Rethinking Vulnerability Management Strategies for Mid-Market Security
Mid‑market security teams are confronting a widening gap between the surge in disclosed vulnerabilities—rising from roughly 30,000 to 50,000 CVEs annually—and their ability to remediate them quickly. Chris Wallis, founder of Intruder, argues that counting CVEs is insufficient; the real risk lies in how fast organizations can fix exposures, especially mis‑configurations that traditional scanners overlook. He built Intruder to deliver attack‑surface management, enabling stretched teams to prioritize real‑world threats. As mean time to exploit shrinks from months to hours, a shift in strategy is becoming urgent.
AI and Quantum Are Forcing a Rethink of Digital Trust
Enterprises are confronting a seismic shift in digital trust as AI agents multiply, pushing machine‑to‑human identity ratios from 100:1 toward 1,000:1. At the same time, digital certificates are being issued with ever‑shorter lifespans, complicating lifecycle management and increasing the risk...
Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations
Iran has resurrected the state‑backed Pay2Key ransomware operation, enlisting Russian cybercriminal affiliates to target high‑impact U.S. and Israeli entities. The campaign employs “pseudo‑ransomware,” encrypting data while delivering destructive wiper payloads to obscure motives. Affiliate rewards have been boosted to 80%...
AI-Driven Code Surge Is Forcing a Rethink of AppSec
AI‑driven code generation is causing organizations to produce ten to twenty times more software than a year ago, overwhelming traditional application‑security tools. The surge expands the attack surface, making vulnerabilities easier for adversaries to exploit. Black Duck’s CEO Jason Schmitt...
Google Sets 2029 Deadline for Quantum-Safe Cryptography
Google announced it will complete a post‑quantum cryptography (PQC) migration across its products and services by the end of 2029. The timeline aligns with NIST’s 2024 PQC standards, which the company is already using for internal rollouts. Google’s roadmap emphasizes...
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
High‑grade iOS exploit kits Coruna and DarkSword, originally built for espionage, have been leaked to cybercriminals and a Russian state actor UNC6353. Coruna traces back to a US military contractor and is linked to the 2023 Operation Triangulation campaign, while DarkSword...
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
At RSAC 2026, experts warned that the rise of connected and autonomous vehicles is amplifying automotive cyber threats. They recalled the 2015 Jeep Cherokee hack that led to a 1.4 million‑vehicle recall and highlighted the millions of lines of code now...
AI-Powered Dependency Decisions Introduce, Ignore Security Bugs
Sonatype’s latest research reveals that even the most advanced AI models—referred to as frontier models—frequently generate erroneous software‑dependency recommendations, with nearly 28% of suggestions being outright hallucinations. The study examined 258,000 recommendations across Maven, npm, PyPI and NuGet, finding that...
Intermediaries Driving Global Spyware Market Expansion
Intermediaries such as brokers, resellers, and exploit engineers are expanding the global spyware market by obscuring supply chains and facilitating sales to sanctioned or low‑tech nations. A recent Atlantic Council report highlights examples like a South African intermediary for Memento...
At RSAC, the EU Leads While US Officials Are Sidelined
At RSAC 2026 in San Francisco, U.S. agencies such as the FBI, CISA and NSA were absent, while European cyber officials dominated the stage. EU representatives used the forum to push AI‑code guardrails, discuss the upcoming Cybersecurity Resilience Act, and court...
_Panther_Media_GmbH_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Phishers Pose as Palo Alto Networks' Recruiters for Months in Job Scam
Unit 42 at Palo Alto Networks has uncovered a seven‑month phishing campaign in which attackers impersonated the company’s recruiters to target senior professionals. The scammers harvest LinkedIn data to craft highly personalized emails that claim a candidate’s résumé failed an...
Why a 'Near Miss' Database Is Key to Improving Information Sharing
At RSAC 2026, security leaders Wendy Nather and Bob Lord urged the cybersecurity community to treat near‑miss incidents with the same transparency as full breaches. They defined a near miss as an event that almost succeeded, highlighting that many organizations lack...
