Technology Intelligence

Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026

AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference.

House Dems decry confirmed ICE usage of Paragon spyware

The trio of Democrats weren’t satisfied with Immigration and Customs Enforcement answers, and criticized the spyware’s use. The post House Dems decry confirmed ICE usage of Paragon spyware appeared first on CyberScoop .

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]

Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate

The company's 8-K filing notes "unauthorized access" and that it's activated business continuity plans and taken some systems offline.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it tracks as

Security Bosses Are All-In on AI. Here's Why

CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real world, as well as its future promise.

Drift loses $280 million as hackers seize Security Council powers

The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. [...]

GCP-2026-017

[object Object]

The democratisation of business email compromise fraud

This week, Martin tells the story of a crime he encountered and how it shows that the threat landscape is changing.

Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea

The platform released a post-mortem on Wednesday night explaining that malicious actors gained access to Drift systems through a “novel attack” that involved the “rapid takeover” of the company’s security council administrative powers.

Apple Rolls Out DarkSword Exploit Protection to More Devices

The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors. The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek .

Lawmakers renew push for Labor Department-backed cyber apprenticeship grants

The bipartisan, bicameral Cyber Ready Workforce Act aims to cut into the country’s deficit of cybersecurity professionals. The post Lawmakers renew push for Labor Department-backed cyber apprenticeship grants appeared first on CyberScoop .

RSAC 2026: AI Dominates, But Community Remains Key to Security

As AI took center stage at this year's conference, experts debated automation, oversight and the evolving role of human intelligence in cybersecurity — despite the US government's notable absence.

Residential proxies evaded IP reputation checks in 78% of 4B sessions

Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. [...]

Medtech giant Stryker says it’s back up after Iranian cyberattack

The Handala group claimed responsibility for hitting the company with a wiper attack last month. The post Medtech giant Stryker says it’s back up after Iranian cyberattack appeared first on CyberScoop .

Cybersecurity M&A Roundup: 38 Deals Announced in March 2026

Significant cybersecurity M&A deals announced by Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI. The post Cybersecurity M&A Roundup: 38 Deals Announced in March 2026 appeared first on SecurityWeek .

New 'Storm' Infostealer Remotely Decrypts Stolen Credentials

This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls

NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts

The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks

Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime

Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...]

New Progress ShareFile flaws can be chained in pre-auth RCE attacks

Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. [...]

Apple Expands iOS 18 Security Updates Amid DarkSword Threat

iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit

Medtech giant Stryker fully operational after data-wiping attack

Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. [...]

[Video] The TTP Ep 21: When Attackers Become Trusted Users

An episode of the Talos Threat Perspective on the 2025 Year in Review trends. We explore how identity is being used to gain, extend, and maintain access inside environments.

Bank Trojan 'Casbaneiro' Worms Through Latin America

Augmented Marauder's multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly.

GitHub Used as Covert Channel in Multi-Stage Malware Campaign

LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list includes researchers chaining small bugs together to create massive backdoors, old software flaws

CISA Adds One Known Exploited Vulnerability to Catalog

<p>CISA has added&nbsp;one&nbsp;new&nbsp;vulnerability&nbsp;to its&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.&nbsp;</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-3502" target="_blank">CVE-2026-3502</a>&nbsp;TrueConf&nbsp;Client Download of Code Without Int

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration," Elastic

The State of Trusted Open Source Report

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on what teams pull, deploy, and maintain day to day, alongside the vulnerabilities and

UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications

Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging a collection framework dubbed “NEXUS Listener.”

Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders

A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now.

Sophisticated CrystalX RAT Emerges

The malware can spy on victims, steal their information, and make configuration changes on devices. The post Sophisticated CrystalX RAT Emerges appeared first on SecurityWeek .

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are located in Italy. It's assessed that the threat actors behind the activity used social engineering

Microsoft links Classic Outlook issue to email delivery problems

Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. [...]

Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents

Variance has raised a total of $26 million in funding and the latest investment will fuel platform growth. The post Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents appeared first on SecurityWeek .

