The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
Spam and phishing in 2025
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.
Why Smart People Fall For Phishing Attacks
Why do successful phishing attacks target our psychology rather than just our software? Discover Unit 42’s latest insights on defeating social engineering and securing your digital life. The post Why Smart People Fall For Phishing Attacks appeared first on Unit 42.
A Peek Into Muddled Libra’s Operational Playbook
Explore the tools Unit 42 found on a Muddled Libra rogue host. Learn how they target domain controllers and use search engines to aid their attacks. The post A Peek Into Muddled Libra’s Operational Playbook appeared first on Unit 42.
No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network
Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators…
'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4
If an attacker splits a malicious prompt into discrete chunks, some large language models (LLMs) will get lost in the details and miss the true intent.
Trump Administration Rescinds Biden-Era Software Guidance
Federal agencies will no longer be required to solicit software attestations that they comply with NIST's Secure Software Development Framework (SSDF). What that means long term is unclear.
Out-of-the-Box Expectations for 2026 Reveal a Grab Bag of Risk
Security teams need to be thinking about this list of emerging cybersecurity realities to avoid rolling the dice on enterprise security risks (and opportunities).
2026: The Year Agentic AI Becomes the Attack-Surface Poster Child
Dark Reading asked readers whether agentic AI attacks, advanced deepfake threats, board recognition of cyber as a top priority, or password-less technology adoption would be most likely to become a trending reality for 2026.
Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation
Investors poured $140 million into Torq's Series D Round, raising the startup's valuation to $1.2 billion, to bring AI-based "hyper automation" to SOCs.
County Pays $600K to Wrongfully Jailed Pen Testers
Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises.