darkreading
Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft
16 hours 16 minutes ago
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.
Alexander Culafi
'GitLost' Flaw Leaks Private Data From GitHub's Agentic Workflows
21 hours 28 minutes ago
The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data from its private repos, too.
Elizabeth Montalbano
'BusySnake' Infostealer Slithers Into Critical Infrastructure Networks
1 day 15 hours ago
A threat group researchers call "Armored Likho" has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan.
Jai Vijayan
CitrixBleed-ing Again? NetScaler Vulnerability Under Attack
1 day 15 hours ago
Attackers wasted little time targeting the latest memory disclosure flaw in Citrix's NetScaler products, after researchers published a proof-of-concept exploit (PoC).
Rob Wright
JadePuffer: The First Complete LLM-Driven Ransomware Attack
1 day 20 hours ago
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.
Elizabeth Montalbano
Chinese LLMs Broaden the Gap Between Attackers & Defenders
4 days 23 hours ago
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
Robert Lemos
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
5 days 13 hours ago
Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses.
Nate Nelson
Apple Reverses Age-Old Patch Policy to Keep Up With AI
5 days 17 hours ago
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
Nate Nelson
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
5 days 17 hours ago
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
Rob Wright
Ransomware Thugs Masquerade as Interpol to Entice Small Biz
5 days 18 hours ago
The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.
Jai Vijayan
Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.
6 days ago
IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open source software supply chain.
Jeffrey Schwartz
Crafty Phishing Campaigns Auto-Adapt to Victim's Device, OS
6 days 16 hours ago
Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability.
Alexander Culafi
And the Winner in Dominant Malware Delivery? ClickFix
6 days 17 hours ago
Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it's now the rule.
Rob Wright
When Too Much Security Data Becomes the Risk
6 days 21 hours ago
Rapid growth turned routine firewall logs into a security and budget liability. One CISO used artificial intelligence to filter what data truly belongs in the SIEM.
Joan Goodchild
'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
6 days 21 hours ago
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
Elizabeth Montalbano
Safe Events Start With Threat Intel & Digital Security
6 days 23 hours ago
Planning ahead to defend against cyber threats is the work that keeps events uneventful.
Olga Polishchuk
China-Linked Group Targets Southeast Asia Critical Systems
1 week ago
The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.
Robert Lemos
Fake Bug Report Hijacks AI Coding Agents at Scale
1 week ago
"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.
Jai Vijayan
Attackers Seize Exposed AI Endpoints to Power Offensive Ops
1 week ago
Threat actors don't need any special authentication to reach a target endpoint — they just need to know where it is.
Alexander Culafi
Checked
15 hours 42 minutes ago
Public RSS feed
darkreading feed