Tag: darkreading

Chinese Gov’t Fronts Trick the West to Obtain Cyber Tech Outwardly neutral Chinese institutions have been collaborating with Western orgs and researchers for the benefit of PRC state intelligence. Nate Nelson, Contributing Writer Go to gbhackers.com

Scattered Lapsus$ Hunters Returns With Salesforce Leak Site After claiming it would shut down, the cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce customers by Oct. 10 if its demands are not met. Rob Wright Go to gbhackers.com

Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage Dutch Prime Minister Dick Schoof described the incident as part of a broader pattern of Russian hybrid attacks against Europe. Kristina Beek Go to gbhackers.com

Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business The company likely failed to completely clean out attackers from a previous breach and now is a case study for the high cost of ransomware. Robert Lemos, Contributing Writer Go to gbhackers.com

BCI: The Thing of Nightmare or Dreams? Brain computer interface technology looks to provide users with hands-free device control, but could security ever keep up with the risks? Arielle Waldman Go to gbhackers.com

Microsoft’s Voice Clone Becomes Scary & Unsalvageable An attacker’s dream: Windows Speak for Me could integrate into apps, creating perfect voice replicas for Teams calls and AI agent interactions across multiple SaaS platforms. Tara Seals Go to gbhackers.com

UAT-8099 Hijacks Reputable Sites for SEO Fraud & Theft A Chinese-language threat actor uses every part of the kill: infecting Web servers with malware, poisoning sites with SEO spam, and stealing organizational data for follow-on attacks. Nate Nelson, Contributing Writer Go to gbhackers.com

There Are More CVEs, But Cyber Insurers Aren’t Altering Policies With nearly 47,000 CVEs expected by the end of the year, organizations must balance comprehensive vulnerability management with strategic cyber insurance policy selection to effectively navigate this rapidly evolving threat landscape. Stephen Lawton Go to gbhackers.com

For One NFL Team, Tackling Cyber Threats Is Basic Defense The NFL’s cyberattack surface is expanding at an unprecedented rate. To find out more, we spoke with a cyber defense coordinator from the Cleveland Browns. Nate Nelson, Contributing Writer Go to gbhackers.com

Red Hat Investigates Widespread Breach of Private GitLab Repositories A threat actor claimed 28,000 private repositories had been compromised, and the Linux software maker said it had “initiated necessary remediation steps.” Rob Wright Go to gbhackers.com

‘Confucius’ Cyberspy Evolves From Stealers to Backdoors in Pakistan The long-running South Asian advanced persistent threat (APT) group is advancing its objectives against Pakistani targets, with a shift to deploying Python-based surveillance malware. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Android Spyware in the UAE Masquerades as … Spyware In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app. Nate Nelson, Contributing Writer Go to gbhackers.com

Google Sheds Light on ShinyHunters’ Salesforce Tactics Mandiant provided proactive defenses against UNC6040’s social engineering attacks that have led to several Salesforce breaches. Rob Wright Go to gbhackers.com

Shutdown Threatens US Intel Sharing, Cyber Defense Lapse of critical information sharing and mass furloughs at CISA are just some of the concerns. Jai Vijayan, Contributing Writer Go to gbhackers.com

Phishing Is Moving From Email to Mobile. Is Your Security? With SMS, voice, and QR-code phishing incidents on the rise, it’s time to take a closer look at securing the mobile user. Jim Dolce Go to gbhackers.com

A $50 ‘Battering RAM’ Can Bust Confidential Computing Researchers have demonstrated an attack that can break through modern Intel and AMD processor technologies that protect encrypted data stored in memory. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

China Imposes One-Hour Reporting Rule for Major Cyber Incidents The sweeping new regulations show that China’s serious about hardening its own networks after launching widespread attacks on global networks. Robert Lemos, Contributing Writer Go to gbhackers.com

New China APT Strikes With Precision and Persistence Phantom Taurus demonstrates a deep understanding of Windows environments, including advanced components like IIServerCore, a fileless backdoor that executes in memory to evade detection. Jai Vijayan, Contributing Writer Go to gbhackers.com

‘Klopatra’ Trojan Makes Bank Transfers While You Sleep A sophisticated new banking malware is hard to detect, capable of stealing lots of money, and infecting thousands of people in Italy and Spain. Nate Nelson, Contributing Writer Go to gbhackers.com

China Exploited New VMware Bug for Nearly a Year A seemingly benign privilege-escalation process in VMware and other software has likely benefited attackers and other malware strains for years, researchers noted. Alexander Culafi Go to gbhackers.com

Can Shadow AI Risks Be Stopped? Agentic AI has introduced abundant shadow artificial intelligence (AI) risks. Cybersecurity startup Entro Security extends its platform to help enterprises combat the growing issue. Arielle Waldman Go to gbhackers.com

‘Trifecta’ of Google Gemini Flaws Turn AI into Attack Vehicle Flaws in individual models of Google’s AI suite created significant security and privacy risks for users, demonstrating the need for heightened defenses. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

AI-Powered Voice Cloning Raises Vishing Risks A researcher-developed framework could enable attackers to conduct real-time conversations using simulated audio to compromise organizations and extract sensitive information. Kristina Beek Go to gbhackers.com

IoT Security Flounders Amid Churning Risk The Internet of Things (IoT) has made everything more interconnected than ever, but an important US government security initiative is stuck in limbo even as threat actors step up attacks on everything from medical gear to printers. Arielle Waldman Go to gbhackers.com

Sneaky, Malicious MCP Server Exfiltrates Secrets via BCC The first known malicious MCP server is an AI integration tool that automatically sends email such as those related to password resets, account confirmations, security alerts, invoices, and receipts to threat actors. Jai Vijayan, Contributing Writer Go to gbhackers.com

Akira Hits SonicWall VPNs in Broad Ransomware Campaign Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year. Alexander Culafi Go to gbhackers.com

Ukrainian Cops Spoofed in Fileless Phishing Attacks on Kyiv Attackers impersonate the National Police of Ukraine to deploy Amatera Stealer and PureMiner, using malicious Scalable Vector Graphics to trick victims. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

Volvo Employee SSNs Stolen in Supplier Ransomware Attack Three international vehicle manufacturers have fallen to supply chain cyberattacks in the past month alone. Nate Nelson, Contributing Writer Go to gbhackers.com

Iranian State Hackers Use SSL.com Certificates to Sign Malware Security researchers say multiple threat groups, including Iran’s Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company. Rob Wright Go to gbhackers.com

Prep is Underway, But 2026 FIFA World Cup Poses Significant Cyber Challenges The world’s most-popular sports contest starts in June 2026 across 16 venues in three countries: Securing the event infrastructure from cyber threats will require massive collaboration. Robert Lemos, Contributing Writer Go to gbhackers.com

Cisco’s Wave of Actively Exploited Zero-Day Bugs Targets Firewalls, IOS Patch now: Cisco recently disclosed four actively exploited zero-days affecting millions of devices, including three targeted by a nation-state actor previously discovered to be behind the “ArcaneDoor” campaign. Alexander Culafi Go to gbhackers.com

Chinese APT Drops ‘Brickstorm’ Backdoors on Edge Devices The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the “Brickstorm” backdoor. Jai Vijayan, Contributing Writer Go to gbhackers.com

How Cloud Service Disruptions Are Making Resilience Critical for Developers Outages affecting DevOps tools threaten to leave developers coding like it’s 1999. How serious is the threat and what can companies do? Robert Lemos, Contributing Writer Go to gbhackers.com

CISA: Attackers Breach Federal Agency via Critical GeoServer Flaw Threat actors exploited CVE-2024-36401 less than two weeks after it was initially disclosed and used it to gain access to a large federal civilian executive branch (FCEB) agency that uses the geospatial mapping data. Rob Wright Go to gbhackers.com

The Fall of Scattered Spider? Teen Member Surrenders Amid Group’s Shutdown Claims The cybercrime group continues to gain attention despite its apparent shutdown last week. Kristina Beek Go to gbhackers.com

Russia Targets Moldovan Election in Disinformation Play Researchers have tracked a Russian disinformation campaign against upcoming Moldovan elections, linking it to a previous campaign that began in 2022. Alexander Culafi Go to gbhackers.com

Threat Actor Deploys ‘OVERSTEP’ Backdoor in Ongoing SonicWall SMA Attacks Hackers tracked as UNC6148 are attacking SonicWall security devices by installing hidden software, allowing them to control systems, steal passwords, and hide their activities. Kristina Beek Go to gbhackers.com

As Incidents Rise, Japanese Government’s Cybersecurity Falls Short The Japanese government suffered the most cybersecurity incidents in 2024 — 447, nearly double the previous year — while failing to manage 16% of critical systems. Robert Lemos, Contributing Writer Go to gbhackers.com

GitHub Aims to Secure Supply Chain as NPM Hacks Ramp Up GitHub will address weak authentication and overly permissive tokens in the NPM ecosystem, following high-profile threat campaigns like those involving Shai-Hulud malware. Alexander Culafi Go to gbhackers.com

