Cyberattackers Don't Care About Good Causes
A Dark Reading roundtable highlighted that nonprofit organizations, despite being critical infrastructure, are increasingly targeted by cybercriminals because they store sensitive personal and operational data while operating with limited security budgets. Panelists including Wendy Nather of 1Password and Sightline Security’s Kelley Misata warned that the sector’s reliance on low‑cost or free AI tools and vendor donations often introduces new vulnerabilities, as nonprofits lack the expertise to evaluate and manage these solutions. The discussion also underscored a systemic neglect from larger security vendors, leaving nonprofits to balance mission‑driven funding constraints against the need for robust cyber defenses. Ultimately, experts called for a shift in how the industry views and supports nonprofits, treating them as distinct businesses with unique risk profiles.
Will AI Save Consumers From Smartphone-Based Phishing Attacks?
The Omdia 2025 Mobile Device Security Consumer Survey finds phishing to be the top smartphone threat, affecting 27% of users and 40% of Americans. Google’s on‑device AI scam detection is available in 27 countries but still misses sophisticated attacks, while...
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Iran’s Ministry of Intelligence and Security (MOIS) is now openly partnering with cyber‑criminal groups, embedding tools like the Rhadamanthys infostealer into its APT operations. The strategy, highlighted by Check Point research, shows MOIS‑run groups such as Void Manticore and MuddyWater buying...
Commercial Spyware Opponents Fear US Policy Shifting
Recent U.S. actions have raised alarms among spyware opponents, as ICE reactivated a contract with Paragon Solutions and the Treasury lifted sanctions on Intellexa executives. Meanwhile, major spyware firms Paragon and NSO Group were sold to U.S. investors, signaling potential...
Xygeni GitHub Action Compromised Via Tag Poison
Xygeni’s official GitHub Action was compromised through a tag‑poisoning attack that redirected the mutable v5 tag to a malicious commit containing a command‑and‑control implant. The attacker leveraged a stolen maintainer personal access token and a compromised GitHub App private key...
'BlackSanta' EDR Killer Targets HR Workflows
Russian‑speaking actors have launched the BlackSanta campaign targeting HR recruitment workflows. The malware is delivered via résumé‑themed ISO files that embed a malicious payload in steganographic images, then uses a shortcut and obfuscated PowerShell to load signed kernel drivers. Once...
Are We Ready for Auto Remediation With Agentic AI?
Organizations are rapidly adopting AI‑driven auto remediation, with 88% using some form of AI and 44% deploying it for most exposure types. The most common automated actions target cloud configuration, network access controls, identity permissions, patch deployment, and infrastructure‑as‑code changes....
EU Auto Rules Shift Gears on Cybersecurity Standards
The European Union’s Euro 7 emissions package now mandates cybersecurity controls for all new vehicles sold in Europe. Manufacturers must obtain security certificates, conduct risk assessments, and guarantee secure transmission of emissions and battery‑durability data. The rules target data tampering,...
Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical
Cisco disclosed 48 vulnerabilities across its ASA, Secure FTD and Secure FMC firewall portfolio, including two CVE‑2026‑20079 and CVE‑2026‑20131 that received a perfect 10‑out‑of‑10 CVSS rating. The critical flaws affect the FMC web interface, enabling authentication bypass and remote code execution with...
LatAm Now Faces 2x More Cyberattacks Than US
Latin America is now the world’s most targeted region for cyber threats, with organizations confronting roughly 3,100 attacks per week—about twice the volume seen in the United States. Check Point’s March 2026 report shows ransomware, infostealers, banking malware and botnets...
Stranger Things Meets Cybersecurity: Lessons From the Hive Mind
The commentary likens modern cyber threats to the "hive mind" of Stranger Things, highlighting how botnets and APTs such as Salt Typhoon exploit default IoT credentials to create sprawling, often unseen attack surfaces. It stresses that telemetry—network traffic, logs, and user‑behavior data—combined...
Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate
Will Thomas, senior threat researcher at Team Cymru, partnered with Interpol on Operation Sentinel, a coordinated bust of an African ransomware, business‑email‑compromise and data‑extortion syndicate. The effort spanned 19 countries, resulted in 574 arrests, seized over 6,000 malicious links and...
