Why Security Leadership Makes or Breaks a Pen Test
Well-run security drills go beyond checking audit boxes to identify and address trouble spots. Effective leaders can ensure proper scope,…
Cyber Security
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a…
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according…
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use…
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since…
The Insurance Industry Is Rewriting Cybersecurity Strategy
Why the Economics of Cyber Risk Are Changing How Organizations Think About Cybersecurity Cybersecurity used to be a technology problem.…
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind:…
How the Story of a USB Penetration Test Went Viral
Two decades ago Dark Reading posted its first blockbuster — a story from a pen tester who sprinkled rigged thumb…
How the Story of a USB Penetration Test Went Viral
Two decades ago Dark Reading posted its first blockbuster — a column by a pen tester who sprinkled rigged thumb…
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according…