Dark Reading
@darkreading.bsky.social
One of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.
Attackers Exploited Gogs Zero-Day Flaw for Months: https://bit.ly/4aKW1SW by Alexander Culafi
Attackers Exploited Gogs Zero-Day Flaw for Months
Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.
bit.ly
December 11, 2025 at 9:52 PM
Attackers Exploited Gogs Zero-Day Flaw for Months: https://bit.ly/4aKW1SW by Alexander Culafi
Copilot's No-Code AI Agents Liable to Leak Company Data: https://bit.ly/4iReVtn by Nate Nelson
Copilot's No Code AI Agents Liable to Leak Company Data
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
bit.ly
December 11, 2025 at 9:51 PM
Copilot's No-Code AI Agents Liable to Leak Company Data: https://bit.ly/4iReVtn by Nate Nelson
Latest on @darkreading.bsky.social
The Edge: AI in OT Sparks Cascade of Complex Challenges https://zpr.io/nmywiBXmtCHr #DRTheEdge #darkreading #cybersecurity
The Edge: AI in OT Sparks Cascade of Complex Challenges https://zpr.io/nmywiBXmtCHr #DRTheEdge #darkreading #cybersecurity
AI in OT Sparks Cascade of Complex Challenges
Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.
zpr.io
December 11, 2025 at 2:51 PM
Latest on @darkreading.bsky.social
The Edge: AI in OT Sparks Cascade of Complex Challenges https://zpr.io/nmywiBXmtCHr #DRTheEdge #darkreading #cybersecurity
The Edge: AI in OT Sparks Cascade of Complex Challenges https://zpr.io/nmywiBXmtCHr #DRTheEdge #darkreading #cybersecurity
Storm-0249 Abuses EDR Processes in Stealthy Attacks: https://bit.ly/4j9Y45r by Jai Vijayan
Storm-0249 Abuses EDR Processes in Stealthy Attacks
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.
bit.ly
December 10, 2025 at 10:30 PM
Storm-0249 Abuses EDR Processes in Stealthy Attacks: https://bit.ly/4j9Y45r by Jai Vijayan
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery: https://bit.ly/3Mx7Jqg by Alexander Culafi
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery
A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' computers.
bit.ly
December 10, 2025 at 9:52 PM
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery: https://bit.ly/3Mx7Jqg by Alexander Culafi
Feds: Pro-Russia Hactivists Target US Critical Infrastructure: https://bit.ly/3YrA57T by Elizabeth Montalbano
CISA: Pro-Russia Hactivists Target US Critical Infrastructure
So far the attacks, which compromise VNC connections in OT systems, have not been particularly destructive, but this could change as they evolve.
bit.ly
December 10, 2025 at 9:51 PM
Feds: Pro-Russia Hactivists Target US Critical Infrastructure: https://bit.ly/3YrA57T by Elizabeth Montalbano
Japanese Firms Suffer Long Tail of Ransomware Damage: https://bit.ly/4q37HoG by Robert Lemos #DRGlobal
Japanese Firms Suffer Long Tail of Ransomware Damage
Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.
bit.ly
December 10, 2025 at 9:40 PM
Japanese Firms Suffer Long Tail of Ransomware Damage: https://bit.ly/4q37HoG by Robert Lemos #DRGlobal
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR: https://bit.ly/3XMbPNH by Alexander Culafi
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR
Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target.
bit.ly
December 9, 2025 at 9:15 PM
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR: https://bit.ly/3XMbPNH by Alexander Culafi
Analysts Warn of Cybersecurity Risks in Humanoid Robots: https://bit.ly/44SI3L1 by Nate Nelson
Analysts Warn of Cybersecurity Risks in Humanoid Robots
Think "Blade Runner," but the robots can be hacked more easily than your home computer.
bit.ly
December 9, 2025 at 8:59 PM
Analysts Warn of Cybersecurity Risks in Humanoid Robots: https://bit.ly/44SI3L1 by Nate Nelson
Gemini Enterprise No-Click Flaw Exposes Sensitive Data: https://bit.ly/48HVIG1 by Elizabeth Montalbano
Gemini Enterprise No-Click Flaw Exposes Sensitive Data
Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate info.
bit.ly
December 9, 2025 at 8:49 PM
Gemini Enterprise No-Click Flaw Exposes Sensitive Data: https://bit.ly/48HVIG1 by Elizabeth Montalbano
Apache Issues Max-Severity Tika CVE After Patch Miss: https://bit.ly/4pw2hTa by Jai Vijayan
Apache Issues Max-Severity Tika CVE After Patch Miss
The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.
bit.ly
December 8, 2025 at 10:25 PM
Apache Issues Max-Severity Tika CVE After Patch Miss: https://bit.ly/4pw2hTa by Jai Vijayan
Exploitation Activity Ramps Up Against React2Shell: https://bit.ly/44eCjLm by Rob Wright
Exploitation Activity Ramps Up Against React2Shell
Attacks against CVE-2025-55182, which began almost immediately after public disclosure, have increased as more threat actors take advantage of the flaw.
bit.ly
December 8, 2025 at 10:25 PM
Exploitation Activity Ramps Up Against React2Shell: https://bit.ly/44eCjLm by Rob Wright
CISOs Should Be Asking These Quantum Questions Today: https://bit.ly/48LHQKN by Rut Lineswala, founder & CTO , bQp
CISOs Should Be Asking These Quantum Questions Today
As quantum moves into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.
