DARKReading

Malicious actors are exploiting AI-fabricated software components — presenting a major challenge for securing software supply chains.

The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user's input history feature.

Cybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off.

A threat actor hacked a version of SonicWall's NetExtender SSL VPN application in an effort to trick users into installing a Trojanized version of the product.

The campaign infected devices in the US and Southeast Asia to build an operational relay box (ORB) network for use as an extensive cyber-espionage infrastructure.

America's largest steel producer initially disclosed the breach in May and took potentially affected systems offline to investigation the intrusion and contain any malicious activity.

Trust no longer comes from network boundaries alone but from continuously validating and protecting data and identities at every interaction.

The Canadian Center for Cybersecurity has confirmed that the Chinese state-sponsored cyber-threat actor targeted one of its telecommunications companies in February via a Cisco flaw, as part of global attack wave.

Like its predecessor, SparkCat, the new malware appears to be going after sensitive data — such as seed phrases for cryptocurrency wallets — in device photo galleries.

An AI security researcher has developed a proof of concept that uses subtle, seemingly benign prompts to get GPT and Gemini to generate inappropriate content.