darkreading

The North Korean threat group also leveraged Comebacker backdoor, Blindingcan RAT, and info stealer Infohook in its recent attacks.

Investments in cybersecurity startups took off in 2025 as venture capital firms focused not just on AI-native tech but on talent as well.

The attacks cost banks more than $20 million in losses last year, as criminals used many of the same tools and tactics they have wielded for more than a decade.

AI systems have to be able to show a record of what happened and how.

The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa.

The Nazi relic's history is riddled with resilience errors, and those lessons still apply to defending against modern cyber threats.

A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks.

Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.

Microsoft Copilot recently summarized and leaked user emails; but any AI agent will go above and beyond to complete assigned tasks, even breaking through their carefully designed guardrails.

After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities.

The slower pace of upgrades has the unintended impact of creating a haven for attackers, especially for initial access brokers and ransomware gangs.

As scaled-down circuits with limited functions redefine computing for AI systems and autonomous vehicles, their flexibility demands new approaches to safeguard critical infrastructure.

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites.

Unprotected cloud data sends the wrong signal at a time when the emirate's trying to attract investors and establish itself as a global financial center.

Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things' attack surfaces more dangerous.

Survey underscores the reality that scammers follow "scalable opportunities and low friction," rather than rich targets that tend to be better protected.