Skip to main content
← All Tags

Cybersecurity

627 articles in this category (Page 7 of 27)

AI NewsCybersecurityThreat Intelligence

China-Linked Amaranth-Dragon and Mustang Panda Exploit WinRAR Flaw in Espionage Campaigns

China-linked threat actors Amaranth-Dragon and Mustang Panda target Southeast Asian governments using WinRAR exploit and PlugX phishing lures, affecting at least 6 countries.

Read more
AI NewsCybersecurityVulnerability Management

CISA Flags Actively Exploited SolarWinds Web Help Desk RCE

CISA adds SolarWinds Web Help Desk RCE flaw to KEV catalog with a CVSS score of 9.8, ordering federal agencies to patch by February 2026.

Read more
AI NewsCybersecurityRansomware

CISA's Hidden Ransomware Updates to KEV Catalog

A third of the 'flipped' CVEs affect edge devices, leading to increased ransomware risk with 59 vulnerabilities updated in 2025.

Read more
AI NewsCybersecurityMalware Analysis

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

DEAD#VAX campaign delivers AsyncRAT via IPFS-hosted VHD phishing files with a stealthy, fileless approach, evading traditional detection mechanisms.

Read more
AI NewsCybersecurityOpen Source

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk by up to 90%.

Read more
AI NewsCybersecurityLatin America

Announcing DR Global Latin America

Dark Reading launches a new content section for Latin American readers, featuring news, analysis, and multimedia on cybersecurity.

Read more
AI NewsDevOpsCybersecurity

Leveraging DevOps and Open Source Tools to Detect Phishing Patterns

Detecting phishing patterns with a 95% success rate using DevOps and open source tools.

Read more
AI NewsArtificial IntelligenceCybersecurity

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Microsoft develops a scanner that detects backdoors in open-weight LLMs with a low false positive rate, improving AI model security.

Read more
AI NewsCybersecurityMalware

Microsoft Warns of Python Infostealers Targeting macOS

Python infostealers are spreading to macOS via fake ads and installers, stealing credentials and financial data at scale.

Read more
AI NewsIncident ResponseCybersecurity

The First 90 Seconds of Incident Response

Early incident response decisions determine investigation success, with evidence preservation and logging visibility being key to resolving incidents efficiently.

Read more
AI NewsCybersecurityDocker

Docker Patches Critical Ask Gordon AI Flaw Enabling Code Execution

Docker fixes a critical Ask Gordon AI flaw allowing code execution and data theft via malicious image metadata in version 4.50.0, impacting Docker Desktop and CLI.

Read more
AI NewsCybersecuritySoftware Development

GlassWorm Malware Returns to Shatter Developer Ecosystems

The self-replicating GlassWorm malware has poisoned a fresh set of Open VSX software components, accumulating over 22,000 downloads prior to removal.

Read more
AI NewsCybersecurityReact Native

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Active attacks exploit Metro4Shell (CVE-2025-11953) with a CVSS score of 9.8, allowing remote unauthenticated attackers to execute arbitrary operating system commands.

Read more
AI NewsCybersecurityDevOps

Leveraging Docker for Real-Time Phishing Pattern Detection

Docker provides a 99.9% uptime solution for real-time phishing pattern detection during high traffic events.

Read more
AI NewsCybersecuritySoftware Security

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom

Notepad++ hosting breach attributed to China-linked Lotus Blossom hacking group, delivering Chrysalis backdoor via hijacked updates.

Read more
AI NewsCloud ComputingCybersecurity

Cloud Outages and Identity Systems: Critical Failure Points

Cloud outages expose identity systems as critical failure points, with 75% of organizations experiencing identity-related downtime in the last year.

Read more
AI NewsCybersecurityPenetration Testing

County Pays $600K to Wrongfully Jailed Pen Testers

Iowa county pays $600,000 settlement to two penetration testers wrongfully jailed in 2019 for performing a security evaluation.

Read more
AI NewsCybersecurityMalware

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

Attackers breached eScan antivirus update infrastructure to push malicious updates, deploying persistent malware on enterprise and consumer systems, affecting hundreds of machines globally.

Read more
AI NewsCybersecurityMalware

Notepad++ Update Mechanism Hijacked to Deliver Malware

State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.

Read more
AI NewsCybersecurityOpen-Source Software

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking, with a CVSS score of 8.8.

Read more
AI NewsCybersecurityMalware

Researchers Uncover 341 Malicious ClawHub Skills Targeting OpenClaw Users

A security audit reveals 341 malicious skills on ClawHub, exposing OpenClaw users to data theft and malware attacks.

Read more
AI NewsCybersecurityThreat Lifecycle Management

Securing Mid-Market Organizations Across the Complete Threat Lifecycle

Mid-market organizations can reduce cyber risk by 30% by combining prevention, detection, response, and MDR into a unified security platform.

Read more
AI NewsCybersecuritySaaS

ShinyHunters Expands SaaS Extortion Attacks to Microsoft 365, Slack

ShinyHunters has expanded its extortion attacks to various SaaS environments, including Microsoft 365 and Slack, using voice phishing and credential harvesting to compromise targeted organizations.

Read more
AI NewsCybersecurityProxy Networks

Google Disrupts IPIDEA Residential Proxy Network, Reduces Available Pool by Millions

Google cripples IPIDEA, a massive residential proxy network, by seizing domains used as command-and-control for devices, reducing its available pool of devices by millions.

Read more