darkreading
'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
1 day 10 hours ago
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
Elizabeth Montalbano
Safe Events Start With Threat Intel and Digital Security
1 day 12 hours ago
Planning ahead to defend against cyber threats is the work that keeps events uneventful.
Olga Polishchuk
China-Linked Group Targets Southeast Asia Critical Systems
2 days ago
The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.
Robert Lemos
Fake Bug Report Hijacks AI Coding Agents at Scale
2 days 3 hours ago
"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.
Jai Vijayan
Attackers Seize Exposed AI Endpoints to Power Offensive Ops
2 days 4 hours ago
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Alexander Culafi
Why Identity Security Is Your Cyber Career Entry Point
2 days 6 hours ago
As AI reshapes cybersecurity workflows, John Paul Cunningham, CISO at SIlverfort, says the technology is creating opportunities rather than eliminating jobs — and there are more ways than ever to break into the essential field.
Kristina Beek
Phishers Gain Persistence at EU, Asia Hospitality Orgs
2 days 6 hours ago
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
Elizabeth Montalbano
AI-Generated Workflows Are a Silent Security Disaster
2 days 12 hours ago
Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.
Yelena Mujibur Sheikh
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
3 days 2 hours ago
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.
Rob Wright
'Djinn' Stealer Targets Cloud, AI Credentials
3 days 4 hours ago
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.
Jai Vijayan
Vulnerabilities Expose Private Data in Indian Government Systems
3 days 4 hours ago
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
Nate Nelson
Can Clothes Make You Invisible to Facial Recognition?
3 days 5 hours ago
Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.
Nate Nelson
Iran, Russia, China Target Water Systems for Sabotage
3 days 6 hours ago
Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
Alexander Culafi
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
3 days 13 hours ago
Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.
Elizabeth Montalbano
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
5 days 13 hours ago
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
Bree Fowler
AI Decline? Confidence in Autonomous Penetration Testing Falls
6 days 6 hours ago
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
Robert Lemos
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
6 days 8 hours ago
Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into the primary control plane.
Jeffrey Schwartz
New Initiative Tackles Security for End-of-Life Open Source Software
6 days 9 hours ago
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.
Arielle Waldman
AI Won't Wipe Out Entry-Level Cybersecurity Jobs
6 days 9 hours ago
Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.
Jon France
Checked
1 day 7 hours ago
Public RSS feed
darkreading feed