Attackers spent five months silently stealing emails from a stock exchange executive’s Outlook account in a suspected espionage operation. A threat actor quietly sat inside a senior executive’s Outlook account at a major global stock exchange for roughly 150 days, from October 2025 to March 2026. Broadcom’s Symantec and Carbon Black threat-hunting team investigated the…
Tag: five
AI, Apps, Exploits, Global Security News, malware, Risk Management
Zapier fixes bug chain that researchers say risked widespread account takeover
Security researchers chained together five separate weaknesses in the popular workflow automation service Zapier that, if first discovered by a malicious actor, could have granted access to millions of user accounts and the systems those accounts connect to. The flaws, disclosed by security firm Token Security, did not require malware or insider access. The only…
AI, Apps, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Another IT governance headache: AI-enabled sanction evasion
Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns. The report, Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing, from the Royal United…
AI, Apps, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Another IT governance headache: AI-enabled sanction evasion
Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns. The report, Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing, from the Royal United…
Global Security News
When ransomware shutters the ER, cyber resilience can help teams mitigate the damage
Here’s five ways to implement a cyber resilience plan well before a medical facility experiences a crisis.
Global Security News
Remembering Tim Wilson, Whose Legacy Lives on at Dark Reading
The co-founder and former editor-in-chief passed away five years ago in November. As Dark Reading enters is third decade, we pause to celebrate and honor Wilson’s instrumental role in building and elevating the media site.
Europe, Global Security News
The Infosecurity Europe Cyber Startup Competition: Meet the Finalists
New for 2026, the Infosecurity Europe Startup competition will see five finalists pitch their ideas in front of a live audience, including senior industry leaders, investors and buyers
AI, Global Security News
The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl
Anthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in code as to be, in the company’s own words, “dangerously good.” So good, in fact, that…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning your exit from legacy MDM as soon as possible.” He was commenting…
AI, Data Breaches, Europe, Exploits, Global Security News, Risk Management, Russia
Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare
Poland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has published a detailed account of a sustained campaign targeting the country’s water plants, documenting security breaches at five water treatment facilities in 2025. The incidents mark one of the…
AI, Global Security News, Government & Policy, Politics, Venture
She Opposed His Plan for a Blockchain City. Now He’s Bankrolling Her Primary Opponent.
Five years ago, a Nevada state senator helped kill a crypto tycoon’s vision of a blockchain city in the Reno desert. Now, that lawmaker is running for higher office, and the crypto mogul is bankrolling her primary opponent to the tune of millions. The battle playing out in the state attorney general’s race is one…
AI, Exploits, Global Security News
Unpatched ‘PhantomRPC’ Flaw in Windows Enables Privilege Escalation
A researcher discovered five different exploit paths that stem from an architectural weakness in how Windows’ Remote Procedure Call (RPC) mechanism handles connections to unavailable services.
AI, Cybersecurity, Global Security News, Network Security
6 Winter 2026 G2 Leader Badges prove this DDoS protection stands out
NETSCOUT’s Arbor Threat Mitigation System (TMS) was honored with five badges, while Arbor Sightline earned one badge on G2 for the winter 2026 quarter. These badges span multiple categories. Arbor TMS was awarded badges in the following categories for winter 2026: Leader – Enterprise DDoS Protection Momentum Leader – DDoS Protection Regional Leader (Asia) – DDoS Protection Leader –…
Cybersecurity, Global Security News
Lies, Damned Lies, and Cybersecurity Metrics
A panel of five C-suite leaders discuss how cybersecurity success is measured and why it isn’t improving results.
AI, APAC, Compliance, Endpoint, Global Security News, Network Security, Risk Management
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
I recently had the opportunity to review five popular SIEM solutions as part of a judging panel for a Security award. While each platform had its own unique flair, their core promises were remarkably consistent: 24/7/365 SOC monitoring: Round-the-clock coverage backed by global experts to validate and prioritize alerts. Proactive threat hunting: Active searches for…
AI, Global Security News
OpenSSH 10.3 patches five security bugs and drops legacy rekeying support
OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH implementations that do not support rekeying. Rekeying compatibility removed SSH clients and servers that lack rekeying support will fail when they attempt to interoperate with OpenSSH going forward. The project removed the…
AI, Exploits, Global Security News, Government & Policy, malware, Risk Management
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware program that runs with root privileges. The CVE-2025-53521 vulnerability was first disclosed…
Global Security News
Five Faces Deploys Patient Check-In and Queueing at Peninsula University Hospital
Australian patient experience provider Five Faces has deployed a Patient Check-In and Queueing solution for ambulatory care appointments at Peninsula University Hospital in Frankston, Melbourne.
