[ad_1] Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate …
Developer Workstations Are Now Part of the Software Supply Chain Read More
[ad_1] The tabletop exercise has a complacency problem. Organizations run through their incident response plans, everyone nods along, and the debrief confirms what the team already …
Rethinking Tabletops with Reflex Security Read More
[ad_1] Ravie LakshmananMay 17, 2026Server Security / Vulnerability A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its …
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE Read More
[ad_1] Ravie LakshmananMay 17, 2026Data Breach / Cybercrime Grafana has disclosed that an « unauthorized party » obtained a token that granted them the ability to access the company’s GitHub environment and …
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt Read More
[ad_1] Ravie LakshmananMay 16, 2026Vulnerability / Website Security A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious …
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming Read More
[ad_1] OPINION Are you freaking out? It feels like the entire industry is losing its head over the collision of two huge security pressures. First, every development team has suddenly …
The Boring Stuff is Dangerous Now Read More
[ad_1] Ravie LakshmananMay 15, 2026Botnet / Threat Intelligence The Russian state-sponsored hacking group known as The tower has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s …
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access Read More
[ad_1] This week’s Department of Know is hosted by Rich Stroffolinowith guests Gary ChanCISO, SSM Health and Peter LiebertCISO, Salesloft. Missed the live show? Check it out on YouTube. The …
GemStuffer attack, AI SBOMs, and AI-created zero-days Read More
[ad_1] Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, …
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence Read More
[ad_1] Robert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood …
Cyber Pioneers Ponder Past as Prologue Read More