bit.ly
December 8, 2025 at 10:09 PM
CISOs Should Be Asking These Quantum Questions Today: https://bit.ly/48LHQKN by Rut Lineswala, founder & CTO , bQp
'Broadside' Mirai Variant Targets Maritime Logistics Sector: https://bit.ly/4a4C5KC by Elizabeth Montalbano
"Broadside" Mirai Variant Targets Maritime Logistics Sector
'Broadside' is targeting a critical flaw in DVR systems to conduct command injection attacks that can hijack devices for persistence and lateral movement.
bit.ly
December 8, 2025 at 9:45 PM
'Broadside' Mirai Variant Targets Maritime Logistics Sector: https://bit.ly/4a4C5KC by Elizabeth Montalbano
Latest on @darkreading.bsky.social
The Edge: A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability https://zpr.io/Fs2yeeASXM6u #DRTheEdge #darkreading #cybersecurity
The Edge: A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability https://zpr.io/Fs2yeeASXM6u #DRTheEdge #darkreading #cybersecurity
A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability
When hiring a CISO, understand the key difference between engineering and holistic security leaders.
zpr.io
December 6, 2025 at 5:42 PM
Latest on @darkreading.bsky.social
The Edge: A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability https://zpr.io/Fs2yeeASXM6u #DRTheEdge #darkreading #cybersecurity
The Edge: A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability https://zpr.io/Fs2yeeASXM6u #DRTheEdge #darkreading #cybersecurity
Latest on @darkreading.bsky.social DR Technology: Rust Code Delivers Better Security, Also Streamlines DevOps https://zpr.io/JvsD6Ddbgx2U #DRTechnology #darkreading #cybersecurity
Rust Code Delivers Better Security, Also Streamlines DevOps
Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review.
zpr.io
December 6, 2025 at 5:10 PM
Latest on @darkreading.bsky.social DR Technology: Rust Code Delivers Better Security, Also Streamlines DevOps https://zpr.io/JvsD6Ddbgx2U #DRTechnology #darkreading #cybersecurity
India Rolls Back App Mandate Amid Surveillance Concerns: https://bit.ly/3KfNBbB by Nate Nelson
India Rolls Back App Mandate Amid Surveillance Concerns
Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that with a mobile cybersecurity app for all of its citizens.
bit.ly
December 5, 2025 at 9:51 PM
India Rolls Back App Mandate Amid Surveillance Concerns: https://bit.ly/3KfNBbB by Nate Nelson
Threat Landscape Grows Increasingly Dangerous for Manufacturers: https://bit.ly/3YaPTvH by Robert Lemos
Threat Landscape Grows Increasingly Dangerous for Manufacturers
Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.
bit.ly
December 5, 2025 at 8:19 PM
Threat Landscape Grows Increasingly Dangerous for Manufacturers: https://bit.ly/3YaPTvH by Robert Lemos
React2Shell Vulnerability Under Attack from China-Nexus Groups: https://bit.ly/48TMA2e by Alexander Culafi
React2Shell Vulnerability Under Attack from China-Nexus Groups
A maximum-severity vulnerability affecting the React JavaScript library is under attack by Chinese-nexus actors, further stressing the need to patch now.
bit.ly
December 5, 2025 at 8:18 PM
React2Shell Vulnerability Under Attack from China-Nexus Groups: https://bit.ly/48TMA2e by Alexander Culafi
Latest on @darkreading.bsky.social DR Technology: How Agentic AI Can Boost Cyber Defense https://zpr.io/uG6LWYbz5jz6 #DRTechnology #darkreading #cybersecurity
How Agentic AI Can Boost Cyber Defense
Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference.
zpr.io
December 4, 2025 at 11:20 PM
Latest on @darkreading.bsky.social DR Technology: How Agentic AI Can Boost Cyber Defense https://zpr.io/uG6LWYbz5jz6 #DRTechnology #darkreading #cybersecurity
CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks: https://bit.ly/3XBPbaO by Rob Wright
CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.
bit.ly
December 4, 2025 at 10:47 PM
CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks: https://bit.ly/3XBPbaO by Rob Wright
CISA Publishes Security Guidance for Using AI in OT: https://bit.ly/4iESO9y by Alexander Culafi
CISA Publishes Security Guidance for Using AI in OT
Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.
bit.ly
December 4, 2025 at 10:20 PM
CISA Publishes Security Guidance for Using AI in OT: https://bit.ly/4iESO9y by Alexander Culafi
Student Sells Gov't, University Sites to Chinese Actors: https://bit.ly/48hSpX2 by Nate Nelson
Student Sells Gov't, University Sites to Chinese Actors
It's the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each.
bit.ly
December 4, 2025 at 10:19 PM
Student Sells Gov't, University Sites to Chinese Actors: https://bit.ly/48hSpX2 by Nate Nelson
ServiceNow's Acquisition of NHI Provider Veza Strengthens Governance Portfolio: https://bit.ly/3Msqr2d by Jeffrey Schwartz #DRTech
ServiceNow to Acquire NHI Provider Veza in Governance Play
The deal, believed to be valued at $1 billion, will bring non-human identity access control of agents and machines to ServiceNow’s offerings
bit.ly
December 4, 2025 at 7:36 PM
ServiceNow's Acquisition of NHI Provider Veza Strengthens Governance Portfolio: https://bit.ly/3Msqr2d by Jeffrey Schwartz #DRTech
'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic: https://bit.ly/3XUV96R by Nate Nelson #DRGlobal
'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic
Iran's top state-sponsored APT tried out some interesting evasion tactics in a recent spate of attacks, delving into Snake, an old-school mobile game.
bit.ly
December 4, 2025 at 7:35 PM
'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic: https://bit.ly/3XUV96R by Nate Nelson #DRGlobal