Blog

Documented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week.

Researchers from Arctic Wolf Labs detailed a new spear-phishing campaign that targets hiring managers and recruiters by posing as a job seeker.

After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists’ rights and ensuring they receive fair compensation for their work.

Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. “These vulnerabilities can be chained by

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions

When designed with strong governance principles, AI can drive innovation while maintaining the people’s trust and security.

What if attackers aren’t breaking in—they’re already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the…

Let’s be honest: if you’re one of the first (or the first) security hires at a small or midsize business, chances are you’re also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running a security department. You are THE security department. You’re getting pinged about RFPs in one…

The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. “TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information,” Recorded Future Insikt Group said. “TerraLogger, by contrast

Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system’s primary disk and render it unbootable. The names of the packages are listed below – github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy “Despite appearing legitimate,