DARKReading

Think "Blade Runner," but the robots can be hacked more easily than your home computer.

Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information.

The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.

Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw.

The US Treasury's Financial Crimes Enforcement Network shared data showing how dramatically ransomware attacks have changed over time.

"Broadside" is targeting a critical flaw in DVR systems to conduct command injection attacks, which can hijack devices to achieve persistence and move laterally.

Software teams at Google and other Rust adopters see safer code when using the memory-safe language, as well as fewer rollbacks and less code review.

The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users.

The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers.

The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.