Exposed Docker Daemons Fuel DDoS Botnet The for-hire platform leverages legitimate cloud-native tools to make detection and disruption harder for defenders and SOC analysts. Jai Vijayan, Contributing Writer Go to gbhackers.com

From FBI to CISO: Unconventional Paths to Cybersecurity Success Cybersecurity leader Jason Manar shares insights on diverse career paths, essential skills, and practical advice for entering and thriving in the high-stress yet rewarding field of cybersecurity. Kristina Beek Go to gbhackers.com

Dark Reading Confidential: Battle Space: Cyber Pros Land on the Front Lines of Protecting US Critical Infrastructure Dark Reading Confidential Episode 10: It’s past time for a comprehensive plan to protect vital US systems from nation-state cyberattacks, and increasingly, that responsibility is falling to asset owners across a vast swath of organizations, who likely never…

SEO Poisoning Campaign Tied to Chinese Actor In Operation Rewrite, an unspecified actor is using legitimate compromised web servers to deliver malicious content to visitors for financial gain. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

[Dark Reading Virtual Event] Know Your Enemy: How cybercriminals and nation-state hackers operate Go to gbhackers.com

Iran-Linked Hackers Target Europe With New Malware “Nimbus Manticore” is back at it, this time with improved variants of its flagship malware and targets that are outside its usual focus area. Jai Vijayan, Contributing Writer Go to gbhackers.com

Attackers Use Phony GitHub Pages to Deliver Mac Malware Threat actors are using a large-scale SEO poisoning campaign and fake GitHub repositories to deliver Atomic infostealers to Mac users. Alexander Culafi Go to gbhackers.com

Airport Chaos Shows Human Impact of 3rd-Party Attacks Major EU airports such as Heathrow were disrupted over the weekend after a cyberattack hit the provider of check-in kiosk software, which caused delays and flight cancellations. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

15 Years of Zero Trust: Why It Matters More Than Ever With the emergence of AI-driven attacks and quantum computing, and the explosion of hyperconnected devices, zero trust remains a core strategy for security operations. John Kindervag Go to gbhackers.com

Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection Exploitation of the flaw, tracked as CVE-2025-10035, is highly dependent on whether systems are exposed to the Internet, according to Fortra. Kristina Beek Go to gbhackers.com

Capture the Flag Competition Leads to Cybersecurity Career As Splunk celebrates the 10th anniversary of Boss of the SOC competition, it continues to be a valuable platform for security professionals to test their skills, learn new techniques, and potentially advance their careers in cybersecurity. Arielle Waldman Go to gbhackers.com

‘ShadowLeak’ ChatGPT Attack Allows Hackers to Invisibly Steal Emails The loophole allows cyberattackers to exfiltrate company data via OpenAI’s infrastructure, leaving no trace at all on enterprise systems. Nate Nelson, Contributing Writer Go to gbhackers.com

Plastic People, Plastic Cards: Synthetic Identities Plague Finance & Lending Sector Following a pandemic-era respite, financial fraud linked to synthetic identities is rising again, with firms potentially facing $3.3 billion in damages from new accounts. Robert Lemos, Contributing Writer Go to gbhackers.com

Iranian State APT Blitzes Telcos & Satellite Companies A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets. Nate Nelson, Contributing Writer Go to gbhackers.com

Transforming Cyber Frameworks to Take Control of Cyber-Risk Frameworks may seem daunting to implement — especially for government IT teams that may not have an abundance of resources and expertise. But beginning implementation is better than never starting. Mick Baccio Go to gbhackers.com

7 Lessons for Securing AI Transformation from former CIA Digital Guru Jennifer Ewbank, former CIA deputy director of digital innovation, on resilience, cultural shifts, and cyber fundamentals in the AI era. Ericka Chickowski, Contributing Writer Go to gbhackers.com

TikTok Deal Won’t End Enterprise Risks The proposed restructuring plan would address many concerns related to the social media platform, but risks remain for security teams. Jai Vijayan, Contributing Writer Go to gbhackers.com

SonicWall Breached, Firewall Backup Data Exposed Threat actors breached the MySonicWall service and accessed backup firewall configuration files belonging to “fewer than 5%” of its install base, according to the company. Alexander Culafi Go to gbhackers.com

Mastering Digital Breadcrumbs to Stay Ahead of Evolving Threats Digital forensics offers a challenging but rewarding career path for cybersecurity professionals willing to invest in specialized knowledge and continuous learning. Richard Thurston Go to gbhackers.com

The Cloud Edge Is The New Attack Surface The cloud now acts as the connecting infrastructure for many companies’ assets — from IoT devices to workstations to applications and workloads — exposing the edge to threats. Robert Lemos, Contributing Writer Go to gbhackers.com

Microsoft Disrupts ‘RaccoonO365’ Phishing Service Phishing-as-a-service (PhaaS) kits have become an increasingly popular way for lower-skill individuals who want to get into cybercrime. Alexander Culafi Go to gbhackers.com

‘Scattered Lapsus$ Hunters,’ Others Announce End of Hacking Spree Though the groups have shared their decision to go dark, threat researchers say there are signs that it’s business as usual. Kristina Beek Go to gbhackers.com

AI-Powered Sign-up Fraud Is Scaling Fast The AI era means attackers are smarter, faster, and hitting you where you least expect it — your sign-up funnel. Go to gbhackers.com

North Korean Group Targets South With Military ID Deepfakes The North Korea-linked group Kimsuky used ChatGPT to create deepfakes of military ID documents in an attempt to compromise South Korean targets. Robert Lemos, Contributing Writer Go to gbhackers.com

Critical Bugs in Chaos Mesh Enable Cluster Takeover “Chaotic Deputy” is a set of four vulnerabilities in the chaos engineering platform that many organizations use to test the resilience of their Kubernetes environments. Jai Vijayan, Contributing Writer Go to gbhackers.com

Self-Replicating ‘Shai-hulud’ Worm Targets NPM Packages The newly emerged worm has spread across hundreds of open source software packages, stealing credentials and infecting other components without much direct attacker input. Alexander Culafi Go to gbhackers.com

‘Vane Viper’ Threat Group Tied to PropellerAds, Commercial Entities Researchers say the commercial adtech platform and several other companies form the infrastructure of a massive cybercrime operation. Rob Wright Go to gbhackers.com

Innovative FileFix Phishing Attack Proves Plenty Potent Highly deceptive FileFix uses code obfuscation and steganography and has been translated into at least 16 languages to power a global campaign. Nate Nelson, Contributing Writer Go to gbhackers.com

Emerging Yurei Ransomware Claims First Victims The cybercrime group, named after Japanese ghosts but believed to be from Morocco, uses a modified version of the Prince-Ransomware binary that includes a flaw allowing for partial data recovery. However, an extortion threat remains. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

SecurityScorecard Buys AI Automation Capabilities, Boosts Vendor Risk Management The company acquired HyperComply to help enterprises automate vendor security reviews and gain a real-time picture of the security of their entire supply chain. Fahmida Y. Rashid Go to gbhackers.com

KillSec Ransomware Hits Brazilian Healthcare Software Provider The ransomware gang breached a “major element” of the healthcare technology supply chain and stole sensitive patient data, according to researchers. Kristina Beek Go to gbhackers.com

FBI Warns of Threat Actors Hitting Salesforce Customers The FBI’s IC3 recently warned of two threat actors, UNC6040 and UNC6395, targeting Salesforce customers, separately and in tandem. Alexander Culafi Go to gbhackers.com

Building Resilient IT Infrastructure From the Start CISA’s Secure by Design planted a flag. Now, it’s on those who care about safeguarding systems to pick up the torch and take action to secure systems throughout the enterprise. Marene Allison, Lisa Umberger Go to gbhackers.com

French Advisory Sheds Light on Apple Spyware Activity CERT-FR’s advisory follows last month’s disclosure of a zero-day flaw Apple said was used in “sophisticated” attacks against targeted individuals. Rob Wright Go to gbhackers.com

Without Federal Help, Cyber Defense Is Up to the Rest of Us Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities. Riaz Lakhani Go to gbhackers.com

Undocumented Radios Found in Solar-Powered Devices The US Transportation Department reportedly warns that solar-powered devices used in highway infrastructure have undocumented radios. Is the risk real? Robert Lemos, Contributing Writer Go to gbhackers.com

Vyro AI Leak Reveals Poor Cyber Hygiene The data leak underscores the larger issue of proprietary or sensitive data being shared with GenAI by users who should know better. Kristina Beek Go to gbhackers.com

‘Gentlemen’ Ransomware Abuses Vulnerable Driver to Kill Security Gear By weaponizing the ThrottleStop.sys driver, attackers are disrupting antivirus and endpoint detection and response (EDR) systems. Rob Wright Go to gbhackers.com

