Cybersecurity company Huntress on Friday warned of “widespread compromise” of SonicWall SSL VPN devices to access multiple customer environments. “Threat actors are authenticating into multiple accounts rapidly across compromised devices,” it said. “The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing.” A significant chunk of…

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or Gold Salem), which is known for deploying the Warlock and LockBit ransomware. The threat actor’s use of the security utility was documented by Sophos last month. It’s assessed that…

The security company looks to tackle new authentication challenges that could lead to credential leakage, as enterprises increasingly leverage AI browser agents. ​ ​ ​Read More

RondoDox takes a hit-and-run, shotgun approach to exploiting bugs in consumer edge devices around the world. ​ ​ ​Read More

Ransomware gangs continue to set their sights on the manufacturing industry, but companies are taking steps to protect themselves, starting with implementing timely patch management protocols. ​ ​ ​Read More

The vast majority of organizations are encountering AI-augmented threats, but remain confident in their defenses, despite inadequate detection investment and more than half falling to successful attacks. ​ ​ ​Read More

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It’s assessed that the malware is being propagated through…

Dark Reading is looking for leading industry experts with a point of view they want to share with the rest of the cybersecurity community for our new Commentary section. ​ ​ ​Read More

A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. “Storm-2657 is actively targeting a range of U.S.-based organizations, particularly employees in sectors like higher education, to gain access to third-party human resources (HR) software as a service (SaaS) platforms like Workday,”…

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that’s assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11 following a “potential vulnerability” reported by a customer, uncovering “potentially…