Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXUS widens sanctions on Russian crypto exchange Garantex, its successor and affiliate firms
The State Department also announced financial rewards totaling up to $6 million for information leading to the arrest or conviction of Garantexβs leaders. The post US widens sanctions on Russian crypto exchange Garantex, its successor and affiliate firms appeared first on CyberScoop.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Agentic AI Use Cases for Security Soar, but Risks Demand Close Attention
Organizations increasingly use agents to automate mundane tasks and address an overwhelming amount of sensitive data. However, adoption requires strict security strategies that keep humans in the loop for now.
Google Chrome Enterprise: Advanced Browser Security for the Modern Workforce
In this Dark Reading News Desk interview, Google's Mark Berschadski highlights the critical role browsers play in today's work environment and how Chrome Enterprise is evolving to meet modern security challenges while enabling productivity.
Police & Government Email Access for Sale on Dark Web
Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentially, a higher success rate than ever.
NIST Digital Identity Guidelines Evolve With Threat Landscape
The US National Institute of Standards and Technology updated its Digital Identity Guidelines to match current threats. The document detailed technical recommendations as well as suggestions for organizations.
CISA Warns N-able Bugs Under Attack, Patch Now
Two critical N-able vulnerabilities enable local code execution and command injection; they require authentication to exploit, suggesting they wouldn't be seen at the beginning of an exploit chain.
Cybersecurity Spending Slows & Security Teams Shrink
Security budgets are lowest in healthcare, professional and business services, retail, and hospitality, but budget growth remained above 5% in financial services, insurance, and tech.
Google Chrome Enterprise: Extend Protections From Browser to OS
Dark Reading's Terry Sweeney and Google's Loren Hudziak discuss how the humble web browser has transformed from a simple web access tool into a common conduit through which a lot of business is done.
New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks
Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial-of-service (DoS) attacks. "MadeYouReset bypasses the typical server-imposed limit of 100 concurrent HTTP/2 requests per TCP connection from a client. This limit is intended to mitigate DoS attacks by restricting the number of simultaneous
Navigating the Cybersecurity Budget Tug-of-War
Companies ready to move beyond reactive defense and toward full-spectrum protection need to invest in strategies that rally around resiliency, unified cybersecurity, and data protection.
Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution
Path traversal and XXE injection flaws allowing unauthenticated remote code execution have been patched in Xerox FreeFlow Core. The post Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution appeared first on SecurityWeek.
Hackers Found Using CrossC2 to Expand Cobalt Strike Beaconβs Reach to Linux and macOS
Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control. The agency said the activity was detected between September and December 2024, targeting
Have You Turned Off Your Virtual Oven?
You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting β a break-in, fire, or worse. Your
LLM Coding Integrity Breach
Hereβs an interesting story about a failure being introduced by LLM-written code. Specifically, the LLM was doing some code refactoring, and when it moved a chunk of code from one file to another it changed a βbreakβ to a βcontinue.β That turned an error logging statement into an infinite loop, which crashed the system. This is an integrity failure. Specifically, itβs a failure of processing integrity. And while we can...
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. "PhantomCard relays NFC data from a victim's banking card to the fraudster's device," ThreatFabric said in a report. "PhantomCard is based on
Passkey Login Bypassed via WebAuthn Process Manipulation
Researchers at enterprise browser security firm SquareX showed how an attacker can impersonate a user and bypass passkey security. The post Passkey Login Bypassed via WebAuthn Process Manipulation appeared first on SecurityWeek.
Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses
Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to "ensure a safe and compliant ecosystem for users." The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South Korea, Switzerland, Thailand,
CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure
North Korea Attacks South Koreans With Ransomware
DPRK hackers are throwing every kind of malware at the wall and seeing what sticks, deploying stealers, backdoors, and ransomware all at once.
Fortinet Products Are in the Crosshairs Again
The company disclosed a critical FortiSIEM flaw with a PoC exploit for it the same week researchers warned of an ominous surge in malicious traffic targeting the vendor's SSL VPNs.
Whispers of XZ Utils Backdoor Live on in Old Docker Images
Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," given the improbability they'd be exploited.
Norwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a Dam
During the April incident, hackers gained access to a digital system which remotely controls one of the damβs valves and opened it to increase the water flow. The post Norwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a Dam appeared first on SecurityWeek.
Fortinet SIEM issue coincides with spike in brute-force traffic against companyβs SSL VPNs
Researchers arenβt aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the companyβs security appliances. The post Fortinet SIEM issue coincides with spike in brute-force traffic against companyβs SSL VPNs appeared first on CyberScoop.
Popular AI Systems Still a Work-in-Progress for Security
According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and underground models.
The overlooked changes that two Trump executive orders could bring to cybersecurity
Good, bad, puzzling β a March order and June order could have bigger ripples than realized when the president signed them. The post The overlooked changes that two Trump executive orders could bring to cybersecurity appeared first on CyberScoop.
Patch Now: Attackers Target OT Networks via Critical RCE Flaw
Researchers observed exploitation attempts against a vulnerability with a CVSS score of 10 in a popular Erlang-based platform for critical infrastructure and OT development.
AI Applications in Cybersecurity
There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And hereβs where to register to attend, or participate, in the fourth. Some really great stuff here.
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks
Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system
What the LockBit 4.0 Leak Reveals About RaaS Groups
The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.
Patch the vulnerability: Confirm Sean Plankey as CISA director
The executive director of the National Technology Security Coalition writes that Plankey is a strong, capable leader who will strengthen public-private partnerships. The post Patch the vulnerability: Confirm Sean Plankey as CISA director appeared first on CyberScoop.
How an AI-Based 'Pen Tester' Became a Top Bug Hunter on HackerOne
AI researcher explains how an automated penetration-testing tool became the first non-human member on HackerOne to reach the top of the platform's US leaderboard.
Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution. The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation. "Untrusted search path in
Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to
AI SOC 101: Key Capabilities Security Leaders Need to Know
Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure to keep up, yet often struggling to stay ahead of emerging
Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000
The RansomHub ransomware group stole sensitive information from staffing and recruiting firm Manpower in January. The post Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000 appeared first on SecurityWeek.