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security

Linx Security Raises $50 Million for Identity Security and Governance

The company will accelerate product development, scale go-to-market efforts, and expand its global footprint. The post Linx Security Raises $50 Million for Identity Security and Governance appeared first on SecurityWeek .

WhatsApp warns users of fake app used to distribute spyware

The Meta subsidiary alleges that Italy’s SIO spyware manufacturer designed the phony app specifically for iPhones. Most of the impacted users are in Italy, according to a WhatsApp announcement.

New CrystalRAT malware adds RAT, stealer and prankware features

A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. [...]

Crypto platform Drift suspends services after millions stolen in security incident

Security experts believe hundreds of millions of dollars worth of cryptocurrency were stolen from decentralized finance platform Drift on Wednesday after the site confirmed it was experiencing a cyberattack.

Nissan says stolen data came from third-party vendor after hacking group claims breach

A hacking group claimed this week to have breached the file-transfer system used by a company that offers services to Nissan and Infiniti dealerships across North America. Nissan said there was no indication "customer information was accessed or put at risk."

LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut

A newly released study exclusively shared with Dark Reading details the unique circumstances that make up Latin America's labor pool, and why organizations may want to expand their talent search.

Mercor confirms security incident tied to LiteLLM supply chain attack

Although the LiteLLM attack was reportedly tied to a group called TeamPCP, the hacking gang Lapsus$ claimed on its website that it obtained hundreds of gigabytes of Mercor’s data.

Threat Brief: Widespread Impact of the Axios Supply Chain Attack

Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup. The post Threat Brief: Widespread Impact of the Axios Supply Chain Attack appeared first on Unit 42 .

'NoVoice' Android malware on Google Play infected 2.3 million devices

A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times. [...]

Cyberattacks Intensify Pressure on Latin American Governments

Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector.

Depthfirst Raises $80 Million in Series B Funding

The startup will expand its AI research team, train additional security models, and scale enterprise adoption. The post Depthfirst Raises $80 Million in Series B Funding appeared first on SecurityWeek .

Cambodia extradites alleged cyber scam linchpin to China as crackdown intensifies

Li Xiong was the head of Huione Group, whose branded entities at one time included an online banking arm, cryptocurrency exchange and online marketplace which has been referred to as an “Amazon for criminals.”

Hasbro takes some systems offline after cybersecurity incident

The company filed a notice with the Securities Exchange Commission (SEC) on Wednesday warning investors that its IT team discovered unauthorized access on March 28.

Toy Giant Hasbro Hit by Cyberattack

The company is investigating the full scope of the incident, including whether any files have been compromised. The post Toy Giant Hasbro Hit by Cyberattack appeared first on SecurityWeek .

New DeepLoad Malware Dropped in ClickFix Attacks

The malware steals credentials, installs a malicious browser extension, and can spread via USB drives. The post New DeepLoad Malware Dropped in ClickFix Attacks appeared first on SecurityWeek .

Google Introduces Android Dev Verification Amid Openness Debate

Android requires dev identity verification for sideloaded apps; phased global rollout from September

Venom Stealer MaaS Platform Commoditizes ClickFix Attacks

A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks.

European-Chinese geopolitical issues drive renewed cyberespionage campaign

Proofpoint researchers say the group behind the surge, TA416, had turned away from Europe for a few years. The post European-Chinese geopolitical issues drive renewed cyberespionage campaign appeared first on CyberScoop .

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It's currently not known what lures the threat actors use to trick users into

Routine Access Is Powering Modern Intrusions, a New Threat Report Finds

Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. [...]

FBI Warns of Data Security Risks From China-Made Mobile Apps

The agency has not named the problematic foreign-made applications, but TikTok and Temu come to mind. The post FBI Warns of Data Security Risks From China-Made Mobile Apps appeared first on SecurityWeek .

