Go Back

World's Security Today

Last updated: 2025-12-29 14:29 Refresh now

From Mandiant

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

Fri, 12 Dec 2025 14:00:00 +0000

Written by: Aragorn Tseng, Robert Weiner, Casey Charrier, Zander Work, Genevieve Stark, Austin Larsen Introduction On Dec. 3, 2025, a critical unauthenticated remote code execution (RCE) vulnerability...
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue

Wed, 03 Dec 2025 14:00:00 +0000

Introduction Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, In...
Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks

Thu, 20 Nov 2025 14:00:00 +0000

Written by: Harsh Parashar, Tierra Duncan, Dan Perez Google Threat Intelligence Group (GTIG) is tracking a long-running and adaptive cyber espionage campaign by APT24, a People's Republic of China (PR...
Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem

Mon, 17 Nov 2025 14:00:00 +0000

Written by: Mohamed El-Banna, Daniel Lee, Mike Stokkel, Josh Goddard Overview Last year, Mandiant published a blog post highlighting suspected Iran-nexus espionage activity targeting the aerospace, av...
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study

Thu, 13 Nov 2025 14:00:00 +0000

Written by: Josh Stroschein, Jae Young Kim The prevalence of obfuscation and multi-stage layering in today’s malware often forces analysts into tedious and manual debugging sessions. For instance, the...
No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480

Mon, 10 Nov 2025 14:00:00 +0000

Written by: Stallone D'Souza, Praveeth DSouza, Bill Glynn, Kevin O'Flynn, Yash Gupta Welcome to the Frontline Bulletin Series Straight from Mandiant Threat Defense, the "Frontline Bulletin" series bri...
GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools

Wed, 05 Nov 2025 14:00:00 +0000

Executive Summary Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group (GTIG) has identified a shift that occurred within the last year: adversaries are no longer...
Preparing for Threats to Come: Cybersecurity Forecast 2026

Tue, 04 Nov 2025 14:00:00 +0000

Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released toda...
Keys to the Kingdom: A Defender's Guide to Privileged Account Monitoring

Tue, 28 Oct 2025 14:00:00 +0000

Written by: Bhavesh Dhake, Will Silverstone, Matthew Hitchcock, Aaron Fletcher The Criticality of Privileged Access in Today's Threat Landscape Privileged access stands as the most critical pathway fo...
Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials

Thu, 23 Oct 2025 14:00:00 +0000

Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings on legitimate platforms to target individua...
Pro-Russia Information Operations Leverage Russian Drone Incursions into Polish Airspace

Tue, 21 Oct 2025 14:00:00 +0000

Written by: Alden Wahlstrom, David Mainor Introduction Google Threat Intelligence Group (GTIG) observed multiple instances of pro-Russia information operations (IO) actors promoting narratives related...
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER

Mon, 20 Oct 2025 14:00:00 +0000

Written by: Wesley Shields Introduction COLDRIVER, a Russian state-sponsored threat group known for targeting high profile individuals in NGOs, policy advisors and dissidents, swiftly shifted operatio...
DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains

Thu, 16 Oct 2025 14:00:00 +0000

Written by: Blas Kojusner, Robert Wallace, Joseph Dobson Google Threat Intelligence Group (GTIG) has observed the North Korea (DPRK) threat actor UNC5342 using ‘EtherHiding’ to deliver malware and fac...
New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware

Thu, 16 Oct 2025 14:00:00 +0000

Written by: Mark Magee, Jose Hernandez, Bavi Sadayappan, Jessa Valdez Since late 2023, Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) have tracked UNC5142, a financially motivated...
Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Thu, 09 Oct 2025 14:00:00 +0000

Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Update (Oct. 11): On Oct. 11, Oracle released another patch, addressing CVE-2025-61884. Introductio...
Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations

Tue, 30 Sep 2025 14:00:00 +0000

Written by: Omar ElAhdan, Matthew McWhirt, Michael Rudden, Aswad Robinson, Bhavesh Dhake, Laith Al, Ravi Kumar Raja Update (Nov. 21): In response to the Salesforce advisory related to Gainsight applic...
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors

Wed, 24 Sep 2025 14:00:00 +0000

Written by: Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen Introduction Google Threat Intelligence Grou...
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690)

Wed, 03 Sep 2025 14:00:00 +0000

Written by: Rommel Joven, Josh Fleischer, Joseph Sciuto, Andi Slok, Choon Kiat Ng Update (September 3): This post was updated to include information about GoTokenTheft usage. In a recent investigation...
Widespread Data Theft Targets Salesforce Instances via Salesloft Drift

Tue, 26 Aug 2025 14:00:00 +0000

Written by: Austin Larsen, Matt Lin, Tyler McLellan, Omar ElAhdan Update (August 28) Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integr...
Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

Mon, 25 Aug 2025 14:00:00 +0000

Written by: Patrick Whitsell In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted ...

