Latest News
Cisco Talos researchers have discovered a dangerous new malware framework called PS1Bot. Active since early 2025, this sophisticated…
Organizations increasingly use agents to automate mundane tasks and address an overwhelming amount of sensitive data. However, adoption requires strict security strategies that keep humans in the loop for now.
In this Dark Reading News Desk interview, Google's Mark Berschadski highlights the critical role browsers play in today's work environment and how Chrome Enterprise is evolving to meet modern security challenges while enabling productivity.
Cybercriminals are auctioning off live email credentials, giving other criminals access to sensitive systems, confidential intelligence, and, potentially, a higher success rate than ever.
The US National Institute of Standards and Technology updated its Digital Identity Guidelines to match current threats. The document detailed technical recommendations as well as suggestions for organizations.
Two critical N-able vulnerabilities enable local code execution and command injection; they require authentication to exploit, suggesting they wouldn't be seen at the beginning of an exploit chain.
Security budgets are lowest in healthcare, professional and business services, retail, and hospitality, but budget growth remained above 5% in financial services, insurance, and tech.
A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code.
**Summary** [Amazon Elastic Container Service (Amazon ECS)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an [introspection API](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/introspection-diag.html) that provides information about the overall state of the Amazon ECS agent and the container instances. We identified CVE-2025-9039, an issue in the Amazon ECS agent. **Impact** Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. Impacted vers...
Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign.