Recent Posts
News•Feb 18, 2026
Singapore & Its 4 Major Telcos Fend Off Chinese Hackers
Singapore’s Cyber Security Agency and the nation’s four major telcos (M1, Simba Telecom, Singtel, StarHub) launched the "Cyber Guardian" operation, expelling the China‑linked threat actor UNC3886 after an 11‑month campaign. The attackers breached critical network segments but did not steal data or disrupt services. The joint response leveraged over 100 incident responders and highlighted a robust public‑private partnership. The episode reflects a broader pattern of state‑sponsored cyber intrusions targeting telecom infrastructure worldwide.
By Dark Reading
News•Feb 16, 2026
260K+ Chrome Users Duped by Fake AI Browser Extensions
Researchers at LayerX uncovered 30 malicious Chrome extensions masquerading as AI assistants, collectively amassing over 260,000 downloads. These extensions embed attacker‑controlled iframes that capture user prompts, emails, and webpage data, then relay them to remote servers while returning plausible AI...
By Dark Reading
News•Feb 13, 2026
Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities
Zscaler announced the acquisition of Singapore‑based startup SquareX, adding its Chromium‑based browser extension to the Zero Trust Exchange platform. SquareX’s browser detection and response (BDR) technology provides real‑time threat detection inside browsers on managed and personal devices. The deal, closed...
By Dark Reading
News•Feb 13, 2026
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Microsoft faces mounting pressure as ransomware groups increasingly leverage bring‑your‑own‑vulnerable‑driver (BYOVD) attacks to neutralize endpoint security tools. While Windows has introduced driver signing enforcement and a vulnerable driver blocklist, legacy compatibility rules allow drivers with expired or revoked certificates to...
By Dark Reading
News•Feb 12, 2026
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
Booz Allen Hamilton has launched the general availability of Vellox Reverser™, an AI‑driven malware reverse‑engineering platform that automates deep analysis at machine speed. The solution leverages a resilient agentic AI architecture, AWS Lambda, Bedrock and Step Functions to ingest samples,...
By Dark Reading
News•Feb 11, 2026
Asia Fumbles With Throttling Back Telnet Traffic in Region
Telnet remains a major security weakness in the Asia‑Pacific, accounting for roughly half of the world’s exposed Telnet endpoints. Global throttling on Jan. 14 cut Telnet sessions by 83 % but Asian providers applied inconsistent filters, leaving the region’s traffic relatively high....
By Dark Reading
News•Feb 10, 2026
SolarWinds WHD Attacks Highlight Risks of Exposed Apps
SolarWinds’ Web Help Desk (WHD) platform has become a favored target after numerous organizations unintentionally exposed the service to the public internet. Attackers are scanning for these open instances, exploiting weak or default credentials to infiltrate ticketing systems. Successful breaches...
By Dark Reading
![[Virtual Event] Shields Up: Key Technologies Reshaping Cybersecurity Defenses](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt8a0a23d922e8040c/698a52efc397d867074bbec6/DRVE_Event_2060319.png?width=1280&auto=webp&quality=80&disable=upscale)
News•Feb 10, 2026
[Virtual Event] Shields Up: Key Technologies Reshaping Cybersecurity Defenses
The virtual event "Shields Up" spotlights emerging technologies reshaping cybersecurity defenses, featuring a slate of on‑demand webinars that explore AI‑driven attack surfaces, ransomware supply‑chain risks, and AI‑powered threat hunting. Complementary white papers dive into admin‑rights removal, least‑privilege strategies, and real‑world...
By Dark Reading
News•Feb 9, 2026
OT Attacks Get Scary With 'Living-Off-the-Plant' Techniques
Operational technology (OT) cyberattacks have so far been limited by attackers' lack of deep process knowledge, but experts warn that a shift toward "living‑off‑the‑plant" techniques could enable more damaging exploits. Recent ransomware spillovers into OT and incidents like the Norway...
By Dark Reading
News•Feb 9, 2026
What Organizations Need to Change When Managing Printers
Jim LaRoe, CEO of Symphion, warns that most enterprises only manage printers for uptime and cost, leaving them unprotected despite comprising 20‑30% of endpoints. He highlights an ownership vacuum, missing budget lines, and reliance on default configurations as core leadership...
By Dark Reading
News•Feb 6, 2026
'Encrypt It Already' Campaign Pushes Big Tech to Prioritize E2E Encryption
The Electronic Frontier Foundation launched the "Encrypt It Already" campaign to pressure large tech firms to deliver on promised end‑to‑end encryption (E2EE) and to enable those features by default. The initiative highlights lagging implementations at companies such as Bluesky, Ring...
By Dark Reading
News•Jan 21, 2026
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Security researchers discovered that dozens of publicly exposed, intentionally vulnerable training applications—such as Hackazon, OWASP Juice Shop, DVWA and bWAPP—are being run on real cloud infrastructure. These apps often carry over‑permissioned IAM roles, allowing attackers to harvest temporary credentials and...
By Dark Reading
News•Jan 20, 2026
Mass Spam Attacks Leverage Zendesk Instances
Zendesk reported a wave of mass spam campaigns that exploit its customer‑service platform to send phishing emails. The messages appear to originate from legitimate Zendesk subdomains, tricking recipients into opening malicious links. Zendesk clarified that the campaigns are not linked...
By Dark Reading
News•Jan 16, 2026
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
Fortinet disclosed a critical OS‑command‑injection flaw in its FortiSIEM platform (CVE‑2025‑64155) on Jan. 13, assigning it a 9.4 CVSS rating. The vulnerability enables unauthenticated remote code execution via crafted TCP requests to the phMonitor service. Within days, security firm Defused reported...
By Dark Reading
News•Jan 16, 2026
AI System Reduces Attack Reconstruction Time From Weeks to Hours
Pacific Northwest National Laboratory unveiled ALOHA, an AI‑driven system that reconstructs cyber attacks in hours instead of weeks. Leveraging Anthropic’s Claude LLM and MITRE’s Caldera framework, ALOHA translates threat reports into full attack playbooks and automatically tests them against simulated...
By Dark Reading
News•Jan 15, 2026
Winter Olympics Could Share Podium With Cyberattackers
The Unit 42 report warns that the Milano‑Cortina 2026 Winter Olympics will be a prime target for cyber‑criminals, nation‑state espionage groups, and hacktivists. Ransomware gangs are expected to exploit ticketing, point‑of‑sale and other critical infrastructure for extortion. State‑linked actors such as...
By Dark Reading
News•Jan 15, 2026
Vulnerabilities Surge, But Messy Reporting Blurs Picture
The National Vulnerability Database recorded a record 48,177 CVE identifiers for 2025, marking the ninth consecutive year of growth. Reporting is now dominated by new CNAs, with Patchstack, Wordfence and WPScan contributing 23% of all entries and MITRE falling to...
By Dark Reading
News•Jan 15, 2026
Trio of Critical Bugs Spotted in Delta Industrial PLCs
Researchers from OPSWAT’s Unit 515 uncovered four serious flaws in Delta Electronics’ DVP‑12SE11T programmable logic controller, including three critical CVSS 9+ vulnerabilities. Delta issued a firmware patch just before the 2026 New Year, but many OT environments may delay updates due to...
By Dark Reading
News•Jan 14, 2026
Secure Your Spot at RSAC 2026 Conference
The RSA Conference (RSAC) will convene cybersecurity leaders in San Francisco from March 23‑26, 2026, offering a platform to explore emerging strategies and bold technologies. Simultaneously, GISEC GLOBAL 2026 will gather CISOs, government officials, and ethical hackers across the Middle East and Africa...
By Dark Reading
News•Jan 14, 2026
Taiwan Endures Greater Cyber Pressure From China
Taiwan’s National Security Bureau reported an average of 2.63 million cyber attacks per day in 2025, a 6 percent rise from the prior year. Energy utilities faced a ten‑fold surge in malicious traffic while hospitals and emergency services saw attacks climb 54 percent....
By Dark Reading
News•Jan 13, 2026
CISO Succession Crisis Highlights How Turnover Amplifies Security Risks
Chief Information Security Officers are facing unprecedented turnover, with average tenure now 18‑26 months. Rapid M&A activity forces CISOs to juggle integration, risk, board advising, and crisis management, leading to burnout and a 66% report of excessive expectations. Surveys show...
By Dark Reading
News•Jan 7, 2026
DDoSia Powers Affiliate-Driven Hacktivist Attacks
Pro‑Russian hacktivist group NoName057(16) has been leveraging a volunteer‑distributed DDoS platform called DDoSia to launch coordinated attacks against government, media and institutional websites linked to Ukraine and Western interests. The tool, now modular and cross‑platform, enables participants with minimal technical...
By Dark Reading
News•Jan 7, 2026
Cyberattacks Likely Part of Military Operation in Venezuela
The United States’ Jan. 3 raid that captured Venezuelan President Nicolás Maduro was accompanied by a sudden power and internet outage in Caracas, prompting speculation that U.S. Cyber Command and other agencies deployed offensive cyber capabilities. President Trump hinted at "a...