From Boannews

[2025 보안 사고·이슈 결산-13] 쿠팡 민낯 드러낸 3370만명 개인정보 유출

Mon, 29 Dec 2025 17:57:00 +0900

퇴사자 ‘인증키’ 하나에 뚫린 보안... 5개월간 3370만 명 무방비 노출비밀번호·결제 정보 제외됐지만, 2차 피해 우려 여전1조 6000억원 보상에 “정보 팔아 장사하나” 비판... 추락한 1위 플랫폼[보안뉴스 조재호 기자] 올해 대한민국은 ‘해킹의 해’라 해도 과언이 아닐 만큼 대형 해킹 사고가 줄줄이 터졌다. 이 중에서 3370만 명이라는, 사실상
“개인정보 대규모 유출하면 ISMS·ISMS-P 인증 취소” 정부, 정보보호 기준 대폭 강화

Mon, 29 Dec 2025 17:35:00 +0900

1000만명 이상 유출, 반복 위반, 고의, 중과실 경우 인증 유지 불가침해사고 직결 영역 집중 심사...형식적 관리체계 ‘퇴출 구조’로 전환[보안뉴스 여이레 기자] 정보보호 관리체계(ISMS) 및 개인정보보호 관리체계(ISMS-P) 인증을 받은 기업·기관이라도 대형 사고가 일어날 경우 부여한 인증을 취소할 수 있도록 인증 유지 기준이 엄격해진다. 대규모
“이용자 통화 탈취 위험 노출”... KT, 전체 이용자 위약금 면제 적용 가능

Mon, 29 Dec 2025 17:22:00 +0900

[3줄 요약]1. 민관합동조사단, KT·LG유플러스 침해사고 최종 조사결과 발표2. KT 과실 및 의무 이행 미흡으로 전체 이용자 위약금 면제 가능3. LG유플러스, 서버 폐기로 확인 불가능... 공무집행 방해 수사의뢰[보안뉴스 강현주 기자] KT의 펨토셀 관리 부실로 이용자 전체의 통화와 문자가 탈취 위험에 노출된 것으로 나타났다. KT의 펨토셀 보안 관
[쿠팡 해킹] “영업정지 여부 등 판단 계획”... 정부 범부처 전방위 압박

Mon, 29 Dec 2025 15:54:00 +0900

정부, “범정부 원팀으로 총력 대응”...영업정지도 고려[보안뉴스 강현주 기자] 정부가 쿠팡에 대해 영업정지 등을 거론하며 범부처 전방위 압박에 나섰다. 정부는 29일 배경훈 과학기술 부총리 주재로 열린 ‘쿠팡 사태 범정부TF’ 회의를 열었다. 이번 침해 및 개인정보 유출 사고에 대한 쿠팡의 대응을 강력하게 경고하고, 전방위적·종합적 대응에 나서기로 했다.
[글로벌 인터뷰] 이이지마 카츠노리 요꼬가와전기 사이버보안 사업부장

Mon, 29 Dec 2025 15:44:00 +0900

“OT 보안은 안정적 운영을 위한 투자, 비즈니스 연속성 측면에서도 매우 중요”요꼬가와전기, 보안 인식 제고부터 기술적 보안 솔루션까지 ‘OT 보안 서비스’ 지원한다[보안뉴스 원병철 기자] 요꼬가와전기는 산업 자동화 및 제어 분야 분야의 대표적인 글로벌 기업으로 측정, 제어 및 정보 기술을 활용해 사회적 과제를 해결하는 데 기여하고 있다. 특히 통합 브랜드
[국방보안 칼럼] 2026년 보안위협 전망: 드론 대량생산이 만든 새로운 공격 표면

Mon, 29 Dec 2025 15:40:00 +0900

드론 시대의 승부는 ‘기체’가 아니라 ‘공급망’에서 갈린다[보안뉴스= 김은영 LIG넥스원 기술위원] 러시아-우크라이나 전쟁은 드론을 정찰 보조 수단에서 전장의 게임 체인저로 바꿔 놓았다. FPV(자폭·투하) 드론은 포병과 대전차 전력의 공백을 메우며, 정찰·타격·전자전(EW) 탐지까지 하나의 체계로 묶였다. 그 결과 드론은 더 이상 고가의 정밀 무기가 아니
[IP포토] 지재처, 특허법조약(PLT) TF 착수회의 개최

