Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js’ Single Executable Application (SEA) feature as a way to distribute its payloads. According to…
Dark Reading is looking for leading industry experts with a point of view they want to share with the rest of the cybersecurity community for our new Commentary section. –…
A threat actor known as Storm-2657 has been observed hijacking employee accounts with the end goal of diverting salary payments to attacker-controlled accounts. “Storm-2657 is actively targeting a range of…
Der Sicherheitsvorfall bei SonicWall ist umfangreicher als bisher angenommen. Tada Images – shutterstock.com Am 17. September gab der Security-Anbieter SonicWall bekannt, dass Cyberkriminelle Backup-Dateien entwendet hätten, die für die Cloud-Sicherung…
Velociraptor, the open-source DFIR tool meant to hunt intruders, has itself gone rogue – being picked up by threat actors in coordinated ransomware operations. Never tied to extortion attacks before,…
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer (MFT) that’s assessed to have come under active exploitation since…
The SOC of 2026 will no longer be a human-only battlefield. As organizations scale and threats evolve in sophistication and velocity, a new generation of AI-powered agents is reshaping how…
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.…
Salesforce rekrutiert Security- und Privacy-Agenten Salesforce erweitert seine KI-Plattform für den Einsatz im Bereich Security und Privacy. Im Security Center soll Agentforce neue Sicherheitsfunktionen hinzufügen. Dazu zählen schnelle, gründliche Sicherheitsanalysen,…
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products. The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1),…
For decades, the information security industry has been stuck in a time warp. We face threats shaped by the advancement of cloud infrastructure, autonomous AI, and fragile global supply chains,…
Im April 2021 wurden Daten von mehr als 530 Millionen Facebook-Nutzern gestohlen. Das hat Folgen für den Mutterkonzern Meta. Ascannio – shutterstock.com Nach einem millionenfachen Datendiebstahl bei Facebook vor mehr…
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle’s E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG)…
Sechs Schritte sollten CISOs für einen erfolgreichen Disaster-Recovery- und Business-Continuity-Plan beachten. DC Studio / Shutterstock Die Grundprinzipien der Disaster Recovery (DR) und der Business Continuity sind seit Jahrzehnten weitgehend unverändert:…
While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot. – Read More