US Charges Uranium Crypto Exchange Hacker

Jonathan Spalletta exploited smart contract vulnerabilities to steal approximately $55 million in cryptocurrency and cause Uranium to shut down. The post US Charges Uranium Crypto Exchange Hacker appeared first on SecurityWeek .

New Venom Stealer MaaS Platform Automates Continuous Data Theft

Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration

Webinar Today: Agentic AI vs. Identity’s Last Mile Problem

Join the webcast as we explore what Agentic AI can and cannot solve today, and real world breach scenarios linked to disconnected applications. The post Webinar Today: Agentic AI vs. Identity’s Last Mile Problem appeared first on SecurityWeek .

Block the Prompt, Not the Work: The End of "Doctor No"

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn&rsquo;t build. It doesn&rsquo;t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache &

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro in

Romania under daily barrage of cyberattacks, defense minister says

Romanian government institutions are facing thousands of cyberattack attempts every day targeting a wide range of public institutions, Defense Minister Radu Miruta said.

Chinese Hackers Target European Governments in Espionage Campaigns

Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint

FBI warns against using Chinese mobile apps due to privacy risks

The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers. [...]

Hacker zielen auf Exilportal Iranwire

Unbekannte sollen das Exilportal Iranwire gehackt haben. PX Media – shutterstock.com Hacker haben nach Angaben der iranischen Justiz mutmaßlich Zugriff auf Daten eines bekannten Exilportals erlangt. Dabei seien große Menge an Daten erbeutet worden, darunter Schriftwechsel, Listen von Angestellten, Informanten sowie streng vertrauliche Daten, berichtete das Sprachrohr der iranischen Justiz, die Nac

Are We Training AI Too Late?

Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors.

Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year

Most UK manufacturers compromised last year suffered financial loss, says ESET

Hackers Hijack Axios npm Package to Spread RATs

Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn

Digital assets after death: Managing risks to your loved one’s digital estate

Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay.

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told The Hacker News in a statement. "North Korean

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks has disclosed the details of its analysis of Google Cloud Platform’s Vertex AI. The post Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents appeared first on SecurityWeek .

Im Fokus: IT-Leadership

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said in a statement shared with CNBC News. "This was a release packaging issue caused by human error, not a security

Enterprise Spotlight: Setting the 2026 IT agenda

IT leaders are setting their operations strategies for 2026 with an eye toward agility, flexibility, and tangible business results. Download the January 2026 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World and learn about the trends and technologies that will drive the IT agenda in the year ahead.

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.

Claude Code source code accidentally leaked in NPM package

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. [...]

White House executive order purports to limit mail-in voting, mandate federal voter lists

The order is expected to be quickly challenged in court, where the Trump administration’s previous efforts have been struck down as unconstitutional. The post White House executive order purports to limit mail-in voting, mandate federal voter lists appeared first on CyberScoop .

Proton launches new "Meet" privacy-focused conferencing platform

Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams. [...]

The Forgotten Endpoint: Security Risks of Dormant Devices

Technology Talk: That forgotten notebook holds plenty of secrets to enterprise access.

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

Google's Vertex AI Is Over-Privileged. That's a Problem

Palo Alto Networks researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

GCP-2026-014

[object Object]

GCP-2026-010

[object Object]

GCP-2026-011

[object Object]

GCP-2026-007

[object Object]

GCP-2026-003

[object Object]

GCP-2026-013

[object Object]

GCP-2026-009

[object Object]

GCP-2026-005

[object Object]

GCP-2026-016

[object Object]

GCP-2026-008

[object Object]

GCP-2026-006

[object Object]

GCP-2026-002

[object Object]

GCP-2026-015

[object Object]

GCP-2026-004

[object Object]

GCP-2026-012

[object Object]

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia, Singapore, and Thailand this September, before it expands globally next year. As part of this

Cisco source code stolen in Trivy-linked dev environment breach

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. [...]

Censys Raises $70 Million for Internet Intelligence Platform

The latest funding round brings the total venture capital investment in Censys to $149 million. The post Censys Raises $70 Million for Internet Intelligence Platform appeared first on SecurityWeek .