Mon, 29 Dec 2025 15:33:00 +0900

지식재산처는 29일 오후 대전시 서구 정부대전청사 중회의실에서 ‘특허법조약(PLT) TF 착수회의’를 가졌다. 이날 회의에서는 PLT 가입을 위한 법령 정비 및 정보시스템 개편 범위 등 주요 쟁점을 중심으로, 향후 추진 일정과 부서별 역할에 대한 논의가 이뤄졌다. TF는 향후 세부 이행과제 검토를 중심으로 논의를 이어간다. 정연우 지재처 특허심사기획국장(앞
IT 전문매체 와이어드 구독자 230만명 개인정보 다크웹 유출

Mon, 29 Dec 2025 15:20:00 +0900

비인가 객체 참조(IDOR) 취약점 악용해 230만명 개인정보 탈취통합 로그인 구조로 계열사 연쇄 피해 우려...피싱·스와팅 위험도 증가[보안뉴스 김형근 기자] 글로벌 미디어 그룹 콘데나스트(Condé Nast) 산하 IT 전문 매체 와이어드(WIRED)가 해커의 공격을 받아 약 230만명의 구독자 기록이 유출되는 보안 사고를 당했다. ‘러블리’(
과기정통부, 카카오 ‘카나나’ 대상 국내 첫 인공지능 안전성 평가

Mon, 29 Dec 2025 14:33:00 +0900

AI안전연구소·TTA 공동 수행, 내년 AI 기본법 시행 대비 선제 점검한국어 기반 ‘AssurAI’ 데이터셋으로 35개 위험 영역 평가[보안뉴스 여이레 기자] 과학기술정보통신부는 29일 카카오의 AI 모델 ‘카나나’(Kanana)에 대한 국내 첫 AI 안전성 평가를 실시했다고 밝혔다. 이번 평가는 국내 인공지능(AI) 기술의 신뢰성과 안전성 확보를 위해
SGA솔루션즈, 크레온유니티 인수로 ‘보안·운영 융합’ 새 성장 축 마련

Mon, 29 Dec 2025 14:25:00 +0900

자회사 액시스인베스트먼트·IBK벤처투자 공동 GP 참여그룹 내 캡티브 매출 전환·신시장 확장 등 3대 성장 드라이브 가동[보안뉴스 여이레 기자] SGA솔루션즈가 금융 IT 운영 전문 기업 크레온유니티를 인수하며 그룹 성장 전략에 새로운 축을 더했다. SGA솔루션즈는 29일 자회사 액시스인베스트먼트와 IBK벤처투자가 공동 대표집행사(GP)로 참여한 투자조합을

From Theori

Announcing Xint Code

Tue, 16 Dec 2025 00:43:33 GMT

Real Vulnerabilities. Actionable Results.
Building Effective LLM Agents | AI Cyber Challenge

Fri, 08 Aug 2025 19:28:00 GMT

How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC)
AI Cyber Challenge and Theori's RoboDuck

Fri, 08 Aug 2025 19:27:40 GMT

An introduction to DARPA's AI Cyber Challnge and Theori's third place cyber reasoning system
Inside the brain of a hacking robot: Exploring traces | AI Cyber Challenge

Fri, 08 Aug 2025 19:25:46 GMT

Agent trajectory walkthroughs of a fully autonomous hacking system
How to Identify Phishing Scams

Mon, 28 Apr 2025 23:00:00 GMT

Learn how to spot phishing scams with expert tips recognizing suspicious emails, SMS, and fraudulent request for personal information.
Importance of Continuous Security: Lessons from the Bybit Case

Thu, 27 Mar 2025 06:38:06 GMT

In this article, we briefly look at the circumstances of the Bybit incident and discuss what countermeasures could have been implemented. Then, we discuss the limitations of current solutions and how Xint resolves them.
Reviving the modprobe_path Technique: Overcoming search_binary_handler() Patch

Sat, 15 Mar 2025 08:52:16 GMT

A new approach to the Overwriting modprobe_path technique is introduced, addressing changes in the Upstream kernel that prevent triggering via dummy files.
Four Ways to Protect Your Legacy with Theori’s Cybersecurity Solutions

Sun, 16 Feb 2025 15:00:00 GMT

Discover the top cybersecurity threats for 2025 and how Theori's innovative solutions can safeguard your business from evolving cyber risks and costly data breaches.
DeepSeek Security, Privacy, and Governance: Hidden Risks in Open-Source AI

Thu, 06 Feb 2025 15:00:00 GMT

This post examines DeepSeek's security gaps, privacy practices, and open-source AI risks, offering practical advice for users and developers.
The True Cost of Siloed Security Tools

