break: IoT Devices Open to Silent Takeover Via Firewalls IoT devices can be compromised, thanks to gaps in cloud management interfaces for firewalls and routers, even if they’re protected by security software or not online. Nate Nelson, Contributing Writer Go to gbhackers.com

Can a Global, Decentralized System Save CVE Data? As vulnerabilities in the Common Vulnerabilities and Exposures ecosystem pile up, one Black Hat Europe presenter hopes for a global, distributed alternative. Robert Lemos, Contributing Writer Go to gbhackers.com

Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Critical Fortinet FortiWeb WAF Bug Exploited in the Wild The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands. Alexander Culafi Go to gbhackers.com

Cursor Issue Paves Way for Credential-Stealing Attacks Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor’s internal browser. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Akira RaaS Targets Nutanix VMs, Threatens Critical Orgs The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors. Nate Nelson, Contributing Writer Go to gbhackers.com

New Security Tools Target Growing macOS Threats A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Hardened Containers Look to Eliminate Common Source of Vulnerabilities A kitchen-sink approach to building containers has loaded many with vulnerabilities. A handful of companies are trying to slim them down to address the issue. Robert Lemos, Contributing Writer Go to gbhackers.com

Shadow Program Gives AWS Exec New Security Lens Sara Duffer highlights the top lessons she brought back to her security role following three years in Amazon’s shadow program. Arielle Waldman Go to gbhackers.com

Identity Governance and Administration, App Proliferation, and the App Integration Chasm Most enterprises use more than 1,000 apps, according to ESG research, yet about half are integrated with IGA. Industry innovations enable teams to expand app coverage and get more IGA value. Todd Thiemann Go to gbhackers.com

How CISOs Can Best Work with CEOs and the Board: Lessons from the Field To build an effective relationship with the CEO and the Board, CISOs must translate technical risks into business terms and position cybersecurity as a strategic business enabler rather than just a business function. George V. Hulme, Contributing Writer Go to gbhackers.com

[Dark Reading Virtual Event] Cybersecurity Outlook 2026 Go to gbhackers.com

Orgs Move to SSO, Passkeys to Solve Bad Password Habits In 2025, employees are still using weak passwords. Instead of forcing an impossible change, security leaders are working around the problem. Nate Nelson, Contributing Writer Go to gbhackers.com

Coyote, Maverick Banking Trojans Run Rampant in Brazil South America’s largest country is notorious for banking malware attacks; Maverick self-terminates if its targeted user is based outside Brazil. Alexander Culafi Go to gbhackers.com

Kenya Kicks Off ‘Code Nation’ With a Nod to Cybersecurity The African country aims to train 1 million workers in tech skills in the short term, with a focus on software engineering, cybersecurity, and data science. Robert Lemos, Contributing Writer Go to gbhackers.com

‘CitrixBleed 2’ Wreaks Havoc as Zero-Day Bug The same APT hammered critical bugs in Citrix NetScaler (CVE-2025-5777) and the Cisco Identity Service Engine (CVE-2025-20337) in a sign of growing adversary interest in identity and access management systems. Jai Vijayan, Contributing Writer Go to gbhackers.com

Microsoft Exchange ‘Under Imminent Threat’, Act Now Threats against Microsoft Exchange continue to mount, but there are steps both organizations and Microsoft can take. Arielle Waldman Go to gbhackers.com

Phishing Tool Uses Smart Redirects to Bypass Detection A campaign against Microsoft 365 users leverages Quantum Route Redirection, which simplifies previously technical attack steps and has affected victims across 90 countries. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs Security teams may have a less burdensome rollout in November after October’s Goliath Patch Tuesday, but shouldn’t wait on a few top-priority fixes. Jai Vijayan, Contributing Writer Go to gbhackers.com

Stay Ahead with Dark Reading’s Online Events Go to gbhackers.com

Bridging the Skills Gap: How Military Veterans Are Strengthening Cybersecurity From intelligence analysts to surface warfare officers, military veterans of all backgrounds are successfully pivoting to cybersecurity careers and strengthening the industry’s defense capabilities. Kristina Beek Go to gbhackers.com

OWASP Highlights Supply Chain Risks in New Top 10 Security misconfiguration jumped to second place while injection vulnerabilities dropped, as organizations improve defenses against traditional coding flaws. Jai Vijayan, Contributing Writer Go to gbhackers.com

GlassWorm Returns, Slices Back into VS Code Extensions GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices around the world. Alexander Culafi Go to gbhackers.com

ClickFix Campaign Targets Hotels, Spurs Secondary Customer Attacks Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch a phishing attacks against customers via both email and WhatsApp. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

‘Landfall’ Malware Targeted Samsung Galaxy Users The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices. Jai Vijayan, Contributing Writer Go to gbhackers.com

‘Ransomvibing’ Infests Visual Studio Extension Market A published VS Code extension didn’t hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated. Alexander Culafi Go to gbhackers.com

Microsoft Backs Massive AI Push in UAE, Raising Security Concerns In partnership with Emirates tech company G42, Microsoft is building the first stage of a 5-gigawatt US-UAE AI campus using Nvidia GPUs. Robert Lemos, Contributing Writer Go to gbhackers.com

AI Agents Are Going Rogue: Here’s How to Rein Them In Human-centered identity frameworks are incorrectly being applied to AI agents, creating the potential for catastrophe at machine speed, Poghosyan argues. Art Poghosyan Go to gbhackers.com

AI Security Agents Get Personas to Make Them More Appealing New synthetic security staffers promise to bring artificial intelligence comfortably into the security operations center, but they will require governance to protect security. Robert Lemos, Contributing Writer Go to gbhackers.com