informa
/
Announcements
Event
The Value Drivers of Attack Surface Management, Revealed | May 26 Webinar | <REGISTER NOW>
Event
Implementing and Using XDR to Improve Enterprise Cybersecurity | May 25 Webinar | <REGISTER NOW>
Event
HOW DATA BREACHES HAPPEN & WHAT TO DO WHEN THEY HAPPEN TO YOU | June 23 Virtual Event | <Get Your Pass>
PreviousNext

Vulnerabilities/Threats

Breaking news, news analysis, and expert commentary on cybersecurity threat intelligence, including tools & technologies.

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
May 17, 2022
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.
by Tara Seals, Managing Editor, News, Dark Reading
May 17, 2022
5 min read
Article
FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors
Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.
May 17, 2022
Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.
by Becky Bracken, Editor, Dark Reading
May 17, 2022
2 min read
Article
Widespread Attack on WordPress Sites Targets Tatsu Builder Plug-in
A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.
May 17, 2022
A widespread attack is underway to exploit known RCE flaw in Tatsu Builder WordPress plug-in, according to a new report.
by Dark Reading Staff, Dark Reading
May 17, 2022
1 min read
Article
Google Cloud Aims to Share Its Vetted Open Source Ecosystem
The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
May 17, 2022
The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.
by Robert Lemos, Contributing Writer
May 17, 2022
4 min read
Article
iPhones Open to Attack Even When Off, Researchers Say
Wireless chips that run when the iPhone iOS is shut down can be exploited.
May 16, 2022
Wireless chips that run when the iPhone iOS is shut down can be exploited.
by Dark Reading Staff, Dark Reading
May 16, 2022
1 min read
Article
Open Source Security Gets $30M Boost From Industry Heavy Hitters
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.
May 16, 2022
Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.
by Robert Lemos, Contributing Writer
May 16, 2022
5 min read
Article
NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards
New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.
May 16, 2022
New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.
by Dark Reading Staff, Dark Reading
May 16, 2022
1 min read
Article
Name That Toon: Knives Out
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
May 16, 2022
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
by John Klossner, Cartoonist
May 16, 2022
1 min read
Article
Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut
Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.
May 16, 2022
Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.
by Tara Seals, Managing Editor, News
May 16, 2022
2 min read
Article
US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional
In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
May 16, 2022
In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
by Becky Bracken, Editor, Dark Reading
May 16, 2022
2 min read
Article
How to Turn a Coke Can Into an Eavesdropping Device
Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.
May 14, 2022
Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.
by Robert Lemos, Contributing Writer
May 14, 2022
4 min read
Article
Black Hat Asia: Democracy's Survival Depends on Taming Technology
The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.
May 13, 2022
The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.
by Becky Bracken, Editor, Dark Reading
May 13, 2022
3 min read
Article
Linux, OpenSSF Champion Plan to Improve Open Source Security
The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.
May 13, 2022
The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.
by Dark Reading Staff, Dark Reading
May 13, 2022
2 min read
Article
Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning
A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.
May 13, 2022
A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.
by Tara Seals, Managing Editor, News
May 13, 2022
5 min read
Article
Data Transformation: 3 Sessions to Attend at RSA 2022
Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.
May 13, 2022
Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.
by Liat Hayun, Co-Founder and CEO, Eureka Security
May 13, 2022
4 min read
Article