AI-Powered ‘DeepLoad’ Malware Steals Credentials, Evades Detection
The massive amount of junk code that hides the malware’s logic from security scans was almost certainly generated by AI, researchers say.
-
-
AI-Driven Code Surge Is Forcing a Rethink of AppSec
In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace.
-
Fortinet BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.
-
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. “A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content,” the cybersecurity company said in
-
Manufacturing and Healthcare Share Struggles with Passwords
The two key economic sectors struggle with security for a reason: Many insiders view access management as a roadblock, while attackers see it as a way in.
-
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers…
-
Storm Brews Over Critical, No-Click Telegram Flaw
The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists.
-
⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There’s a bit of everything this week. Persistence plays, legal wins, influence…
-
3 SOC Process Fixes That Unlock Tier 1 Productivity
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary…
-
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year’s findings…