Indian APT 'Sloppy Lemming' Targets Defense, Critical Infrastructure
India‑linked APT group Sloppy Lemming has accelerated its campaign, expanding its command‑and‑control infrastructure to over 112 Cloudflare‑hosted domains and deploying custom Rust‑based tools. The group now targets nuclear regulators, defense contractors, and critical infrastructure in Pakistan and Bangladesh, using phishing...
Speakeasies to Shadow AI: Banning AI Browsers Will Fail
Enterprises are grappling with a Gartner recommendation to ban AI‑enabled browsers, citing data leakage, unknown third‑party connections, and prompt‑injection threats. Yet LayerX research shows roughly 20% of corporate users already run GenAI extensions, and AI browsers now power about 85%...
AI Agent Overload: How to Solve the Workload Identity Crisis
Zscaler will address the growing workload identity crisis at RSAC 2026, focusing on AI agents and other non‑human identities that span multi‑cloud and on‑prem environments. The session will expose prevalent insecure practices such as static IP mapping and unrotated keys, and...
The Tug-of-War Over Firewall Backlogs in the AI-Driven Development Era
Developers and security teams are clashing over mounting firewall rule backlogs as AI‑driven development accelerates. Aviatrix reports up to 3,000 pending requests with approval cycles of two to four weeks, forcing developers to idle. Cloud adoption has turned static IP‑based...
30 Alleged Members of 'The Com' Arrested in Project Compass
Europol’s Project Compass, launched in January 2025, has led to the arrest of 30 alleged members of the cyber‑extremist collective known as “The Com,” while identifying a further 179 participants across 28 partner nations. The operation targets a loosely organized network of...
_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Quantum-Resistant Data Diode Secures Sensitive Data on Edge Devices, Critical Systems
Forward Edge‑AI unveiled Isidore Quantum, a palm‑sized data diode that enforces one‑way data flow while encrypting traffic with post‑quantum algorithms such as ML‑KEM and ML‑DSA. The device, co‑developed with the U.S. government and Microsoft, delivers sub‑0.5 ms latency and up to...
Bug in Google's Gemini AI Panel Opens Door to Hijacking
Google patched a high‑severity vulnerability (CVE‑2026‑0628) in the Gemini AI side‑panel of Chrome that could let a malicious extension with basic permissions hijack the panel, capture screenshots, and access the camera, microphone, and local files. Palo Alto Networks’ Unit 42 demonstrated...
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
The recent episode of HBO’s drama "The Pitt" portrayed a hospital’s IT systems being shut down by ransomware, forcing clinicians to revert to paper‑based processes. Hours later, the University of Mississippi Medical Center confirmed a real ransomware breach that crippled...
The Case for Why Better Breach Transparency Matters
Cybersecurity experts Adam Shostack and Adrian Sanabria argue for greater breach transparency at RSA Conference. They highlight that current practices treat incidents as legal liabilities, limiting shared learning. The speakers propose structured feedback loops similar to aviation and medicine. Without...
Marquis V. SonicWall Lawsuit Ups the Breach Blame Game
Fintech firm Marquis, which serves over 700 banks, filed a lawsuit against firewall vendor SonicWall after a ransomware breach exposed client data for roughly 780,000 individuals. SonicWall later disclosed that a breach of its own firewall configuration backups affected all...
PCI Council Says Threats to Payments Systems Are Speeding Up
The PCI Security Standards Council published its inaugural 2025 annual report, the first since its 2006 founding, outlining a surge in payment‑system threats and the council’s expanding role. The report highlights accelerated attacks leveraging AI, ransomware incidents such as BridgePay,...
Why 'Call This Number' TOAD Emails Beat Gateways
Researchers at StrongestLayer analyzed about 5,000 phishing emails that evaded secure email gateways between December 2025 and early 2026. They found that telephone‑oriented attack delivery (TOAD), which consists solely of a phone number, represented roughly 28 % of all bypasses and...
.jpg?width=1280&auto=webp&quality=80&disable=upscale)
'Richter Scale' Model Measures Magnitude of OT Cyber Incidents
The Operational Technology Incident (OTI) Impact Score, unveiled at the S4x26 conference, offers a Richter‑scale‑style metric for gauging OT cyber‑attack consequences. It combines severity, reach, and duration into a single figure, with assessments delivered via an online portal within 12...
