Security Bulletin

APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.

The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims with infostealer infections.

Crowdsourced bug bounties and pen-testing firms see AI agents stealing the low-hanging vulnerabilities from their human counterparts. Oversight remains key.

The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges.

People trust organizations to do the right thing, but some websites and apps have user interfaces that ultimately lead to inadequate security for users.

A malware-free phishing campaign targets corporate inboxes and asks employees to view "request orders," ultimately leading to Dropbox credential theft.

Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises.

State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.

Following its attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.

Megjelent a SANS és a Nemzetbiztonsági Szakszolgálat Nemzeti Kiberbiztonsági Intézet közös kiadványának 2026. februári száma, melyben azzal foglalkozunk, hogy a mai összetett digitális világban egyre nehezebb megvédeni a magánéletünket és személyes...

Investors poured $140 million into Torq's Series D Round, bringing the startup's valuation to $1.2 billion, to bring AI-based "hyper automation" to SOCs.

Dark Reading asked readers whether agentic AI attacks, advanced deepfake threats, board recognition of cyber as a top priority, or password-less technology adoption would be most likely to become a trending reality for 2026.