darkreading Public RSS feed
- Figma MCP Server Opens Orgs to Agentic AI Compromise
by Tara Seals on October 8, 2025 at 5:14 pmPatch now: A bug (CVE-2025-53967) in the popular Web design tool’s option for talking to agentic AI can lead to remote code execution (RCE).
- China-Nexus Actors Weaponize ‘Nezha’ Open Source Tool
by Nate Nelson, Contributing Writer on October 8, 2025 at 2:02 pmA threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead.
- Calling All Influencers: Spear-Phishers Dangle Tesla, Red Bull Jobs
by Elizabeth Montalbano, Contributing Writer on October 8, 2025 at 1:48 pmWanna work for a hot brand? Cyberattackers continue to evolve lures for job seekers in an impersonation campaign aimed at stealing résumés from social media pros.
- Cyberattack Leads to Beer Shortage as Asahi Recovers
by Robert Lemos, Contributing Writer on October 8, 2025 at 1:00 amA ransomware last week left the Asahi brewery in Japan struggling to take orders and deliver its products domestically, as manufacturers become a favored target.
- Attackers Season Spam With a Touch of ‘Salt’
by Jai Vijayan, Contributing Writer on October 7, 2025 at 9:18 pmResearchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms.
- Security Concerns Shadow Vibe Coding Adoption
by Alexander Culafi on October 7, 2025 at 7:08 pmIn a recent poll, readers shared how they’re using vibe coding in AppDev (if they are at all). While some found success, others found the risks too great.
- Medusa Ransomware Actors Exploit Critical Fortra GoAnywhere Flaw
by Rob Wright on October 7, 2025 at 4:59 pmResearchers say exploitation of CVE-2025-10035 requires a private key, and it’s unclear how Storm-1175 threat actors pulled this off.
- Patch Now: ‘RediShell’ Threatens Cloud Via Redis RCE
by Elizabeth Montalbano, Contributing Writer on October 7, 2025 at 10:35 amA 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed.
- Cyberattackers Exploit Zimbra Zero-Day Via ICS
by Jai Vijayan, Contributing Writer on October 6, 2025 at 8:12 pmA threat actor purporting to be from the Libyan Navy’s Office of Protocol targeted Brazil’s military earlier this year using the rare tactic.
- Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw
by Alexander Culafi on October 6, 2025 at 7:05 pmThe infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability.
- Chinese Gov’t Fronts Trick the West to Obtain Cyber Tech
by Nate Nelson, Contributing Writer on October 6, 2025 at 2:09 pmOutwardly neutral Chinese institutions have been collaborating with Western orgs and researchers for the benefit of PRC state intelligence.
- Self-Propagating Malware Hits WhatsApp Users in Brazil
by Elizabeth Montalbano, Contributing Writer on October 6, 2025 at 9:54 amThe enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud financial institutions in the region.
- Scattered Lapsus$ Hunters Returns With Salesforce Leak Site
by Rob Wright on October 3, 2025 at 7:27 pmAfter claiming it would shut down, the cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce customers by Oct. 10 if its demands are not met.
- Dutch Authorities Arrest Two Teens for Alleged Pro-Russian Espionage
by Kristina Beek on October 3, 2025 at 7:07 pmDutch Prime Minister Dick Schoof described the incident as part of a broader pattern of Russian hybrid attacks against Europe.
- Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business
by Robert Lemos, Contributing Writer on October 3, 2025 at 3:30 pmThe company likely failed to completely clean out attackers from a previous breach and now is a case study for the high cost of ransomware.