More Than Dashboards: AI Decisions Must Be Provable
Enterprise leaders are demanding proof of what AI systems actually did, not just what they were designed to do or what dashboards report. As AI moves into regulated, high‑risk environments, boards and auditors expect decision‑level evidence for each action. The...
_roibu_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Iran's MuddyWater Targets Orgs With Fresh Malware as Tensions Mount
Iran‑linked APT MuddyWater has escalated its campaign, dubbed Operation Olalampo, against organizations in the Middle East and Africa. The group continues to rely on spear‑phishing but also began exploiting public‑facing servers, delivering several previously unseen malware strains such as the...
Enigma Cipher Device Still Holds Secrets for Cyber Pros
The Enigma cipher machine, originally built in 1918 and later adapted by the Nazis, saw only a few hundred surviving units out of an estimated 35,000‑40,000 produced. Historian‑turned‑cybersecurity expert Marc Sachs will discuss the device’s historic failures at RSAC 2026, highlighting...
600+ FortiGate Devices Hacked by AI-Armed Amateur
A financially motivated, Russian‑speaking threat actor used generative AI services to compromise more than 600 Fortinet FortiGate firewalls worldwide between January and February. The campaign avoided exploiting software vulnerabilities, instead leveraging exposed management ports and reused credentials with single‑factor authentication,...
Latin America's Cyber Maturity Lags Threat Landscape
Intel 471’s 2025 report shows Latin America’s cyber‑maturity is improving but the region faces a rapidly intensifying threat landscape. Ransomware incidents jumped 78% year‑over‑year, with more than 450 breaches recorded, while Brazil alone accounted for 30% of ransomware and extortion attacks....
Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges
Chiplet technology is reshaping semiconductor design by allowing modular, mix‑and‑match silicon components, accelerating AI data‑center and autonomous‑vehicle development. However, the distributed manufacturing model creates new supply‑chain vulnerabilities, as a single compromised chiplet can introduce hardware Trojans that affect entire systems....
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
Dark Reading reported that the npm package for Cline version 2.3.0 was compromised, causing it to silently download the OpenClaw tool during an eight‑hour window. The breach stemmed from a prompt‑injection flaw that allowed an attacker to steal release tokens and...
Connected and Compromised: When IoT Devices Turn Into Threats
The proliferation of consumer and enterprise IoT devices continues unchecked, yet most lack basic security controls such as passwords and encryption. Research presented by Mattia Epifani at RSAC 2026 shows that devices—from Amazon Echo to smart refrigerators—store unprotected audio, credentials, and personal...
More Than 40% of South Africans Were Scammed in 2025
South Africa experienced a staggering 77% scam victimization rate in the 12 months to early 2025, with 42% of adults losing money, averaging $130 per incident. GASA estimates scammers extracted roughly $2.3 billion from over 17.5 million South Africans, equating to about...
Singapore & Its 4 Major Telcos Fend Off Chinese Hackers
Singapore’s Cyber Security Agency and the nation’s four major telcos (M1, Simba Telecom, Singtel, StarHub) launched the "Cyber Guardian" operation, expelling the China‑linked threat actor UNC3886 after an 11‑month campaign. The attackers breached critical network segments but did not steal...
260K+ Chrome Users Duped by Fake AI Browser Extensions
Researchers at LayerX uncovered 30 malicious Chrome extensions masquerading as AI assistants, collectively amassing over 260,000 downloads. These extensions embed attacker‑controlled iframes that capture user prompts, emails, and webpage data, then relay them to remote servers while returning plausible AI...
Zscaler-SquareX Deal Boosts Zero Trust, Secure Browsing Capabilities
Zscaler announced the acquisition of Singapore‑based startup SquareX, adding its Chromium‑based browser extension to the Zero Trust Exchange platform. SquareX’s browser detection and response (BDR) technology provides real‑time threat detection inside browsers on managed and personal devices. The deal, closed...
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Microsoft faces mounting pressure as ransomware groups increasingly leverage bring‑your‑own‑vulnerable‑driver (BYOVD) attacks to neutralize endpoint security tools. While Windows has introduced driver signing enforcement and a vulnerable driver blocklist, legacy compatibility rules allow drivers with expired or revoked certificates to...