Fri, 20 Dec 2024 09:00:00 GMT

Security silos occur when different security tools, teams, or systems operate in isolation, unable to effectively share data or communicate.
Finding Vulnerabilities in Firmware with Static Analysis Platform QueryX

Wed, 06 Nov 2024 15:00:00 GMT

QueryX, Theori’s program analysis platform, automates variant analysis for vulnerability detection. Learn how its taint analysis module uncovered CVE-2023-39471.
Side Effects: When Continuous Development Introduces Security Threats

Mon, 04 Nov 2024 09:00:00 GMT

Dive into five significant security risks that emerged as unintended consequences of new feature development.
Top 5 Features Your ASM Solution Must Have

Thu, 24 Oct 2024 09:00:00 GMT

So you know what ASM is and why you need it — but which features are crucial? Here’s the run down.
Offensive Security with Large Language Models (2)

Mon, 30 Sep 2024 09:00:00 GMT

How LLMs are changing the game for static analysis — especially when source code is available.
Offensive Security with Large Language Models (1)

Fri, 27 Sep 2024 09:00:00 GMT

Applications of larage language models in offensive security
Winning the AIxCC Qualification Round

Mon, 23 Sep 2024 15:00:00 GMT

Theori’s Cyber Reasoning System (CRS) “Robo Duck” not only cleared the bar to get us $2M and a spot at the AIxCC finals in 2025, it also got the first place among all the submissions in the highly competitive event.
Top Penetration Testing Solutions for IT Security: 2024 Guide

Wed, 11 Sep 2024 09:00:00 GMT

The top 7penetration testing tools of 2024 for hackers and for businesses.
Deep Dive into RCU Race Condition: Analysis of TCP-AO UAF (CVE-2024–27394)

Tue, 03 Sep 2024 15:00:00 GMT

CVE-2024-27394 is a TCP-AO Use-After-Free vulnerability caused by improper RCU API usage. Read the in-depth analysis and reliable triggering technique.
Offensive Security vs. Defensive Security: Navigating the Two Pillars of Cybersecurity

Fri, 30 Aug 2024 09:00:00 GMT

Explore how offensive and defensive security strategies work together to protect against cyber threats.
A Deep Dive into the CoSoSys EndPoint Protector Exploit: Remote Code Execution

Thu, 29 Aug 2024 15:00:00 GMT

Four critical RCE vulnerabilities (CVE-2024-36072 to CVE-2024-36075) in CoSoSys Endpoint Protector were identified, allowing full server and client compromise. Read the full analysis.
Chaining N-days to Compromise All: Part 6 — Windows Kernel LPE: Get SYSTEM

Tue, 21 May 2024 15:00:00 GMT

The final part of the N-day exploit series analyzes CVE-2023-36802, a privilege escalation vulnerability in mskssrv.sys, used to gain SYSTEM access on a VMware host.
Chaining N-days to Compromise All: Part 5 — VMware Workstation Guest-to-Host Escape

Thu, 02 May 2024 15:00:00 GMT

CVE-2023-20869 was exploited to achieve arbitrary code execution on a VMware host from a guest system. Read the full technical analysis.
Chaining N-days to Compromise All: Part 4 — VMware Workstation Information leakage

Wed, 17 Apr 2024 15:00:00 GMT

CVE-2023-34044, a variant of CVE-2023-20870, was exploited to extract critical information from a VMware host process. Read the in-depth analysis.
Chaining N-days to Compromise All: Part 3 — Windows Driver LPE: Medium to System

Mon, 08 Apr 2024 15:00:00 GMT

CVE-2023-29360, a logic bug in the mskssrv.sys driver, was exploited to escalate privileges to SYSTEM in a 1-day full chain attack. Read the detailed breakdown.
Chaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape)

Sun, 31 Mar 2024 15:00:00 GMT

CVE-2023-21674, a Windows kernel UAF vulnerability, was used to escape the Chrome sandbox in a 1-day full chain exploit. Read the detailed analysis.
Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE

Sun, 17 Mar 2024 15:00:00 GMT

This post begins our series on the 1-day exploit chain demoed on X, focusing on a Chrome renderer exploit, CVE-2023-3079, a type confusion bug in V8.
Fermium-252 : The Cyber Threat Intelligence Database

Sun, 03 Mar 2024 15:00:00 GMT

Fermium-252 is a premier vulnerability intelligence platform providing real-time tracking of 1-day exploits, PoCs, and in-depth reports. Stay ahead of cyber threats with our expert analysis.
A Deep Dive into V8 Sandbox Escape Technique Used in In-The-Wild Exploit

