Fraud Investigation Techniques
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong ...
DPRK Actors Deploy VS Code Tunnels for Remote Hacking
A spear-phishing campaign tied to the Democratic People's Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detec...
Filling the Most Common Gaps in Google Workspace Security
Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams in...
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic math...
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the relea...
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall con...
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communi...
Dark Reading Confidential: Reviving the Hacker Ethos That Built Cybersecurity
Dark Reading Confidential Episode 14: How curious, ethical problem solving can continue to serve as a guiding principle for an evolving...
AI Agents Undermine Progress in Browser Security
Web browser companies have put in substantial effort over the past three decades to strengthen the browser security stack against abuse...
‘Contagious Interview’ Attack Now Delivers Backdoor Via VS Code
Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no other user...