AI, Cybersecurity, Global Security News
One Google Login, Five Blockchains, Zero Seed Phrases: Inside Banana Gun’s Approach to Crypto Trading
In the latest development, Banana Gun now facilitates one Google login, five blockchains, zero seed phrases for crypto trading. Ask someone why they have not tried trading on a decentralized exchange and the answer is rarely “I don’t want to.” It is almost always “I don’t know how to set up a wallet.” MetaMask extensions,…
AI, Global Security News
SANS: Top 5 Most Dangerous New Attack Techniques to Watch
For the first time, SANS Institute’s five top attack techniques all have one thing in common – AI.
Endpoint, Global Security News, Risk Management
Your security stack looks fine from the dashboard and that’s the problem
One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience Risk Index, has barely moved in a year, even as organizations continue to add security tools and increase…
Global Security News
AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials
HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network switches without any credentials. The critical flaw, CVE-2026-23813, scored 9.8 out of 10 on the CVSSv3.1 scale. According to a security advisory HPE published on…
Cybersecurity, Global Security News
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below – chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March
AI, Global Security News
AI Security Startups Dominate New Cyber Innovation Awards
Over one in five winners of IT-Harvest’s 2026 Cyber 150 are AI security companies
AI, Exploits, Global Security News, Government & Policy, malware
Google uncovers Coruna iOS Exploit Kit targeting iOS 13–17.2.1
Google warns of the Coruna iOS exploit kit, using 23 exploits across five chains to target iPhones running iOS 13–17.2.1, but not the latest iOS. Google’s Threat Intelligence Group has identified a powerful new iOS exploit kit called Coruna (also known as CryptoWaters) that targets Apple iPhones running iOS versions 13.0 through 17.2.1. The kit…
AI, Apps, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security, Risk Management
Iranian cyberattacks fail to materialize but threat remains acute
Five days into US and Israel’s war with Iran, the worst predictions for cyber-retaliation have yet to materialize. But Iran has built one of the world’s most active cyber operations, which means this is likely a temporary reprieve, experts warn. At the weekend, both the UK National Cyber Security Centre (NCSC) and the Canadian Centre…
AI, Apps, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security, Risk Management
Iranian cyberattacks fail to materialize but threat remains acute
Five days into US and Israel’s war with Iran, the worst predictions for cyber-retaliation have yet to materialize. But Iran has built one of the world’s most active cyber operations, which means this is likely a temporary reprieve, experts warn. At the weekend, both the UK National Cyber Security Centre (NCSC) and the Canadian Centre…
Global Security News
North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day
Cybersecurity agencies across the Five Eyes alliance have issued an emergency directive warning that a critical Cisco SD-WAN vulnerability is being actively exploited to gain unauthorized access to federal networks. Officials confirmed that threat actors are targeting core SD-WAN control systems —infrastructure that manages traffic across government and enterprise networks — and urged organizations to…
AI, Compliance, Global Security News, Risk Management
Just 22% of Australian employees are sticking to company AI-approved tools, says latest Qualtrics report
GUEST OPINION: Almost four out of five Australians are defying company policy and using unauthorised AI tools creating potential security and compliance risks, according to the 2026 Qualtrics Employee Experience Trends Report.
AI, Global Security News
Ukrainian convicted for helping fake North Korean IT workers
A Ukrainian man has been sentenced to five years in prison after helping North Korean IT workers infiltrate American companies using stolen identities, reports Bleepingcomputer. The 39-year-old man from Kiev pleaded guilty in November 2025 to charges including aggravated identity theft and conspiracy to commit fraud. He has also agreed to surrender assets worth over…
AI, Global Security News, Government & Policy, Network Security
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
A Ukrainian man was sentenced to five years in the U.S. for helping North Korean IT workers use stolen identities to get hired by U.S. firms. Oleksandr “Alexander” Didenko, a 29-year-old Ukrainian national, has been sentenced to five years in a U.S. prison for supporting North Korea’s fraudulent IT worker scheme. Didenko admitted stealing U.S.…
AI, Global Security News
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea’s fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr “Alexander” Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to…
AI, Global Security News
Ukrainian gets 5 years for helping North Koreans infiltrate US firms
A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies. […]
AI, Global Security News, Network Security, Russia
Public mobile networks are being weaponized for combat drone operations
On June 1, 2025, Ukraine launched a coordinated drone strike on five airfields inside Russia, disabling or destroying aircrafts. The attack involved more than 100 drones carrying explosive payloads and targeting aircraft on the ground. The drones used mobile networks to transmit telemetry, receive instructions, and send back images during the operation, highlighting the integration…
AI, Global Security News
Glendale man gets 5 years in prison for role in darknet drug ring
A Glendale man was sentenced to nearly five years in federal prison for his role in a darknet drug trafficking operation that sold cocaine, methamphetamine, MDMA, and ketamine to customers across the United States. […]