The conversation around the UK’s Online Safety Act has transformed over the past week. Since it came into force last Friday (25th July 2025), there […]
Dark Reading News Desk Turns 10, Back at Black Hat USA for 2025
Dark Reading’s 2025 News Desk marks a decade of Black Hat USA memories. We’re making our return with a slate of interviews that help you […]
Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection
Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. […]
SafePay Ransomware Strikes 260+ Victims Across Multiple Countries
The SafePay ransomware organization has quickly become a powerful operator since its initial detection in September 2024, marking a startling increase in the cyber threat […]
LLMs’ AI-Generated Code Remains Wildly Insecure
Security debt ahoy: Only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it […]
LockBit Operators Use Stealthy DLL Sideloading to Mask Malicious App as Legitimate One
Operators of LockBit ransomware have improved their tactics, methods, and procedures (TTPs) to avoid detection and increase damage in the always changing world of cyberthreats. […]
Qilin Ransomware Sees Surge After Collapse of Dominant RansomHub RaaS
The ransomware landscape underwent significant disruption, marked by the abrupt cessation of operations from several prominent Ransomware-as-a-Service (RaaS) groups, including RansomHub, Babuk-Bjorka, FunkSec, BianLian, 8Base, […]
Storm-2603 Deploys Custom Malware Using BYOVD to Bypass Endpoint Protections
Check Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid […]
Lazarus Hackers Weaponize 234 npm and PyPI Packages to Infect Developers
Sonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed […]
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as […]