[Dark Reading Virtual Event] Cybersecurity Outlook 2026

Microsoft Teams to let users report messages wrongly flagged as threats

Microsoft says that Teams users will be able to report false-positive threat alerts triggered by messages incorrectly flagged as malicious. [...]

French agency Pajemploi reports data breach affecting 1.2M people

Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals. [...]

Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam

A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.

Bug Bounty Programs Rise as Key Strategic Security Solutions

Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.

Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol. The idea is to make it easier to delve into WhatsApp-specific technolo

Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale

You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps you work faster, serve your customers better, and stay ahead. But as your cloud setup grows, it gets harder to control who can access what. Even one small mistake—like the wrong pers

DoorDash data breach exposes personal info after social engineering attack

DoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. “Our team recently identified

The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA

Tycoon 2FA enables turnkey real-time MFA relays behind 64,000+ attacks this year, proving legacy MFA collapses the moment a phishing kit targets it. Learn from Token Ring how biometric, phishing-proof FIDO2 hardware blocks these relay attacks before they succeed. [...]

Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion

Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a nascent command-and-control (C2) and red teaming framework known as Tuoni. "The campaign leveraged the emerging Tuoni C2 framework, a relatively new, command

Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East. The activity has been attributed by Google-owned Mandiant to a threat cluster tr

Cloudflare hit by outage affecting global network services

Cloudflare is investigating an outage affecting its global network services, with users encountering "internal server error" messages when attempting to access affected websites and online platforms. [...]

Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities

Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management (AM), privileged access management (PAM), and identity threat detection and response (ITDR) are all i

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm packa

Google fixes new Chrome zero-day flaw exploited in attacks

Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. [...]

Google fixed the seventh Chrome zero-day in 2025

Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google released Chrome security updates to address two flaws, including a high-severity V8 type confusion bug tracked as CVE-2025-13223 that has been actively exp

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack targeting a single endpoint in Australia that measured 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps). The tech giant said it was the largest

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

Dutch police seized 250 servers running a bulletproof hosting service tied to cybercriminals and linked to over 80 investigations since 2022. Dutch police Politie, seized 250 servers running an unnamed bulletproof hosting service used solely by cybercriminals. Active since 2022, it appeared in over

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly e

Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors

Microsoft has released an emergency Windows 10 KB5072653 out-of-band update to resolve ongoing issues with installing the November extended security updates. [...]