GlassWorm Malware Returns to Shatter Developer Ecosystems
The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims with infostealer infections.
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.
Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
Attackers could even have used one vulnerable Lookout user to gain access to other GCP tenants' environments.
Big Breach or Smooth Sailing? Mexican Gov't Faces Leak Allegations
A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government.
Extra Extra! Announcing DR Global Latin America
Dark Reading has something new hitting the newsstand: a content section purpose-built for Latin American readers, featuring news, analysis, features, and multimedia.
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
By tapping the unusual .scr file type, attackers leverage "executables that don't always receive executable-level controls," one researcher noted.
CISA Makes Unpublicized Ransomware Updates to KEV Catalog
A third of the "flipped" CVEs affected network edge devices, leading one researcher to conclude, "Ransomware operators are building playbooks around your perimeter."
Ransomware Gang Goes Full 'Godfather' With Cartel
DragonForce is taking cues from organized crime, emphasizing cooperation and coordination among ransomware gangs.
Protests Don't Impede Iranian Spying on Expats, Syrians, Israelis
Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering.
Cyber Success Trifecta: Education, Certifications & Experience
Col. Georgeo Xavier Pulikkathara, CISO at iMerit, discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of AI-driven cybersecurity evolution.
Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful
A disconnect exists between an organization's cybersecurity needs and lists like CISA's KEV Catalog. KEV Collider combines data from multiple open source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities.
Agentic AI Site 'Moltbook' Is Riddled With Security Risks
Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly accessible API.