Автор: Alexander Culafi, Senior News Writer, Dark Reading

A threat actor hacked a version of SonicWall’s NetExtender SSL VPN application in an effort to trick users into installing a Trojanized version of the product.

An AI security researcher has developed a proof of concept that uses subtle, seemingly benign prompts to get GPT and Gemini to generate inappropriate content.

An unnamed customer of Paragon’s Graphite product used the commercial spyware to target at least two prominent European journalists in recent months.

An unidentified threat actor is using .lnk Windows shortcut files in a series of sophisticated attacks utilizing in-memory code execution and living-off-the-land cyberattack strategies.

The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.

Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.

Agentic AI was everywhere at Gartner’s Security & Risk Management Summit in Washington, DC, this year, as the AI security product engine chugs ahead at full speed.

Through artifact attestation and the SLSA framework, GitHub’s Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.

During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture.

Cellebrite, a controversial digital forensics firm, is set to acquire virtualization vendor Corellium in a $170 million deal.