Thu, 25 Jan 2024 15:00:00 GMT

We bypassed the V8 sandbox using a raw pointer in WasmIndirectFunctionTable, enabling arbitrary write and code execution. Read our deep dive into the exploit.
Exploiting Windows Kernel Wild Copy With User Fault Handling (CVE-2023–28218)

Thu, 09 Nov 2023 15:00:00 GMT

At Hexacon 2023, we presented our Windows kernel security research, uncovering CVE-2023-28218, a heap overflow in afd.sys. Read our exploit analysis and methodology.
NEAT and NES Algorithms

Thu, 20 Apr 2023 15:00:00 GMT

We reverse-engineered NEAT and NES, two unpublished symmetric encryption algorithms from South Korea’s GPKI cryptography library. Read our analysis and implementations.
Linux Kernel Exploit (CVE-2022–32250) with mqueue

Tue, 23 Aug 2022 15:00:00 GMT

We exploited CVE-2022-32250, a use-after-free vulnerability in Linux Netfilter, to achieve root on Ubuntu 22.04. Learn how we bypassed KASLR and modified modprobe_path.
Binary-searching into CVMServer

Thu, 16 Jun 2022 15:00:00 GMT

While analyzing the patch for CVE-2021-30724, we discovered a new uninitialized memory vulnerability (CVE-2022-26721) in macOS's CVMServer. Read our exploitation insights.
Exploiting Safari’s ANGLE Component

Tue, 17 May 2022 15:00:00 GMT

We discovered CVE-2022-26717, an exploitable bug in WebKit's WebGL component affecting Safari on macOS and iOS. Read our analysis and exploitation methodology.
Patch Gapping a Safari Type Confusion

Mon, 24 May 2021 15:00:00 GMT

Safari 14.1 introduced AudioWorklets, but a newly patched type confusion bug left iOS versions vulnerable for weeks. We share our root cause analysis and exploit details.
Compromising virtualization without attacking the hypervisor

Tue, 20 Oct 2020 15:00:00 GMT

Discover CVE-2020-27675 (XSA-331), a denial-of-service and potential out-of-bounds write vulnerability in the Xen paravirtualization driver, and learn how it can impact virtualization security.
Cleanly Escaping the Chrome Sandbox

Sun, 19 Apr 2020 15:00:00 GMT

Learn how we discovered and exploited Issue 1062091, a use-after-free (UAF) vulnerability in Chrome and Chromium-based Edge, leading to a sandbox escape.
Receiving NRSC-5

Thu, 08 Jun 2017 15:00:00 GMT

We have implemented an NRSC-5-C digital radio receiver and released it as open source on GitHub. Explore IBOC-based hybrid broadcasting and security research opportunities.
Chakra JIT CFG Bypass

Tue, 13 Dec 2016 15:00:00 GMT

Learn how attackers bypassed Microsoft's Control Flow Guard (CFG) in Internet Explorer and Edge. We break down our PoC exploit, mitigation bypass, and the MS16-119 patch details.
Patch Analysis of MS16–063 (jscript9.dll)

Sun, 26 Jun 2016 15:00:00 GMT

Microsoft's MS16-063 patch fixed a critical memory corruption vulnerability in jscript9.dll (TypedArray & DataView) affecting Internet Explorer. Read our analysis, vulnerability breakdown, and PoC exploit.
Patch Analysis of CVE-2016–0189

Tue, 21 Jun 2016 15:00:00 GMT

Microsoft's MS16-051 patch addressed a critical Internet Explorer vulnerability (CVE-2016-0189) exploited in South Korea. Explore our in-depth analysis, patch breakdown, and proof-of-concept exploit.

From Dark Reading

SBOMs in 2026: Some Love, Some Hate, Much Ambivalence

Mon, 29 Dec 2025 14:51:59 GMT

With a new year upon us, software and cybersecurity experts disagree on the utility of software bill of materials — in theory, SBOMs are great, but in practice, they're a mess.
5 Threats That Defined Security in 2025

Mon, 29 Dec 2025 14:00:00 GMT

2025 included a number of monumental threats, from the global attacks of Salt Typhoon to dangerous vulnerabilities like React2Shell.
Mentorship and Diversity: Shaping the Next Generation of Cyber Experts

Fri, 26 Dec 2025 15:15:00 GMT

Patricia Voight, CISO at Webster Bank, shares her expertise on advancing cybersecurity careers, combating financial crimes, and championing diversity in a rapidly changing industry.
As More Coders Adopt AI Agents, Security Pitfalls Lurk in 2026

