darkreading
'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
4 hours ago
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
Elizabeth Montalbano
Safe Events Start With Threat Intel and Digital Security
6 hours 17 minutes ago
Planning ahead to defend against cyber threats is the work that keeps events uneventful.
Olga Polishchuk
China-Linked Group Targets Southeast Asia Critical Systems
18 hours 17 minutes ago
The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.
Robert Lemos
Fake Bug Report Hijacks AI Coding Agents at Scale
21 hours 39 minutes ago
"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.
Jai Vijayan
Attackers Seize Exposed AI Endpoints to Power Offensive Ops
22 hours 15 minutes ago
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Alexander Culafi
Why Identity Security Is Your Cyber Career Entry Point
1 day ago
As AI reshapes cybersecurity workflows, John Paul Cunningham, CISO at SIlverfort, says the technology is creating opportunities rather than eliminating jobs — and there are more ways than ever to break into the essential field.
Kristina Beek
Phishers Gain Persistence at EU, Asia Hospitality Orgs
1 day ago
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
Elizabeth Montalbano
AI-Generated Workflows Are a Silent Security Disaster
1 day 6 hours ago
Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.
Yelena Mujibur Sheikh
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
1 day 20 hours ago
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.
Rob Wright
'Djinn' Stealer Targets Cloud, AI Credentials
1 day 21 hours ago
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.
Jai Vijayan
Vulnerabilities Expose Private Data in Indian Government Systems
1 day 22 hours ago
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
Nate Nelson
Can Clothes Make You Invisible to Facial Recognition?
1 day 23 hours ago
Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.
Nate Nelson
Iran, Russia, China Target Water Systems for Sabotage
2 days ago
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
Alexander Culafi
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
2 days 7 hours ago
Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.
Elizabeth Montalbano
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
4 days 7 hours ago
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
Bree Fowler
AI Decline? Confidence in Autonomous Penetration Testing Falls
5 days ago
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
Robert Lemos
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
5 days 1 hour ago
Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into the primary control plane.
Jeffrey Schwartz
New Initiative Tackles Security for End-of-Life Open Source Software
5 days 2 hours ago
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.
Arielle Waldman
AI Won't Wipe Out Entry-Level Cybersecurity Jobs
5 days 3 hours ago
Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.
Jon France
Checked
1 hour 40 minutes ago
Public RSS feed
darkreading feed