Maryland Man Charged Over $53m Uranium Finance Crypto Hack

Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds

AI and Quantum Are Forcing a Rethink of Digital Trust

In a conversation with Dark Reading’s Terry Sweeney, DigiCert CEO Amit Sinha explains how AI-driven identities and quantum threats are reshaping the foundations of digital trust.

How to Categorize AI Agents and Prioritize Risk

AI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. [...]

Phantom Project Bundles Infostealer, Crypter and RAT For Sale

Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. [...]

ChatGPT Security Issue Enabled Data Theft via Single Prompt

OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole

Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in

​Microsoft has resolved a known issue that rendered the classic Outlook email client unusable for users who enabled the Microsoft Teams Meeting Add-in. [...]

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare: the weaponization of Artificial Intelligence. Threat actors

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating

Double Agents: Exposing Security Blind Spots in GCP Vertex AI

Unit 42 uncovers a "double agent" flaw in Google Cloud's Vertex AI, demonstrating how overprivileged AI agents can compromise cloud environments. The post Double Agents: Exposing Security Blind Spots in GCP Vertex AI appeared first on Unit 42 .

NCSC Urges Immediate Patching of F5 BIG-IP Bug

The National Cyber Security Centre wants UK firms to patch CVE-2025-53521

This month in security with Tony Anscombe – March 2026 edition

The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake dependency. According to StepSecurity, the two

AI-Powered 'DeepLoad' Malware Steals Credentials, Evades Detection

The massive amount of junk code that hides the malware's logic from security scans was almost certainly generated by AI, researchers say.

AI-Driven Code Surge Is Forcing a Rethink of AppSec

In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace.

Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’

DeepLoad logs keystrokes, buries details behind reams of AI-generated code, and re-infect hosts days after being blocked, according to ReliaQuest. The post Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’ appeared first on CyberScoop .

F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation

CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.

Manufacturing &amp; Healthcare Share Struggles with Passwords

The two key economic sectors struggle with security for a reason: Many insiders view access management as a roadblock, while attackers see it as a way in.

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai

Cybercriminals Exploit Tax Season With New Phishing Tactics

Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams

Optimizing Risk Discovery and Remediation with Qualys Gateway Service (QGS)

Unpatched vulnerabilities remain one of the largest drivers of cyber risk, accounting for&#160;nearly 60%&#160;of cyber compromises. Modern security programs are therefore measured not only by how quickly they discover risk, but also by how efficiently they remediate it. As organizations scale vulnerability management and patching operations, network efficiency, bandwidth utilization, and connecti

Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers

Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling

DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection

Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials

ICO Fines UK Nuisance Call Scammers £100,000

The UK Information Commissioner’s Office has handed a £100,000 fine to Birmingham-based TMAC

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement

TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under the monikers Callisto,

Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data

The FBI said it was aware of hackers targeting Patel’s personal email, and that no government information was taken. The post Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data appeared first on CyberScoop .

Security leaders say the next two years are going to be &#8216;insane&#8217;

Kevin Mandia, Morgan Adamski, and Alex Stamos tell CyberScoop that AI is finding bugs faster than anyone can fix them, exploit development is accelerating, and most organizations aren't prepared for what's coming. The post Security leaders say the next two years are going to be &#8216;insane&#8217; appeared first on CyberScoop .

China Upgrades the Backdoor It Uses to Spy on Telcos Globally

Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.

Wartime Usage of Compromised IP Cameras Highlight Their Danger

The list of countries exploiting Internet-connected cameras to give them eyes inside their adversaries' borders continues to expand. What should companies look out for?

New Wave of AiTM Phishing Targets TikTok for Business

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware

Google Sets 2029 Deadline for Quantum-Safe Cryptography

The post-quantum future may be coming sooner than you think, as Google plans to have PQC migration in place by 2029.

RSAC 2026 wrap-up – Week in security with Tony Anscombe

This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with

A cunning predator: How Silver Fox preys on Japanese firms this tax season

Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them