Fri, 26 Dec 2025 13:04:07 GMT

Developers are leaning more heavily on AI for code generation, but in 2026, the development pipeline and security need to be prioritized.
Dark Reading Opens The State of Application Security Survey

Fri, 26 Dec 2025 12:00:48 GMT

Take part in the new survey from Dark Reading and help uncover trends, challenges, and solutions shaping the future of application security.
Industry Continues to Push Back on HIPAA Security Rule Overhaul

Tue, 23 Dec 2025 20:22:19 GMT

Healthcare cyberattacks are on the rise, but industry organizations say the proposed changes to the security rules fall short of what's needed.
ServiceNow Buys Armis for $7.75B, Boosts 'AI Control Tower'

Tue, 23 Dec 2025 20:03:15 GMT

Its latest cybersecurity acquisition will help further ServiceNow's plans for autonomous cybersecurity, and building a security stack to proactively manage AI.
Amazon Fends Off 1,800 Suspected DPRK IT Job Scammers

Tue, 23 Dec 2025 17:42:50 GMT

The tech giant has been beset by a deluge of state-sponsored North Korean operatives, showcasing the sheer scale of the IT worker scam problem.
Sprawling 'Operation Sentinel' Neutralizes African Cybercrime Syndicates

Tue, 23 Dec 2025 17:16:35 GMT

Interpol said law enforcement across 19 countries made 574 arrests and recovered $3 million, against a backdrop of spiraling cybercrime in the region, including business email compromise, digital extortion, and ransomware schemes.
Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices

Mon, 22 Dec 2025 20:29:34 GMT

With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors whose products have been targeted in recent weeks.
Uzbek Users Under Attack by Android SMS-Stealers

Mon, 22 Dec 2025 17:07:10 GMT

Telegram users in Uzbekistan are being targeted with Android SMS-stealer malware, and what's worse, the attackers are improving their methods.
Cisco VPNs, Email Services Hit in Separate Threat Campaigns

Fri, 19 Dec 2025 20:05:38 GMT

The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart.
LongNosedGoblin Caught Snooping on Asian Governments

Fri, 19 Dec 2025 16:38:48 GMT

New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan.
Identity Fraud Among Home-Care Workers Puts Patients at Risk

Fri, 19 Dec 2025 15:04:50 GMT

Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication.
A Cybersecurity Playbook for AI Adoption

Fri, 19 Dec 2025 14:00:00 GMT

AI adds real value to cybersecurity today, but it cannot yet serve as a single security guardian. Here's how organizations can safely combine AI-driven analysis with deterministic rules and proven security practices.
A Good Year for North Korean Cybercriminals

Fri, 19 Dec 2025 14:00:00 GMT

North Korea shifted its strategy to patiently target "bigger fish" for larger payouts, using sophisticated methods to execute attacks at opportune times.
SonicWall Edge Access Devices Hit by Zero-Day Attacks

Thu, 18 Dec 2025 22:25:46 GMT

In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year.
Dark Reading Confidential: Stop Secrets Creep Across Developer Platforms

Thu, 18 Dec 2025 18:55:13 GMT

Dark Reading Confidential Episode 13: Developers are exposing their organizations' most sensitive information; our guests explain why it's happening and how to stop it.
Dormant Iran APT is Still Alive, Spying on Dissidents

Thu, 18 Dec 2025 13:00:00 GMT

"Prince of Persia" has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-control server.
Critical Fortinet Flaws Under Active Attack

Wed, 17 Dec 2025 22:44:38 GMT

Attackers are targeting admin accounts, and once authenticated, exporting device configurations including hashed credentials and other sensitive information.
In Cybersecurity, Claude Leaves Other LLMs in the Dust

Wed, 17 Dec 2025 22:01:58 GMT

Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.
'Cellik' Android RAT Leverages Google Play Store

Wed, 17 Dec 2025 21:38:50 GMT

The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity

Wed, 17 Dec 2025 21:14:12 GMT

The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. (First in a three-part series.)
'Fake Proof' and AI Slop Hobble Defenders

Wed, 17 Dec 2025 20:58:31 GMT

In the React2Shell saga, nonworking and trivial proof-of-concept exploits led to confusion and perhaps a false sense of security. Can the onslaught of PoCs be tamed?
The Future of Quantum-Safe Networks Depends on Interoperable Standards

Wed, 17 Dec 2025 20:46:43 GMT

As quantum computing advances, secure, interoperable standards will be critical to making quantum key distribution (QKD) practical, trusted, and future-proof.
Attackers Use Stolen AWS Credentials in Cryptomining Campaign

Wed, 17 Dec 2025 16:33:22 GMT

Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation

Wed, 17 Dec 2025 07:00:00 GMT

Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.
Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps

