Security
Headlines
HeadlinesLatestCVEs

Source

DARKReading

The Ransomware Holiday Bind: Burnout or Be Vulnerable

Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag.

DARKReading
AI Bolsters Python Variant of Brazilian WhatsApp Attacks

Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app.

#sap
China Researches Ways to Disrupt Satellite Internet

While satellite constellations — such as Starlink — are resilient, 2,000 drones could cut communications to a region the size of Taiwan, researchers find.

While ECH Adoption Is Low, Risks Remain for Enterprises, End Users

Is the new privacy protocol helping malicious actors more than Internet users?

Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor

New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations.

Researchers Use Poetry to Jailbreak AI Models

When prompts were presented in poetic rather than prose form, attack success rates increased from 8% to 43%, on average — a fivefold increase.

New Raptor Framework Uses Agentic Workflows to Create Patches

Researchers utilized prompts and large language models to develop an open-source AI framework capable of generating both vulnerability exploits and patches.

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.

Tomiris Unleashes 'Havoc' With New Tools, Tactics

The Russian-speaking group is targeting government and diplomatic entities in CIS member states and Central Asia in its latest cyber-espionage campaign.

CodeRED Emergency Alert Platform Shut Down Following Cyberattack

The Inc ransomware gang took responsibility for the attack earlier this month and claimed it stole sensitive subscriber data.