WhatsApp Leaks User Metadata to Attackers – Dark Reading
Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity. – Read More
Dark Reading
How NIST’s Cutback of CVE Handling Impacts Cyber Teams – Dark Reading
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST’s decision to cut back on CVE data enrichment. – Read More
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing – Dark Reading
In embracing device code phishing, attackers trick victims into handing over account access by using a service’s legitimate new-device login flow. – Read More
Every Old Vulnerability Is Now an AI Vulnerability – Dark Reading
AI’s danger isn’t that it’s creating new bugs, it’s that it’s amplifying old ones. – Read More
Coast Guard’s New Cybersecurity Rules Offers Lessons for CISOs – Dark Reading
The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role. – Read More
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities – Dark Reading
The National Institute of Standards and Technology carved a new path for vulnerability remediation by changing the way it prioritizes software flaws. – Read More
North Korea Uses ClickFix to Target macOS Users’ Data – Dark Reading
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. – Read More
‘Harmless’ Global Adware Transforms Into an AV Killer – Dark Reading
A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender. – Read More
Two-Factor Authentication Breaks Free from the Desktop – Dark Reading
Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world. – Read More
Microsoft’s Original Windows Secure Boot Certificate Is Expiring – Dark Reading
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon. – Read More
6-Year Ransomware Campaign Targets Turkish Homes & SMBs – Dark Reading
While enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption. – Read More
Critical MCP Integration Flaw Puts NGINX at Risk – Dark Reading
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files. – Read More
Navigating the Unique Security Risks of Asia’s Digital Supply Chain – Dark Reading
Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle. – Read More
Prepping for ‘Q-Day’: Why Quantum Risk Management Should Start Now – Dark Reading
Quantum computers are coming and may impact systems in unexpected ways, and it will “take years to be fully quantum-safe, if ever,” cryptography expert warns. – Read More
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests – Dark Reading
Google, Meta, and Microsoft about half the time don’t comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds. – Read More