darkreading

A new ClickFix variant ratchets up the psychological pressure to 100 and addresses some technical mitigations to classic ClickFix attacks.

A threat actor is leveraging a flaw in the Ray framework to hijack AI infrastructure worldwide and distribute a self-propagating cryptomining and data theft botnet.

The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers.

This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said.

Advancements have expanded that models' reasoning capabilities to help protect employees' physical safety.

In a repeat of similar attacks during the summer, threat actors affiliated with the ShinyHunters extortion group used a third-party application to steal organizations' Salesforce data.

In a potential gift to geopolitical adversaries, the encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure from chats.

Even the most advanced systems like Cloudflare can fall victim to software issues and become a global point of failure, Dr. David Utzke argues, adding that the recent outage should be a warning for enterprises.

A new security framework responds to a shift in attackers' tactics, one that allows them to infiltrate enterprises "silently" through their own policies.

Automation is rewriting early-career cybersecurity work, raising urgent questions about how the next generation of security professionals will gain real-world expertise.

The US national cyber director describes the next cyber strategy as focusing "on shaping adversary behavior," adding consequences and aggressive response.

The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.

A Formula 1 pit crew demonstrates the basic principles of how modern security teams should work.

Dark Reading Confidential Episode 12: Experts help cyber job seekers get noticed, make an argument for a need to return to the hacker ethos of a bygone era, and have a stark conversation about keeping AI from breaking the sector's talent pipeline for years to come.

A unique take on the software update gambit has allowed Beijing's state-sponsored advanced persistent threat (APT) to evade attention as it mostly targets Chinese organizations.

Have you ever given two seconds of thought to a browser notification? No? That's what hackers bent on phishing are counting on.

Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and phishing attacks.

The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks.

A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.

When international corporations have to balance competing cyber laws from different countries, the result is fragmented, potentially vulnerable systems.