By Dark Reading
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
News•Jan 5, 2026
Startup Trends Shaking Up Browsers, SOC Automation, AppSec
Startups are reshaping cybersecurity by turning browsers into the new endpoint, leveraging Chrome’s Manifest V3 extensions for Browser Detection and Response, and applying large‑language models to AppSec and SOC automation. MV3‑based extensions from SquareX, Keep Aware and LayerX give real‑time...
By Dark Reading
News•Jan 5, 2026
Advisor360 Gets a Handle on Shadow AI via Automation
Advisor360, a wealth‑management platform, faced uncontrolled shadow AI use as employees adopted free AI tools, creating security blind spots. Its small security operations center struggled to manually vet tools, taking days to assess risk. In 2024 the firm partnered with...
By Dark Reading
News•Jan 5, 2026
CISOs Face a Tighter Insurance Market in 2026
Cyber‑insurance premiums have softened but rate cuts are slowing, and insurers now demand verifiable security controls before underwriting. Boards increasingly view cyber coverage as a non‑negotiable component of risk‑management, pairing it with robust controls rather than treating it as a...
By Dark Reading
News•Jan 2, 2026
Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats
In a year‑end panel, cybersecurity leaders forecast that 2026 will be dominated by AI‑driven threats, with agentic AI and deepfake‑enabled social engineering emerging as top attack vectors. Identity management will shift toward zero‑trust models that include non‑human identities, while supply‑chain...
By Dark Reading
News•Jan 2, 2026
CTO New Year's Resolutions for a More Secure 2026
Security‑focused CTOs are setting five priority resolutions for 2026. First, they will operationalize AI governance by embedding repeatable controls, model gateways and telemetry into engineering pipelines to enforce "secure to ship" AI features. Second, they will add dedicated security controls...
By Dark Reading
News•Dec 31, 2025
Identity Security 2026: Four Predictions & Recommendations
Todd Thiemann forecasts four identity‑security trends for 2026. AI agents will move from SaaS sandboxes into core business processes, creating new breach vectors that demand holistic identity controls. Mid‑market firms, facing app sprawl, will finally adopt Identity Governance and Administration...
By Dark Reading
News•Dec 30, 2025
Cybersecurity Predictions 2026: An AI Arms Race and Malware Autonomy
Tyler Shields predicts that 2026 will see an AI‑driven escalation of both offensive cyber attacks and defensive tools, with attackers automating phishing, deep‑fakes, and vulnerability hunting at scale. Security teams will adopt autonomous containment, probabilistic exposure mitigation, and AI‑generated detection...
By Dark Reading
News•Dec 30, 2025
New Tech Deployments That Cyber Insurers Recommend for 2026
Cyber insurers see a sharp rise in AI‑driven phishing losses and a drop in vendor‑outage claims in H1 2025, prompting a shift in recommended defenses for 2026. Resilience’s Jud Dressler highlights role‑based access controls as the top technology to limit breach...
By Dark Reading
News•Dec 29, 2025
Dark Reading Confidential: Stop Secrets Creep Across Developer Platforms
Developers are increasingly leaking sensitive credentials across a growing array of platforms, from Git repositories to collaboration tools like JIRA and Slack. A recent “state of secret sprawl” report identified 23 million secrets in the public domain last year, and experts...
By Dark Reading
News•Dec 29, 2025
SBOMs in 2026: Some Love, Some Hate, Much Ambivalence
Software bills of materials (SBOMs) remain a cornerstone of supply‑chain security, yet widespread adoption stalls due to incomplete data, late‑stage generation, and open‑source gaps. Docker’s Hardened Images showcase a best‑practice model, embedding full SBOMs and Level 3 SLSA provenance, while many...
By Dark Reading
News•Dec 29, 2025
5 Threats That Defined Security in 2025
2025 was defined by a wave of high‑impact cyber threats, from the Chinese state‑backed APT Salt Typhoon targeting telecom networks and the US National Guard, to severe budget cuts at the Cybersecurity and Infrastructure Security Agency (CISA). The year also saw...
By Dark Reading
News•Dec 26, 2025
Mentorship & Diversity: Shaping the Next Generation of Cyber Experts
Patricia Voight, CISO of Webster Bank, shared her journey from telecom security to leading financial‑services cyber risk, emphasizing the sector’s constant evolution. She highlighted the bank’s mentorship and summer‑intern programs, which deliberately recruit neurodivergent talent and partner with universities. Voight...