Apple CarPlay RCE Exploit Left Unaddressed in Most Cars Even when a vulnerability is serious and a fix is available, actually securing cars is more difficult than one would hope. Nate Nelson, Contributing Writer Go to gbhackers.com

AI-Enhanced Malware Sports Super-Stealthy Tactics With legit sounding names, EvilAI’s “productivity” apps are reviving classic threats like Trojans while adding new evasion capabilities against modern antivirus defenses. Jai Vijayan, Contributing Writer Go to gbhackers.com

Vidar Infostealer Back with a Vengeance The pervasive Vidar infostealer has evolved with a suite of new evasion techniques and covert data exfiltration methods, according to researchers. Alexander Culafi Go to gbhackers.com

Russian APT Attacks Kazakhstan’s Largest Oil Company Researchers say a likely Russian APT used a compromised employee email account to attack Kazakhstan’s biggest company, though the oil and gas firm claims it was a pen test. Nate Nelson, Contributing Writer Go to gbhackers.com

Students Pose Inside Threat to Education Sector The threats may not be malicious, but they are more than many security teams can handle. Arielle Waldman Go to gbhackers.com

Chinese Hackers Allegedly Pose as US Lawmaker Chinese state-backed threat actors are suspected of posing as Michigan congressman John Moolenaar in a series of spearphishing attacks. Alexander Culafi Go to gbhackers.com

The Quiet Revolution in Kubernetes Security As Kubernetes becomes the foundation of enterprise infrastructure, the underlying operating system must evolve alongside it. Nigel Douglas Go to gbhackers.com

Southeast Asian Scam Centers Face More Financial Sanctions Firms cooperating with cybercrime syndicates in Burma and Cambodia face sanctions by the US government and enforcement actions by China, but the scams continue to grow. Robert Lemos, Contributing Writer Go to gbhackers.com

EoP Flaws Again Lead Microsoft Patch Day Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges. Jai Vijayan, Contributing Writer Go to gbhackers.com

Is the Browser Becoming the New Endpoint? While the jury is still out on whether the browser is the new endpoint, it’s clear that use has skyrocketed and security needs to align. Arielle Waldman Go to gbhackers.com

Salty2FA Takes Phishing Kits to Enterprise Level Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features. Elizabeth Montalbano, Contributing Writer Go to gbhackers.com

SentinelOne Announces Plans to Acquire Observo AI The combined company will help customers separate data ingestion from SIEM, to improve detection and performance. Kristina Beek Go to gbhackers.com

‘MostereRAT’ Malware Blends In, Blocks Security Tools A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems. Jai Vijayan, Contributing Writer Go to gbhackers.com

Salesloft Breached via GitHub Account Compromise The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens. Rob Wright Go to gbhackers.com

The Critical Failure in Vulnerability Management Organizations are seeking assistance to fix critical vulnerabilities. Solutions that orchestrate and automate network device protection put us on the right path. Amar Ramakrishnan Go to gbhackers.com

How Has IoT Security Changed Over the Past 5 Years? Experts agree there have been subtle improvements, with new laws and applied best practices, but there is still a long way to go. Arielle Waldman Go to gbhackers.com

Critical SAP S/4HANA Vulnerability Under Attack, Patch Now Exploitation of CVE-2025-42957 requires “minimal effort” and can result in a complete compromise of the SAP system and host OS, according to researchers. Rob Wright Go to gbhackers.com

Anyone Using Agentic AI Needs to Understand Toxic Flows The biggest vulnerabilities may lie at the boundaries of where the AI agent connects with the enterprise system. Ericka Chickowski, Contributing Writer Go to gbhackers.com

Embracing the Next Generation of Cybersecurity Talent Programs like student-run SOCs can expand our cybersecurity workforce and better secure our public and private entities for when, not if, cyberattacks occur. Bruce Johnson Go to gbhackers.com

Federal Cuts Put Local, State Agencies at Cyber-Risk Cyberattackers target local and state agencies, a problem as the Trump administration cuts cybersecurity funds and culls workers at federal security agencies. Robert Lemos, Contributing Writer Go to gbhackers.com

Bridgestone Americas Confirms Cyberattack Reports of disruptions at North American plants emerged earlier this week, though the nature of the attack on the tire manufacturer remains unclear. Kristina Beek Go to gbhackers.com

Sitecore Zero-Day Sparks New Round of ViewState Threats The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks. Rob Wright Go to gbhackers.com

Chinese Hackers Game Google to Boost Gambling Sites New threat actor “GhostRedirector” is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites. Jai Vijayan, Contributing Writer Go to gbhackers.com