Tue, 16 Dec 2025 22:53:00 GMT

A high-school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders.
Why You Should Train Your SOC Like a Triathlete

Tue, 16 Dec 2025 22:20:33 GMT

The key elements in a security operations center's strategy map align closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their "inputs" are strong.
Venezuelan Oil Company Downplays Alleged US Cyberattack

Tue, 16 Dec 2025 20:33:16 GMT

But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company.
Russia Hits Critical Orgs Via Misconfigured Edge Devices

Tue, 16 Dec 2025 20:03:15 GMT

Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector.
Browser Extension Harvests 8M Users' AI Chatbot Data

Tue, 16 Dec 2025 16:14:01 GMT

Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot, and other AI assistants.
Enterprises Gear Up Ahead of 2026's IT Transformation Shift

Tue, 16 Dec 2025 15:08:23 GMT

Experts predict big changes are coming for IT infrastructure in 2026, driven by AI adoption, hybrid cloud strategies, and evolving security demands.
How Cyber Insurance MGAs Shape Policies for Evolving Cyber-Risks

Mon, 15 Dec 2025 22:28:47 GMT

Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with.
Apple Patches More Zero-Days Used in 'Sophisticated' Attack

Mon, 15 Dec 2025 21:25:20 GMT

Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.
Think Like an Attacker: Cybersecurity Tips From a CISO

Mon, 15 Dec 2025 20:07:48 GMT

Etay Maor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity.
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files

Mon, 15 Dec 2025 15:33:15 GMT

A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.
The CISO-COO Partnership: Protecting Operational Excellence

Fri, 12 Dec 2025 21:12:13 GMT

Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISOs and COOs.
React2Shell Exploits Flood the Internet as Attacks Continue

Fri, 12 Dec 2025 20:11:43 GMT

As exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web application firewall (WAF) rules.
Vibe Coding: Innovation Demands Vigilance

Fri, 12 Dec 2025 20:07:23 GMT

Unmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers.
Microsoft Will Bundle Security Copilot With M365 Enterprise Licenses

Fri, 12 Dec 2025 19:32:42 GMT

The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.
Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Fri, 12 Dec 2025 18:37:53 GMT

At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
Are Trade Concerns Trumping US Cybersecurity?

Fri, 12 Dec 2025 14:00:00 GMT

The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.
Hamas-Linked Hackers Probe Middle Eastern Diplomats

Fri, 12 Dec 2025 07:00:00 GMT

Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.
Money Mules Require Banks to Switch From Defense to Offense

Thu, 11 Dec 2025 23:13:38 GMT

Financial institutions must be proactive when identifying and preventing fraudulent activity. Here are five "mule personas" to watch for.
Encouraging Industry Voices to Write for the Commentary Section

Thu, 11 Dec 2025 22:48:10 GMT

Dark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.
Attackers Exploited Gogs Zero-Day Flaw for Months

Thu, 11 Dec 2025 20:11:43 GMT

Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.
AI in OT Sparks Cascade of Complex Challenges

Thu, 11 Dec 2025 14:50:59 GMT

Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.
Copilot's No-Code AI Agents Liable to Leak Company Data

Thu, 11 Dec 2025 10:00:00 GMT

Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
Storm-0249 Abuses EDR Processes in Stealthy Attacks

Wed, 10 Dec 2025 21:59:32 GMT

The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.

From Cyber Security News

Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks

Mon, 29 Dec 2025 17:55:43 +0000

Public reports about cyberattacks often present a polished picture—threat actors working methodically through a well-planned playbook with every action perfectly executed. This perception leads many to believe that modern attackers operate with machine-like precision, seamlessly moving from one objective to another without facing obstacles. However, this narrative masks a much different reality that becomes clear […] The post Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks appeared first on Cyber Security News.
2.5 Million+ Malicious Request From Hackers Attacking Adobe ColdFusion Servers

Mon, 29 Dec 2025 15:25:37 +0000

A coordinated exploitation campaign that generated more than 2.5 million malicious requests against Adobe ColdFusion servers and 47+ other technology platforms during the Christmas 2025 holiday period. The operation was attributed to a single threat actor operating from Japan-based infrastructure. This indicates an advanced scanning effort by attackers seeking both legacy and new vulnerabilities dating […] The post 2.5 Million+ Malicious Request From Hackers Attacking Adobe ColdFusion Servers appeared first on Cyber Security News.
New Vulnerabilities in Bluetooth Headphones Let Hackers Hijack Connected Smartphone

