DarkReading
- Get link
- X
- Other Apps
"Dormant Iran APT is still alive, spying on dissidents."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 18 December 2025, 1351 UTC.
Content and Source provided by email subscription from https://feedly.com.
https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Dark Reading
Today
by Nate Nelson, Contributing Writer / 46min"Prince of Persia" has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-control server. by George V. Hulme, Contributing Writer / 2hThe future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. First in a three-part series. by Robert Lemos, Contributing Writer / 2hIn the React2Shell saga, non-working and trivial proof-of-concept exploits led to confusion and perhaps a false sense of security. Can the onslaught of PoCs be tamed? by Martin Ward / 2hAs quantum computing advances, interoperable standards will be the key to making quantum key distribution (QKD) practical, trusted, and future-proof.
by Nate Nelson, Contributing Writer / 46min
"Prince of Persia" has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-control server.
by George V. Hulme, Contributing Writer / 2h
The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. First in a three-part series.
by Robert Lemos, Contributing Writer / 2h
In the React2Shell saga, non-working and trivial proof-of-concept exploits led to confusion and perhaps a false sense of security. Can the onslaught of PoCs be tamed?
by Martin Ward / 2h
As quantum computing advances, interoperable standards will be the key to making quantum key distribution (QKD) practical, trusted, and future-proof.
Yesterday
by Jai Vijayan, Contributing Writer / 14hAttackers are targeting admin accounts, and once authenticated, exporting device configurations including hashed credentials and other sensitive information. by Nate Nelson, Contributing Writer / 15hAnthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so. The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store. Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments. by Joan Goodchild / 1dA high-school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders. by Brian Dye / 1dThe key elements in a security operations center's strategy map very closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their "inputs" are strong.
by Jai Vijayan, Contributing Writer / 14h
Attackers are targeting admin accounts, and once authenticated, exporting device configurations including hashed credentials and other sensitive information.
by Nate Nelson, Contributing Writer / 15h
Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.
The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
by Joan Goodchild / 1d
A high-school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders.
by Brian Dye / 1d
The key elements in a security operations center's strategy map very closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their "inputs" are strong.
Dec 16, 2025
by Robert Lemos, Contributing Writer / 1dRapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors. But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company. Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector. by Elizabeth Montalbano, Contributing Writer / 1dUrban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot, and other AI assistants. by Arielle Waldman / 1dExperts predict big changes are coming for IT infrastructure in 2026 driven by AI adoption, hybrid cloud strategies, and evolving security demands.
by Robert Lemos, Contributing Writer / 1d
Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.
But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company.
Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector.
by Elizabeth Montalbano, Contributing Writer / 1d
Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot, and other AI assistants.
by Arielle Waldman / 1d
Experts predict big changes are coming for IT infrastructure in 2026 driven by AI adoption, hybrid cloud strategies, and evolving security demands.
Dec 15, 2025
by Ericka Chickowski, Contributing Writer / 2dManaging general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with. Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week. by Kristina Beek / 2dEtay Maor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity. A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.
by Ericka Chickowski, Contributing Writer / 2d
Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with.
Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.
by Kristina Beek / 2d
Etay Maor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity.
A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.
Dec 12, 2025
by George V. Hulme, Contributing Writer / 5dDigital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISOs and COOs. by Rob Wright / 5dAs exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web application firewall (WAF) rules. by Chrissa Constantine / 5dUnmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers. by Jeffrey Schwartz / 5dThe move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week. by Jeffrey Schwartz / 5dAt this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle. by Jonathan Frost / 5dFinancial institutions must be proactive when identifying and preventing fraudulent activity. Here are five "mule personas" to watch for. by Robert Lemos, Contributing Writer / 5dThe Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say. 6dDark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.
by George V. Hulme, Contributing Writer / 5d
Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISOs and COOs.
by Rob Wright / 5d
As exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web application firewall (WAF) rules.
by Chrissa Constantine / 5d
Unmanaged coding is indeed an alluring idea, but can introduce a host of significant cybersecurity dangers.
by Jeffrey Schwartz / 5d
The move aims to expand the use of Security Copilot and comes with the launch of 12 new agents from Microsoft at the company's Ignite conference last week.
by Jeffrey Schwartz / 5d
At this week's Black Hat Europe conference, two researchers urged developers to adopt a shared responsibility model for open source software and not leave it all up to GitHub to handle.
by Jonathan Frost / 5d
Financial institutions must be proactive when identifying and preventing fraudulent activity. Here are five "mule personas" to watch for.
by Robert Lemos, Contributing Writer / 5d
The Trump administration appears to have dropped sanctions against Chinese actors for the Salt Typhoon attacks on US telecoms; but focusing on diplomacy alone misses the full picture, experts say.
6d
Dark Reading will continue to publish Tech Talks and Ask the Expert pieces in the Commentary section. Read on for submission guidelines.
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.