darkreading

Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up.

VisionSpace Technologies' Andrzej Olchawa and Milenko Starcik discussed a set of vulnerabilities capable of ending space missions at the Black Hat USA 2025 News Desk.

The combined company will provide customers with enhanced AI-driven identity verification to counter agentic AI, deepfakes, synthetic fraud, and more.

We can strip attackers of their power by implementing layered defenses, ruthless patch management, and incident response that assumes failure and prioritizes transparency.

The uptick in breaches in Asia has prompted a Japanese chipmaker and the Singaporean government to require vendors to pass cybersecurity checks to do business.

This attack was seemingly more successful than the first iteration, causing disruptions at the plant.

Cybersecurity risks can come from everywhere, as these riveting Dark Reading News Desk videos detail. Check out Part 1 of our broadcast coverage of the top research presented at Black Hat USA 2025.

As more organizations integrate vibe coding and AI-assisted coding into their application development processes, it's important to remember to put security first.

The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.

Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" — and what that means for cyber-risk.

Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.

Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.

By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply chain attacks targeting interconnected software.

An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.

Why every company needs a clear, enforceable AI policy — now.

Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures.

The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system but did not gain access to customer information; only "commonly available" business contact info was exposed.

A more unified and behavior-aware approach to detection can significantly improve security outcomes.

A good chunk of all websites today have been affected by the biggest DDoS risk on the Web since 2023.

The vast majority of companies are using more than one cloud platform, yet struggle to establish and monitor security across different environments giving attackers an opening.