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
Booz Allen Hamilton has launched the general availability of Vellox Reverser™, an AI‑driven malware reverse‑engineering platform that automates deep analysis at machine speed. The solution leverages a resilient agentic AI architecture, AWS Lambda, Bedrock and Step Functions to ingest samples,...
Asia Fumbles With Throttling Back Telnet Traffic in Region
Telnet remains a major security weakness in the Asia‑Pacific, accounting for roughly half of the world’s exposed Telnet endpoints. Global throttling on Jan. 14 cut Telnet sessions by 83 % but Asian providers applied inconsistent filters, leaving the region’s traffic relatively high....
SolarWinds WHD Attacks Highlight Risks of Exposed Apps
SolarWinds’ Web Help Desk (WHD) platform has become a favored target after numerous organizations unintentionally exposed the service to the public internet. Attackers are scanning for these open instances, exploiting weak or default credentials to infiltrate ticketing systems. Successful breaches...
![[Virtual Event] Shields Up: Key Technologies Reshaping Cybersecurity Defenses](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt8a0a23d922e8040c/698a52efc397d867074bbec6/DRVE_Event_2060319.png?width=1280&auto=webp&quality=80&disable=upscale)
[Virtual Event] Shields Up: Key Technologies Reshaping Cybersecurity Defenses
The virtual event "Shields Up" spotlights emerging technologies reshaping cybersecurity defenses, featuring a slate of on‑demand webinars that explore AI‑driven attack surfaces, ransomware supply‑chain risks, and AI‑powered threat hunting. Complementary white papers dive into admin‑rights removal, least‑privilege strategies, and real‑world...
OT Attacks Get Scary With 'Living-Off-the-Plant' Techniques
Operational technology (OT) cyberattacks have so far been limited by attackers' lack of deep process knowledge, but experts warn that a shift toward "living‑off‑the‑plant" techniques could enable more damaging exploits. Recent ransomware spillovers into OT and incidents like the Norway...
What Organizations Need to Change When Managing Printers
Jim LaRoe, CEO of Symphion, warns that most enterprises only manage printers for uptime and cost, leaving them unprotected despite comprising 20‑30% of endpoints. He highlights an ownership vacuum, missing budget lines, and reliance on default configurations as core leadership...
'Encrypt It Already' Campaign Pushes Big Tech to Prioritize E2E Encryption
The Electronic Frontier Foundation launched the "Encrypt It Already" campaign to pressure large tech firms to deliver on promised end‑to‑end encryption (E2EE) and to enable those features by default. The initiative highlights lagging implementations at companies such as Bluesky, Ring...
'Damn Vulnerable' Training Apps Leave Vendors' Clouds Exposed
Security researchers discovered that dozens of publicly exposed, intentionally vulnerable training applications—such as Hackazon, OWASP Juice Shop, DVWA and bWAPP—are being run on real cloud infrastructure. These apps often carry over‑permissioned IAM roles, allowing attackers to harvest temporary credentials and...
Mass Spam Attacks Leverage Zendesk Instances
Zendesk reported a wave of mass spam campaigns that exploit its customer‑service platform to send phishing emails. The messages appear to originate from legitimate Zendesk subdomains, tricking recipients into opening malicious links. Zendesk clarified that the campaigns are not linked...
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
Fortinet disclosed a critical OS‑command‑injection flaw in its FortiSIEM platform (CVE‑2025‑64155) on Jan. 13, assigning it a 9.4 CVSS rating. The vulnerability enables unauthenticated remote code execution via crafted TCP requests to the phMonitor service. Within days, security firm Defused reported...
AI System Reduces Attack Reconstruction Time From Weeks to Hours
Pacific Northwest National Laboratory unveiled ALOHA, an AI‑driven system that reconstructs cyber attacks in hours instead of weeks. Leveraging Anthropic’s Claude LLM and MITRE’s Caldera framework, ALOHA translates threat reports into full attack playbooks and automatically tests them against simulated...
Winter Olympics Could Share Podium With Cyberattackers
The Unit 42 report warns that the Milano‑Cortina 2026 Winter Olympics will be a prime target for cyber‑criminals, nation‑state espionage groups, and hacktivists. Ransomware gangs are expected to exploit ticketing, point‑of‑sale and other critical infrastructure for extortion. State‑linked actors such as...
