darkreading Public RSS feed
- 6-Year Ransomware Campaign Targets Turkish Homes & SMBs
by Nate Nelson on April 16, 2026 at 6:00 amWhile enterprises breaches make more headlines, smaller incidents tend to be under-reported, if at all, allowing campaigns to last longer with less disruption.
- Critical MCP Integration Flaw Puts NGINX at Risk
by Jai Vijayan on April 15, 2026 at 9:45 pmAttackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.
- Navigating the Unique Security Risks of Asia’s Digital Supply Chain
by Alexander Culafi on April 15, 2026 at 7:30 pmRegulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle.
- Prepping for ‘Q-Day’: Why Quantum Risk Management Should Start Now
by Rob Wright on April 15, 2026 at 3:12 pmQuantum computers are coming and may impact systems in unexpected ways, and it will “take years to be fully quantum-safe, if ever,” cryptography expert warns.
- Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
by Elizabeth Montalbano on April 15, 2026 at 2:38 pmGoogle, Meta, and Microsoft about half the time don’t comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds.
- Microsoft, Salesforce Patch AI Agent Data Leak Flaws
by Alexander Culafi on April 15, 2026 at 12:00 pmTwo recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
- Microsoft Bets $10B to Boost Japan’s AI, Cybersecurity
by Robert Lemos on April 15, 2026 at 12:00 amThe deal aims to accelerate AI adoption, train workers, and develop cybersecurity partnerships βΒ the latest move by a hyperscaler to compete for sovereign AI and data centers.
- Privilege Elevation Dominates Massive Microsoft Patch Update
by Jai Vijayan on April 14, 2026 at 9:22 pmElevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix.
- EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
by Rob Wright on April 14, 2026 at 8:20 pmStopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.
- War Game Exercise Demonstrates How Social Media Manipulation Works
by Elizabeth Montalbano on April 14, 2026 at 4:06 pmIn an educational game called “Capture the Narrative,” students created bots to sway a fictional election, simulating influence in real-world political scenarios.
- Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
by Matthew Andriani on April 13, 2026 at 9:48 pmSecurity teams can’t test distributed denial-of-service defenses in a vacuum. They need to test during periods of high demand, such as tax-filing deadlines.
- CSA: CISOs Should Prepare for Post-Mythos Exploit Storm
by Alexander Culafi on April 13, 2026 at 9:29 pmIn a new report from the Cloud Security Alliance (CSA), experts warn of an “AI vulnerability storm” triggered by the introduction of Anthropic’s Claude Mythos.
- Adobe Patches Actively Exploited Zero-Day That Lingered for Months
by Jai Vijayan on April 13, 2026 at 8:52 pmAn attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.
- Empty Attestations: OT Lacks the Tools for Cryptographic Readiness
by Brad McInnis on April 13, 2026 at 7:10 pmOT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security.
- APT41 Delivers ‘Zero-Detection’ Backdoor to Harvest Cloud Credentials
by Elizabeth Montalbano on April 13, 2026 at 3:08 pmThe prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.
