darkreading

DARPA's Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale.

At one point, Al-Tahery Al-Mashriky was hacking thousands of websites within the span of three months while stealing personal data and sensitive information.

Detailed spear-phishing emails sent to European government entities in Seoul are being tied to North Korea, China, or both.

The goal of the Quantum-Safe Program is to ensure that by 2033 all Microsoft products and services are safe by default against quantum-based attacks.

The dangers are particularly severe when they secure IT positions with privileged access and administrative permissions.

The vulnerabilities themselves aren't new, but are being exploited in a novel manner that could lead to a "devastating attack."

Researchers highlight how Warlock, a new ransomware heavyweight, uses its sophisticated capabilities to target on-premises SharePoint instances.

Some LLM-created scripts and emails can lower the barrier of entry for low-skill attackers, who can use services like Lovable to create convincing, effective websites in minutes.

In the past year, "Static Tundra," aka "Energetic Bear," has breached thousands of end-of-life Cisco devices unpatched against a 2018 flaw, in a campaign targeting enterprises and critical infrastructure.

Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up.

VisionSpace Technologies' Andrzej Olchawa and Milenko Starcik discussed a set of vulnerabilities capable of ending space missions at the Black Hat USA 2025 News Desk.

The combined company will provide customers with enhanced AI-driven identity verification to counter agentic AI, deepfakes, synthetic fraud, and more.

We can strip attackers of their power by implementing layered defenses, ruthless patch management, and incident response that assumes failure and prioritizes transparency.

The uptick in breaches in Asia has prompted a Japanese chipmaker and the Singaporean government to require vendors to pass cybersecurity checks to do business.

This attack was seemingly more successful than the first iteration, causing disruptions at the plant.

Cybersecurity risks can come from everywhere, as these riveting Dark Reading News Desk videos detail. Check out Part 1 of our broadcast coverage of the top research presented at Black Hat USA 2025.

As more organizations integrate vibe coding and AI-assisted coding into their application development processes, it's important to remember to put security first.

The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.

Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" — and what that means for cyber-risk.

Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.