Trust Wallet Hack: $8.5M Drained via Shai-Hulud Supply Chain Attack
Trust Wallet suffered an $8.5 million loss after a malicious Chrome extension update, stemming from a supply chain attack leveraging exposed GitHub secrets.
Singapore’s CSA warns of a CVSS 10.0 SmarterMail vulnerability enabling unauthenticated remote code execution via file upload; a patch is now available.
Read more
AI NewsCybersecurityThreat Intelligence
Cybersecurity Predictions 2026: AI Arms Race; Malware Autonomy
Cybersecurity predictions for 2026 indicate an escalating AI arms race, with attackers leveraging autonomous malware and defenders adopting AI-powered tools.
Read more
AI NewsCybersecuritySOC Operations
How to Integrate AI into Modern SOC Workflows
The 2025 SANS SOC Survey shows 69% of SOCs still rely on manual reporting processes, highlighting a key area for AI integration.
Read more
AI NewsCybersecurityThreat Intelligence
Mustang Panda Employs Signed Rootkit for TONESHELL Backdoor Deployment
Mustang Panda used a signed kernel-mode rootkit to deploy the TONESHELL backdoor, targeting Asian government networks and evading detection.
Read more
AI NewsCybersecurityRisk Management
New Tech Deployments That Cyber Insurers Recommend for 2026
Cyber insurers recommend six key technologies to mitigate risk, as phishing attack damages skyrocketed 30% in the first half of 2025.
Read more
AI NewsCybersecurityMalware
Silver Fox Targets Indian Users With ValleyRAT Malware via Tax-Themed Phishing
Silver Fox is deploying ValleyRAT, a modular Windows RAT, through India income tax phishing emails, resulting in potential credential theft and system compromise.
Read more
AI NewsCybersecuritySoftware Engineering
Stop the Hijack: A Developer's Guide to AI Agent Security and Tool Guardrails
Autonomous AI agents introduce new security risks like Indirect Prompt Injection and Tool Inversion, requiring robust defenses like PoLP and runtime guardrails.
Read more
AI NewsCybersecurityThreat Intelligence
5 Threats That Defined Security in 2025
2025 saw significant security threats including the continued attacks of Salt Typhoon, CISA budget cuts, and the critical React2Shell vulnerability.
Read more
AI NewsCybersecurityDevSecOps
Stop Secrets Creep Across Developer Platforms
Dark Reading Confidential Episode 13 reveals a 23 million exposed secrets in the public space in the last year, highlighting the growing risk of developer-exposed sensitive information.
Read more
AI NewsCybersecurityDatabases
MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation
A critical MongoDB flaw, CVE-2025-14847, is under active exploitation, impacting over 87,000 servers globally.
Read more
AI NewsCybersecuritySoftware Supply Chain
SBOMs in 2026: Acknowledging the Gap Between Theory and Practice
Despite a US government mandate and EU regulations, widespread SBOM adoption remains hampered by inaccuracies and a lack of actionable data.
Read more
AI NewsCybersecurityRisk Management
Traditional Security Frameworks Leave Organizations Exposed to AI-Specific Attack Vectors
AI-driven attacks leaked 23.77 million secrets in 2024, highlighting critical gaps in traditional security frameworks like NIST, ISO, and CIS.
Weekly 2025 cyber recap: MongoBleed impacts 87,000 instances, Trust Wallet suffers a $7M loss, and malicious actors increasingly leverage AI tools.
Read more
AI NewsCybersecurityRisk Management
Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats
Cybersecurity experts predict a surge in AI-driven threats in 2026, prompting a shift toward resilience and recovery over traditional prevention strategies.
CVE-2025-14847, a high-severity flaw in MongoDB, allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive data.
Read more
AI NewsCybersecuritySoftware Supply Chain
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials
Researchers identified 27 malicious npm packages used over five months to host phishing pages, resulting in credential theft from targeted organizations.
Read more
AI NewsCybersecuritySoftware Vulnerability
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe serialization.
Read more
AI NewsApplication SecurityCybersecurity
Dark Reading Launches 2025 State of Application Security Survey
Dark Reading's new survey aims to uncover trends in application security, with 44% of respondents citing a lack of skills as the biggest obstacle.
Read more
AI NewsCybersecurityCareer Development
Mentorship & Diversity: Shaping the Next Gen of Cyber Experts
Webster Bank CISO Patricia Voight emphasizes the importance of mentorship, diversity, and adapting to the evolving cybersecurity landscape.
Read more
AI NewsCybersecurityBlockchain
Trust Wallet Chrome Extension Hack Results in $7 Million Crypto Loss
Trust Wallet suffered a security breach in its Chrome extension v2.68, resulting in approximately $7 million in cryptocurrency losses for users.