[Dark Reading Virtual Event] Cybersecurity Outlook 2026

Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools

Microsoft announced two new Windows 11 recovery features today at the Ignite developer conference, called Cloud Rebuild and Point-in-Time Restore (PITR), that aim to reduce downtime and make it easier to recover from system failures or faulty updates. [...]

Fortinet warns of new FortiWeb zero-day exploited in attacks

Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. [...]

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount at

Microsoft to integrate Sysmon directly into Windows 11, Server 2025

Microsoft announced today that it will integrate Sysmon natively into Windows 11 and Windows Server 2025 next year, making it unnecessary to deploy the standalone Sysinternals tools. [...]

Microsoft Teams to let users report messages wrongly flagged as threats

Microsoft says that Teams users will be able to report false-positive threat alerts triggered by messages incorrectly flagged as malicious. [...]

French agency Pajemploi reports data breach affecting 1.2M people

Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals. [...]

Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam

A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.

Bug Bounty Programs Rise as Key Strategic Security Solutions

Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol. The idea is to make it easier to delve into WhatsApp-specific technolo

Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale

You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps you work faster, serve your customers better, and stay ahead. But as your cloud setup grows, it gets harder to control who can access what. Even one small mistake—like the wrong pers

DoorDash data breach exposes personal info after social engineering attack

DoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. “Our team recently identified

The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA

Tycoon 2FA enables turnkey real-time MFA relays behind 64,000+ attacks this year, proving legacy MFA collapses the moment a phishing kit targets it. Learn from Token Ring how biometric, phishing-proof FIDO2 hardware blocks these relay attacks before they succeed. [...]

Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion

Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control (C2) and red teaming framework known as Tuoni. "The campaign leveraged the emerging Tuoni C2 framework, a relatively new, command

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East. The activity has been attributed by Google-owned Mandiant to a threat cluster tr

Cloudflare hit by outage affecting global network services

Cloudflare is investigating an outage affecting its global network services, with users encountering "internal server error" messages when attempting to access affected websites and online platforms. [...]

Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities

Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management (AM), privileged access management (PAM), and identity threat detection and response (ITDR) are all i

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm packa

Google fixes new Chrome zero-day flaw exploited in attacks

Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. [...]

Google fixed the seventh Chrome zero-day in 2025

Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google released Chrome security updates to address two flaws, including a high-severity V8 type confusion bug tracked as CVE-2025-13223 that has been actively exp