By Dark Reading
_Yuri_Arcurs_alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
News•Dec 26, 2025
Dark Reading Opens State of Application Security Survey
Dark Reading has launched its 2026 State of Application Security survey, extending the 2025 study that gathered insights from over 100 cybersecurity professionals. The new questionnaire adds topics like vibe coding and secure‑coding training while retaining core questions for year‑over‑year...
By Dark Reading
News•Dec 23, 2025
Industry Continues to Push Back on HIPAA Security Rule Overhaul
The U.S. Department of Health and Human Services unveiled a sweeping update to the HIPAA Security Rule in January 2025, aiming to tighten cybersecurity across hospitals and clinics. A coalition of 100 health‑care groups led by CHIME has called for...
By Dark Reading
News•Dec 23, 2025
Sprawling 'Operation Sentinel' Neutralizes African Cybercrime Syndicates
Operation Sentinel, a 19‑nation Interpol‑led effort, dismantled multiple African cybercrime syndicates, arresting 574 suspects and seizing roughly $3 million in assets. The investigation neutralized over 6,000 malicious links and decrypted six ransomware strains, uncovering $21 million in losses from BEC, extortion and...
By Dark Reading
News•Dec 22, 2025
Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices
WatchGuard disclosed a critical zero‑day vulnerability (CVE‑2025‑14733) in its Firebox firewalls, enabling remote code execution via an out‑of‑bounds write in the Fireware OS. The flaw affects multiple firmware versions and specifically targets the IKEv2 VPN processes, with threat actors actively...
By Dark Reading
News•Dec 22, 2025
Uzbek Users Under Attack by Android SMS-Stealers
Group‑IB reported a fresh wave of Android SMS‑stealer campaigns targeting users in Uzbekistan since October 2025. Threat groups such as TrickyWonders, Blazefang and Ajina distribute malicious APKs via sideloading and Telegram, exploiting stolen Telegram accounts to lure contacts into installation....
By Dark Reading
News•Dec 19, 2025
LongNosedGoblin Caught Snooping on Asian Governments
ESET has identified a new Chinese‑backed advanced persistent threat group, LongNosedGoblin, conducting cyber‑espionage against Japan and other Southeast Asian governments since 2023. The group leverages custom C#/.NET malware and uniquely abuses Windows Group Policy to drop payloads and move laterally...
By Dark Reading
News•Dec 19, 2025
Identity Fraud Among Home-Care Workers Puts Patients at Risk
Home‑care workers are increasingly sending unqualified friends or relatives to patient visits under false identities, a trend highlighted by recent fraud convictions and court cases in the U.S. and U.K. The Department of Health and Human Services reported 298 personal‑care...
By Dark Reading
News•Dec 19, 2025
A Cybersecurity Playbook for AI Adoption
Artificial intelligence now powers 60 % of enterprise security stacks, accelerating data collection, anomaly detection, and risk scoring across the NIST CSF identify and detect functions. However, the article warns that AI’s nondeterministic nature makes it unsuitable for direct enforcement actions...
By Dark Reading
News•Dec 18, 2025
SonicWall Edge Access Devices Hit by Zero-Day Attacks
SonicWall disclosed a medium‑severity zero‑day vulnerability, CVE‑2025‑40602, affecting the SMA1000 access platform’s management console. The flaw, rated 6.6 CVSS, is being actively exploited in chained attacks that also leverage the critical CVE‑2025‑23006 vulnerability. SonicWall released hotfixes in firmware versions 12.4.3‑03245...
By Dark Reading
News•Dec 18, 2025
Dormant Iran APT Is Still Alive, Spying on Dissidents
Iran’s long‑standing state‑level threat group, known as Prince of Persia or Infy, has resurfaced after years of apparent inactivity. SafeBreach’s latest report shows the APT has been continuously spying on Iranian citizens and dissidents across Iraq, Turkey, India, Europe and...
By Dark Reading
News•Dec 17, 2025
'Cellik' Android RAT Leverages Google Play Store
Cellik is a Remote Access Trojan offered as a service that automatically wraps malicious payloads around legitimate Android apps downloaded from the Google Play Store. The RAT provides full device control, including screen streaming, keylogging, file system access, and encrypted...
By Dark Reading
News•Dec 17, 2025
Securing the Network Edge: A Comprehensive Framework for Modern Cybersecurity
Enterprise computing is rapidly moving to the edge, with analysts forecasting more than $100 billion in annual edge spend by 2030. The proliferation of IoT, AI, 5G and data‑sovereignty mandates is pushing workloads beyond centralized clouds, creating latency, cost and compliance...
By Dark Reading