Mon, 29 Dec 2025 15:19:19 +0000

Security researchers have disclosed critical vulnerabilities affecting widely used Bluetooth headphones and earbuds that could allow attackers to eavesdrop on conversations, steal sensitive data, and even hijack connected smartphones. The flaws, identified as CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702, impact devices powered by Airoha Bluetooth System-on-Chips (SoCs), which are used by major manufacturers including Sony, Bose, JBL, […] The post New Vulnerabilities in Bluetooth Headphones Let Hackers Hijack Connected Smartphone appeared first on Cyber Security News.
Hacktivist Proxy Operations Emerge as a Repeatable Model of Geopolitical Cyber Pressure

Mon, 29 Dec 2025 15:04:58 +0000

A new form of cyber disruption is reshaping the landscape of modern conflict. Hacktivist groups are increasingly operating as strategic instruments of state pressure, launching coordinated attacks that align perfectly with geopolitical events such as sanctions announcements and military aid declarations. Unlike traditional cybercrime or isolated digital activism, these operations follow a consistent, repeatable pattern […] The post Hacktivist Proxy Operations Emerge as a Repeatable Model of Geopolitical Cyber Pressure appeared first on Cyber Security News.
Hacker Threw MacBook in River to Erase Evidence in Coupang Data Breach

Mon, 29 Dec 2025 14:15:29 +0000

In a desperate attempt to cover his tracks, the hacker behind Coupang’s massive personal data leak hurled his MacBook Air into a nearby river, only for company investigators to fish it out days later. This cinematic twist emerged as South Korean e-commerce giant Coupang detailed its government-directed probe into the breach affecting 33.7 million customers, […] The post Hacker Threw MacBook in River to Erase Evidence in Coupang Data Breach appeared first on Cyber Security News.
Windows LPE Vulnerabilities via Kernel Drivers and Named Pipes Allows Privilege Escalation

Mon, 29 Dec 2025 10:37:11 +0000

Security researchers are increasingly focusing on privilege escalation attacks through two primary Windows attack surfaces: kernel drivers and named pipes. These vectors exploit fundamental trust boundary weaknesses between the user and kernel modes. Enabling attackers to escalate from standard user privileges to SYSTEM-level access. Kernel drivers present a significant LPE attack surface due to insufficient […] The post Windows LPE Vulnerabilities via Kernel Drivers and Named Pipes Allows Privilege Escalation appeared first on Cyber Security News.
MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

Mon, 29 Dec 2025 08:24:05 +0000

An open-source detection tool to help organizations identify potential exploitation of MongoBleed (CVE-2025-14847), a critical memory disclosure vulnerability affecting MongoDB databases. The vulnerability allows attackers to extract sensitive information, including credentials, session tokens, and personally identifiable information, directly from server memory without requiring authentication. The flaw exists in MongoDB’s zlib decompression mechanism and affects versions […] The post MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847) appeared first on Cyber Security News.
OpenAI Hardened ChatGPT Atlas Against Prompt Injection Attacks

Mon, 29 Dec 2025 07:56:15 +0000

OpenAI has rolled out a critical security update to ChatGPT Atlas, its browser-based AI agent, introducing advanced defenses against prompt injection attacks. The update marks a significant step in protecting users from emerging adversarial threats targeting agentic AI systems. What Are Prompt Injection Attacks? Prompt injection attacks exploit AI agents by embedding malicious instructions into […] The post OpenAI Hardened ChatGPT Atlas Against Prompt Injection Attacks appeared first on Cyber Security News.
Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records

Mon, 29 Dec 2025 02:48:14 +0000

Hackers have leaked a database containing over 2.3 million WIRED subscriber records, marking a major breach at Condé Nast, the parent company. The threat actor “Lovely” claims this is just the start, promising to release up to 40 million more records from brands like Vogue and The New Yorker. The data dump, posted on hacking […] The post Hackers Claim Breach of WIRED Database Containing 2.3 million Subscriber Records appeared first on Cyber Security News.
MongoBleed (CVE-2025-14847) Now Exploited in the Wild: MongoDB Servers at Critical Risk

Sun, 28 Dec 2025 15:43:33 +0000

A high-severity unauthenticated information-leak vulnerability in MongoDB Server, dubbed MongoBleed after the infamous Heartbleed bug, is now being actively exploited in real-world attacks. MongoDB has disclosed CVE-2025-14847, a critical flaw affecting multiple supported and legacy server versions that allows unauthenticated remote attackers to exfiltrate sensitive data and authentication credentials from vulnerable instances. MongoBleed stems from […] The post MongoBleed (CVE-2025-14847) Now Exploited in the Wild: MongoDB Servers at Critical Risk appeared first on Cyber Security News.