Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXAgentic AI, Apple Intelligence, EV Chargers: Everyday Cybersecurity Peril Abounds for Businesses
Cybersecurity risks can come from everywhere, as these riveting Dark Reading News Desk videos detail. Check out Part 1 of our broadcast coverage of the top research presented at Black Hat USA 2025.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds
Cybersecurity risks can come from everywhere, as these riveting Dark Reading News Desk videos detail. Check out Part 1 of our broadcast coverage of the top research presented at Black Hat USA 2025.
Oregon Man Charged in βRapper Botβ DDoS Service
A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online extortionists, and tried to stay off the radar of...
How to Vibe Code With Security in Mind
As more organizations integrate vibe coding and AI-assisted coding into their application development processes, it's important to remember to put security first.
'RingReaper' Sneaks Right Past Linux EDRs
The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.
AI Agents Access Everything, Fall to Zero-Click Exploit
Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" β and what that means for cyber-risk.
Millions Allegedly Affected in Allianz Insurance Breach
Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by other adversaries and evade detection, Red Canary said in
PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain
Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves the "distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger," Kaspersky researcher Saurabh Sharma said in a technical analysis published today. The
10 Major GitHub Risk Vectors Hidden in Plain Sight
By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply chain attacks targeting interconnected software.
Microsoft Dissects PipeMagic Modular Backdoor
PipeMagic, which poses as a ChatGPT application, is a modular malware framework that provides persistent access and flexibility. The post Microsoft Dissects PipeMagic Modular Backdoor appeared first on SecurityWeek.
UK abandons Apple backdoor demand after US diplomatic pressure
The United Kingdom has withdrawn its demand that Apple create a backdoor to its encrypted cloud systems following months of diplomatic pressure from the United States, according to a statement from Director of National Intelligence Tulsi Gabbard. Gabbard announced the decision Monday on X, stating that the U.S. government had worked closely with British partners [β¦] The post UK abandons Apple backdoor demand after US...
'DripDropper' Hackers Patch Their Own Exploit
An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said. CVE-2025-31324 (CVSS score: 10.0) - Missing
Gabbard Says UK Scraps Demand for Apple to Give Backdoor Access to Data
Britain abandoned its demand that Apple provide backdoor access to any encrypted user data stored in the cloud. The post Gabbard Says UK Scraps Demand for Apple to Give Backdoor Access to Data appeared first on SecurityWeek.
Gambling Tech Firm Bragg Discloses Cyberattack
Bragg Gaming Group says hackers accessed its internal systems over the weekend, but did not affect its operations. The post Gambling Tech Firm Bragg Discloses Cyberattack appeared first on SecurityWeek.
Hacktivist Sentenced to 20 Months of Prison in UK
Al-Tahery Al-Mashriky of the Yemen Cyber Army has been accused of hacking into and defacing many websites as part of hacktivist campaigns. The post Hacktivist Sentenced to 20 Months of Prison in UK appeared first on SecurityWeek.
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S. citizens. U.S. Director of National Intelligence (DNI) Tulsi Gabbard, in a statement posted on X, said the U.S. government had been working with its partners with the U.K. over the past few months to ensure that
Why Your Security Culture is Critical to Mitigating Cyber Risk
After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and technologies alone are not enough to mitigate cyber risk. As tech stacks have grown more sophisticated and capable, attackers have shifted their focus. They are no longer focusing on infrastructure vulnerabilities alone. Instead, they are increasingly
Zero-Day Exploit in WinRAR File
A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature to trigger a previously unknown path traversal flaw that caused WinRAR to plant malicious executables in attacker-chosen file...
New Exploit Poses Threat to SAP NetWeaver Instances
A new public exploit chains two critical flaws in SAP NetWeaver, exposing unpatched instances to code execution attacks. The post New Exploit Poses Threat to SAP NetWeaver Instances appeared first on SecurityWeek.
1.1 Million Unique Records Identified in Allianz Life Data Leak
Have I Been Pwned has analyzed the information made public by the hackers who recently targeted Allianz Life. The post 1.1 Million Unique Records Identified in Allianz Life Data Leak appeared first on SecurityWeek.
The need for speed: Why organizations are turning to rapid, trustworthy MDR
How top-tier managed detection and response (MDR) can help organizations stay ahead of increasingly agile and determined adversaries
New Research Links VPN Apps, Highlights Security Deficiencies
Citizen Lab has identified links between multiple VPN providers, and multiple security weaknesses in their mobile applications. The post New Research Links VPN Apps, Highlights Security Deficiencies appeared first on SecurityWeek.
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks. "These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts," Mike Fiedler, PyPI safety and security engineer at the Python
Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield
From hacked satellites to nuclear threats in orbit, the battle for dominance beyond Earth is redefining modern warfare and national security. The post Hijacked Satellites and Orbiting Space Weapons: In the 21st Century, Space Is the New Battlefield appeared first on SecurityWeek.
Secure AI Use Without the Blind Spots
Why every company needs a clear, enforceable AI policy β now.
Noodlophile Stealer Hides Behind Bogus Copyright Complaints
Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures.
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. "The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emails posing as copyright infringement
Trump threatens executive order on elections, claims states must obey
The provisions mentioned by the president, such as banning mail-in voting and voting machines, are viewed by many experts as plainly unconstitutional. The post Trump threatens executive order on elections, claims states must obey appeared first on CyberScoop.
Workday Breach Likely Linked to ShinyHunters Salesforce Attacks
The HR giant said hackers mounted a socially engineered cyberattack on its third-party CRM system but did not gain access to customer information; only "commonly available" business contact info was exposed.
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Cybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks. The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability impacting the Windows Common Log File System (CLFS) that was addressed by Microsoft in April 2025,
Novel 5G Attack Bypasses Need for Malicious Base Station
Researchers detailed a new 5G attack named Sni5Gect that can allow attackers to sniff traffic and cause disruption. The post Novel 5G Attack Bypasses Need for Malicious Base Station appeared first on SecurityWeek.
How Evolving RATs Are Redefining Enterprise Security Threats
A more unified and behavior-aware approach to detection can significantly improve security outcomes.