-
A new infostealing malware making the rounds can exfiltrate credentials and other system data even from browsing software considered more privacy-focused than mainstream options. Read More
-
_Pattara_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The rise of agentic AI means the battle of the machines is just beginning. To win, we’ll need our own agents — human and machine — working together. Read More
-
Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry. Read More
-
Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims’ networks. Read More
-
AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do. Read More
-
Arrests and indictments keep coming, but the North Korean fake IT worker scheme is only snowballing, and businesses can’t afford to assume their applicant-screening processes are up to the task of weeding the imposters out. Read More
-
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang. The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se…
-
Storm-2603, a China-based threat actor, is targeting SharePoint customers in an ongoing ransomware campaign. Read More
-
KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries. Image:…
-
Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. “An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if successfully exploited, could allow an unauthenticated attacker to conduct an authentication bypass attack …