darkreading

A Chinese APT is going where most APTs don't: deep into the cloud, compromising supply chains and deploying uncommon malware.

A bug in the control board that connects peripheral devices in commonly used Dell laptops allowed malicious access all the way down to the firmware running on the device chip, new research finds.

Music tastes, location information, even encrypted messages — Apple's servers are gathering a "surprising" amount of personal data through Apple Intelligence, Lumia Security's Yoav Magid warns in his new analysis.

The operation disrupted countless scams, and authorities seized a significant amount of evidence and recovered nearly $100 million in lost funds.

CVE-2025-43300 is the latest zero-day bug used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.

The growing ecosystem of agents, chatbots, and machine credentials that outnumber human users by an order of magnitude is creating a poorly understood but potentially major security issue.

Some insurers look to limit payouts to companies that don't remediate serious vulnerabilities in a timely manner. Unsurprisingly, most companies don't like those restrictions.

AI-assisted security reviews from Anthropic and others could help level up enterprise application security in the era of vibe coding.

While the furor from CISO prosecutions has died down, worries continue over a lack of liability protections and potential targeting by cybercriminals and hackers for their privileged roles.

Trend Micro's Salvatore Gariuolo talks with the Black Hat USA 2025 News Desk about how the new ISO 15118 standard for electric vehicle smart charging and vehicle-to-grid communications can be weaponized by threat actors.

Noah Michael Urban, 20, was one of several members of the Scattered Spider collective who were arrested and charged in 2024 in connection with high-profile cyberattacks.

By using brief, plain clues in their prompts that are likely to influence the app to query older models, a user can downgrade ChatGPT for malicious ends.

Sam Collins and Marius Muench of the University of Birmingham, UK, join the Black Hat USA 2025 News Desk to explain how anti-cheat systems in video games provide valuable lessons on defending against threat actors' techniques and strategies.

NCC Group's David Brauchler III shares how foundational controls and threat modeling strategies can help secure agentic AI tools in ways traditional guardrails can't.

New research highlights how threat actors abuse legitimate virtual private server offerings in order to spin up infrastructure cheaply, quietly, and fast.

Quick recovery relies on three security measures.

Teenaged security researchers Sasha Zyuzin and Ruikai Peng discuss how their new vulnerability discovery framework leverages LLMs to address limitations of the past.

Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest security assets.

Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia's research labs.