Dark Reading
- Get link
- X
- Other Apps
"Are trade concerns trumping US cybersecurity?"
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 12 December 2025, 1440 UTC.
Content and Source via email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
46
Most popular
by Robert Lemos, Contributing Writer / 38min
The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.
1h
Dark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.
The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks.
Yesterday
by Nate Nelson, Contributing Writer / 7h
Hamas's best hackers have been maturing, building better malware, and spreading their attacks more widely across the region.
by Alexander Culafi / 18h
Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug disclosed last year.
by Arielle Waldman / 23h
Using artificial intelligence in operational technology environments could be a bumpy ride full of trust issues and security challenges.
Dec 10, 2025
by Nate Nelson, Contributing Writer / 1d
Microsoft puts the power of AI in the hands of everyday non-technical Joes. It's a nice idea, and a surefire recipe for security issues.
by Alexander Culafi / 1d
A new twist on the social engineering tactic is making waves, combining SEO poisoning and legitimate AI domains to install malware on victims' computers.
So far the attacks, which compromise virtual network computing (VNC) connections in OT systems, have not been particularly destructive, but this could change as they evolve.
Dec 9, 2025
by Robert Lemos, Contributing Writer / 2d
Ransomware actors have targeted manufacturers, retailers, and the Japanese government, with many organizations requiring months to recover.
Proof-of-concept exploit code is publicly available for two other flaws in this month's Patch Tuesday. In total, the company issued patches for more than 1,150 flaws this year.
Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in order to help ransomware actors reach their target.
by Nate Nelson, Contributing Writer / 2d
Think "Blade Runner," but the robots can be hacked more easily than your home computer.
by Elizabeth Montalbano, Contributing Writer / 2d
Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information.
Dec 8, 2025
by Jai Vijayan, Contributing Writer / 3d
The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.
by Rob Wright / 3d
Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw.
by Alexander Culafi / 3d
The US Treasury's Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time.
by Elizabeth Montalbano, Contributing Writer / 4d
"Broadside" is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.
Dec 6, 2025
by David Schwed / 5d
When hiring a CISO, understand the key difference between engineering and holistic security leaders.
by Robert Lemos, Contributing Writer / 5d
Software teams at Google and other Rust adopters see safer code when using the memory-safe language, as well as fewer rollbacks and less code review.
Dec 5, 2025
by Nate Nelson, Contributing Writer / 6d
Remember when Apple put that U2 album in everyone's music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn't a good idea.
by Alexander Culafi / 6d
A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.
by Robert Lemos, Contributing Writer / 6d
Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.
by Rut Lineswala / 6d
As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.
Dec 4, 2025
Transurban head of cyber defense Muhammad Ali Paracha shares how his team is automating the triaging and scoring of security threats as part of the Black Hat Middle East conference.
State-sponsored actors tied to China continue to target VMware vSphere environments at government and technology organizations.
Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.
by Jeffrey Schwartz / 7d
The deal, believed to be valued at $1 billion, will bring nonhuman identity access control of agents and machines to ServiceNow's offerings, including its new AI Control Tower.
by Nate Nelson, Contributing Writer / 8d
It's the best deal going in cybercrime: fully compromised websites belonging to high-value organizations, for just a couple hundred bucks each.
Dec 3, 2025
by Nate Nelson, Contributing Writer / 8d
Iran's top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game.
by Jai Vijayan, Contributing Writer / 8d
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users.
by Rob Wright / 8d
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers.
The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.
by Elizabeth Montalbano, Contributing Writer / 8d
Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app.
8d
Is the new privacy protocol helping malicious actors more than Internet users?
by Arielle Waldman / 8d
Researchers used prompts and large language models to develop an open source AI framework capable of generating both vulnerability exploits and patches.
by Arielle Waldman / 9d
Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag.
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.