Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
Attackers could even have used one vulnerable Lookout user to gain access to other GCP tenants' environments.
Big Breach or Smooth Sailing? Mexican Gov't Faces Leak Allegations
A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government.
Extra Extra! Announcing DR Global Latin America
Dark Reading has something new hitting the newsstand: a content section purpose-built for Latin American readers, featuring news, analysis, features, and multimedia.
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
By tapping the unusual .scr file type, attackers leverage "executables that don't always receive executable-level controls," one researcher noted.
CISA Makes Unpublicized Ransomware Updates to KEV Catalog
A third of the "flipped" CVEs affected network edge devices, leading one researcher to conclude, "Ransomware operators are building playbooks around your perimeter."
Ransomware Gang Goes Full 'Godfather' With Cartel
DragonForce is taking cues from organized crime, emphasizing cooperation and coordination among ransomware gangs.
Protests Don't Impede Iranian Spying on Expats, Syrians, Israelis
Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering.
Cyber Success Trifecta: Education, Certifications & Experience
Col. Georgeo Xavier Pulikkathara, CISO at iMerit, discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of AI-driven cybersecurity evolution.
Data Tool to Triage Exploited Vulnerabilities Can Make KEV More Useful
A disconnect exists between an organization's cybersecurity needs and lists like CISA's KEV Catalog. KEV Collider combines data from multiple open source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities.
Agentic AI Site 'Moltbook' Is Riddled With Security Risks
Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly accessible API.
EnCase Driver Weaponized as EDR Killers Persist
The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it.
OpenClaw's Gregarious Insecurities Make Safe Usage Difficult
Malicious "skills" and persnickety configuration settings are just some of the issues that security researchers have found when installing — and removing — the OpenClaw AI assistant.