darkreading

The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed.

Japan is being peppered with an overwhelming volume of spam, thanks to a new platform popular across the East China Sea.

Microsoft researchers identify 10 new potential pitfalls for companies that are developing or deploying agentic AI systems, with failures potentially leading to the AI becoming a malicious insider.

The 15th annual event helps countries test and develop defenses against current and emerging cyber threats, including disinformation, quantum computing, and AI.

European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?

The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.

IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.

CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.

The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.

The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.

As attacks accelerate, security leaders must act to gain visibility across their entire institution's network and systems and continuously educate their users on best practices.

Documented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week.

Researchers from Arctic Wolf Labs detailed a new spear-phishing campaign that targets hiring managers and recruiters by posing as a job seeker.

While passkeys offer enhanced security against phishing and credential theft, implementation hurdles, cross-platform inconsistencies, and user experience challenges pose significant barriers to widespread adoption.

Industry experts at RSAC 2025 called for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about Internet anonymity, mental health, and the growing disconnect between generations.

After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists' rights and ensuring they receive fair compensation for their work.

When designed with strong governance principles, AI can drive innovation while maintaining the people's trust and security.

A series of cyberattacks have struck multiple major British retailers in recent weeks, and a ransomware gang has reportedly claimed responsibility.