Ex-NSA Directors Discuss 'Red Line' For Offensive Cyberattacks
At RSAC 2026, four former NSA directors and Cyber Command leaders debated the “red line” that would trigger a kinetic response to a cyberattack. The panel, held shortly after President Trump released a new offensive cyber strategy, emphasized that the...
_imageBROKER.com_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
CSA Launches CSAI Foundation for AI Security
The Cloud Security Alliance unveiled CSAI, a new 501(c)3 nonprofit dedicated to AI security and safety, with a focus on governing the emerging "agentic control plane" that manages identity, authorization, and trust for autonomous AI agents. CSAI will run six...
How a Large Bank Uses AI Digital Twins for Threat Hunting
JPMorgan Chase is deploying an AI‑driven system that creates digital fingerprints and digital twins to monitor employee and AI‑agent behavior across its global workforce. The technology flags anomalous actions, rates their malicious potential, and contextualizes them against external events, aiming...
AI Dominates RSAC Innovation Sandbox
The RSAC Innovation Sandbox returned to the RSA Conference with a full slate of AI‑powered finalists, each pitching a three‑minute solution to a panel of top‑tier investors and security leaders. All ten startups—ranging from social‑engineering detection to AI‑driven code review—qualify...
AI Conundrum: Why MCP Security Can't Be Patched Away
Enterprises are rapidly wiring large language models to external services through the Model Context Protocol (MCP), unlocking powerful automation but also exposing a novel attack surface. Because MCP turns LLMs from passive responders into autonomous agents, they can execute actions...
Post-Quantum Web Could Be Safer, Faster
The IETF’s draft Merkle tree certificates (MTCs) promise a quantum‑resistant web that is both smaller and faster than existing post‑quantum solutions. By compressing certificate data to roughly 840 bytes, MTCs cut bandwidth and latency compared with ML‑DSA signatures that can exceed...
'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft
Researchers at Oasis Security uncovered a trio of vulnerabilities in Anthropic's Claude AI that can be chained into a full‑scale attack dubbed “Claudy Day.” The chain combines an invisible prompt‑injection via URL parameters, an open‑redirect flaw, and a data‑exfiltration route through...
Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads
Researchers from Jscrambler allege that Meta and TikTok advertising pixels harvest extensive personal and financial data from users who click ads, even when users explicitly opt out. The pixels collect PII, credit‑card details, and granular shopping‑flow information, running before consent...
SideWinder Espionage Campaign Expands Across Southeast Asia
The India‑linked SideWinder APT group has broadened its espionage campaign into Southeast Asia, adding Indonesia and Thailand to its target list. Researchers note the group continues to use low‑complexity intrusion methods—government‑audit phishing, stolen credentials, and DLL hijacking—while rotating domains and...
Clear Communication: The Missing Link in Cybersecurity Success
At RSAC 2026, husband‑and‑wife team Rebecca and Kevin Grapsy will present on the critical role of clear communication in cybersecurity. Their talk highlights how technical brilliance alone fails without translating insights for non‑technical stakeholders. They introduce the “Five Points of...
_Tithi_Luadthong_alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Warlock Ransomware Group Augments Post-Exploitation Activities
Warlock ransomware group is expanding its post‑exploitation tactics, leveraging a bring‑your‑own‑vulnerable‑driver (BYOVD) exploit against Microsoft SharePoint servers and deploying tools such as TightVNC and the Yuze reverse‑proxy. The group now uses the NSecKrnl.sys driver to disable security products at the...
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
Researchers at Cofense have uncovered a new phishing campaign that hijacks the LiveChat SaaS support platform to steal sensitive data. The attackers impersonate Amazon or PayPal, using email lures that direct victims to a LiveChat‑hosted page where a human‑operated operator...
Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
Cisco disclosed six new SD‑WAN Manager vulnerabilities, with CVE‑2026‑20127 receiving a perfect 10‑score and confirmed zero‑day exploitation for three years. Researchers warn that the focus on this high‑profile bug has eclipsed CVE‑2026‑20133, a 7.5‑score information‑disclosure flaw that can expose admin...
Cyberattackers Don't Care About Good Causes
A Dark Reading roundtable highlighted that nonprofit organizations, despite being critical infrastructure, are increasingly targeted by cybercriminals because they store sensitive personal and operational data while operating with limited security budgets. Panelists including Wendy Nather of 1Password and Sightline Security’s...
Will AI Save Consumers From Smartphone-Based Phishing Attacks?
The Omdia 2025 Mobile Device Security Consumer Survey finds phishing to be the top smartphone threat, affecting 27% of users and 40% of Americans. Google’s on‑device AI scam detection is available in 27 countries but still misses sophisticated attacks, while...
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Iran’s Ministry of Intelligence and Security (MOIS) is now openly partnering with cyber‑criminal groups, embedding tools like the Rhadamanthys infostealer into its APT operations. The strategy, highlighted by Check Point research, shows MOIS‑run groups such as Void Manticore and MuddyWater buying...
Commercial Spyware Opponents Fear US Policy Shifting
Recent U.S. actions have raised alarms among spyware opponents, as ICE reactivated a contract with Paragon Solutions and the Treasury lifted sanctions on Intellexa executives. Meanwhile, major spyware firms Paragon and NSO Group were sold to U.S. investors, signaling potential...
Xygeni GitHub Action Compromised Via Tag Poison
Xygeni’s official GitHub Action was compromised through a tag‑poisoning attack that redirected the mutable v5 tag to a malicious commit containing a command‑and‑control implant. The attacker leveraged a stolen maintainer personal access token and a compromised GitHub App private key...
'BlackSanta' EDR Killer Targets HR Workflows
Russian‑speaking actors have launched the BlackSanta campaign targeting HR recruitment workflows. The malware is delivered via résumé‑themed ISO files that embed a malicious payload in steganographic images, then uses a shortcut and obfuscated PowerShell to load signed kernel drivers. Once...
Are We Ready for Auto Remediation With Agentic AI?
Organizations are rapidly adopting AI‑driven auto remediation, with 88% using some form of AI and 44% deploying it for most exposure types. The most common automated actions target cloud configuration, network access controls, identity permissions, patch deployment, and infrastructure‑as‑code changes....
EU Auto Rules Shift Gears on Cybersecurity Standards
The European Union’s Euro 7 emissions package now mandates cybersecurity controls for all new vehicles sold in Europe. Manufacturers must obtain security certificates, conduct risk assessments, and guarantee secure transmission of emissions and battery‑durability data. The rules target data tampering,...
Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical
Cisco disclosed 48 vulnerabilities across its ASA, Secure FTD and Secure FMC firewall portfolio, including two CVE‑2026‑20079 and CVE‑2026‑20131 that received a perfect 10‑out‑of‑10 CVSS rating. The critical flaws affect the FMC web interface, enabling authentication bypass and remote code execution with...
LatAm Now Faces 2x More Cyberattacks Than US
Latin America is now the world’s most targeted region for cyber threats, with organizations confronting roughly 3,100 attacks per week—about twice the volume seen in the United States. Check Point’s March 2026 report shows ransomware, infostealers, banking malware and botnets...
Stranger Things Meets Cybersecurity: Lessons From the Hive Mind
The commentary likens modern cyber threats to the "hive mind" of Stranger Things, highlighting how botnets and APTs such as Salt Typhoon exploit default IoT credentials to create sprawling, often unseen attack surfaces. It stresses that telemetry—network traffic, logs, and user‑behavior data—combined...
Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate
Will Thomas, senior threat researcher at Team Cymru, partnered with Interpol on Operation Sentinel, a coordinated bust of an African ransomware, business‑email‑compromise and data‑extortion syndicate. The effort spanned 19 countries, resulted in 574 arrests, seized over 6,000 malicious links and...
Indian APT 'Sloppy Lemming' Targets Defense, Critical Infrastructure
India‑linked APT group Sloppy Lemming has accelerated its campaign, expanding its command‑and‑control infrastructure to over 112 Cloudflare‑hosted domains and deploying custom Rust‑based tools. The group now targets nuclear regulators, defense contractors, and critical infrastructure in Pakistan and Bangladesh, using phishing...
Speakeasies to Shadow AI: Banning AI Browsers Will Fail
Enterprises are grappling with a Gartner recommendation to ban AI‑enabled browsers, citing data leakage, unknown third‑party connections, and prompt‑injection threats. Yet LayerX research shows roughly 20% of corporate users already run GenAI extensions, and AI browsers now power about 85%...
AI Agent Overload: How to Solve the Workload Identity Crisis
Zscaler will address the growing workload identity crisis at RSAC 2026, focusing on AI agents and other non‑human identities that span multi‑cloud and on‑prem environments. The session will expose prevalent insecure practices such as static IP mapping and unrotated keys, and...
The Tug-of-War Over Firewall Backlogs in the AI-Driven Development Era
Developers and security teams are clashing over mounting firewall rule backlogs as AI‑driven development accelerates. Aviatrix reports up to 3,000 pending requests with approval cycles of two to four weeks, forcing developers to idle. Cloud adoption has turned static IP‑based...
30 Alleged Members of 'The Com' Arrested in Project Compass
Europol’s Project Compass, launched in January 2025, has led to the arrest of 30 alleged members of the cyber‑extremist collective known as “The Com,” while identifying a further 179 participants across 28 partner nations. The operation targets a loosely organized network of...
_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Quantum-Resistant Data Diode Secures Sensitive Data on Edge Devices, Critical Systems
Forward Edge‑AI unveiled Isidore Quantum, a palm‑sized data diode that enforces one‑way data flow while encrypting traffic with post‑quantum algorithms such as ML‑KEM and ML‑DSA. The device, co‑developed with the U.S. government and Microsoft, delivers sub‑0.5 ms latency and up to...
Bug in Google's Gemini AI Panel Opens Door to Hijacking
Google patched a high‑severity vulnerability (CVE‑2026‑0628) in the Gemini AI side‑panel of Chrome that could let a malicious extension with basic permissions hijack the panel, capture screenshots, and access the camera, microphone, and local files. Palo Alto Networks’ Unit 42 demonstrated...
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
The recent episode of HBO’s drama "The Pitt" portrayed a hospital’s IT systems being shut down by ransomware, forcing clinicians to revert to paper‑based processes. Hours later, the University of Mississippi Medical Center confirmed a real ransomware breach that crippled...
The Case for Why Better Breach Transparency Matters
Cybersecurity experts Adam Shostack and Adrian Sanabria argue for greater breach transparency at RSA Conference. They highlight that current practices treat incidents as legal liabilities, limiting shared learning. The speakers propose structured feedback loops similar to aviation and medicine. Without...
Marquis V. SonicWall Lawsuit Ups the Breach Blame Game
Fintech firm Marquis, which serves over 700 banks, filed a lawsuit against firewall vendor SonicWall after a ransomware breach exposed client data for roughly 780,000 individuals. SonicWall later disclosed that a breach of its own firewall configuration backups affected all...
PCI Council Says Threats to Payments Systems Are Speeding Up
The PCI Security Standards Council published its inaugural 2025 annual report, the first since its 2006 founding, outlining a surge in payment‑system threats and the council’s expanding role. The report highlights accelerated attacks leveraging AI, ransomware incidents such as BridgePay,...
Why 'Call This Number' TOAD Emails Beat Gateways
Researchers at StrongestLayer analyzed about 5,000 phishing emails that evaded secure email gateways between December 2025 and early 2026. They found that telephone‑oriented attack delivery (TOAD), which consists solely of a phone number, represented roughly 28 % of all bypasses and...
.jpg?width=1280&auto=webp&quality=80&disable=upscale)
'Richter Scale' Model Measures Magnitude of OT Cyber Incidents
The Operational Technology Incident (OTI) Impact Score, unveiled at the S4x26 conference, offers a Richter‑scale‑style metric for gauging OT cyber‑attack consequences. It combines severity, reach, and duration into a single figure, with assessments delivered via an online portal within 12...