DarkReading Weekly

Mar. 20, 2025

Signup

Weekly Edition

The latest news and insights for cybersecurity professionals

- The Latest News and Features -

Actively Exploited ChatGPT Bug Puts Organizations at Risk ‎

A server-side request forgery vulnerability in OpenAI's chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.‎‎

Keep Reading →

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit‎‎

The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.‎‎

Nation-State Groups Abuse Microsoft Windows Shortcut Exploit‎‎

Trend Micro uncovered a method that nation-state threat actors are using to target victims via the Windows .Ink shortcut file extension.‎‎

Google Pays Out Nearly $12M in 2024 Bug Bounty Program‎‎

The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories.‎‎

OAuth Attacks Target Microsoft 365, GitHub‎‎

In a cyber twist, attackers behind two of the campaigns are using the apps to redirect users to phishing and malware distribution sites.‎‎

CISA Cuts $10M in ISAC Funding & 100s of Employees‎‎

President Trump has long complained about perceived threats to election security. Now his DHS has kneecapped the agencies designed to support it. Experts are worried about what comes next.‎‎

Car Exploit Allows You to Spy on Drivers in Real Time‎‎

Just like with any regular computer, researchers figured out how to crack into, force restart, and upload malware to an aftermarket in-vehicle infotainment system.‎‎

Threat Actor Tied to LockBit Ransomware Targets Fortinet Users‎‎

The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.‎‎

DR GLOBAL

India Is Top Global Target for Hacktivists, Regional APTs‎

Global politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise.‎

THE EDGE

How Economic Headwinds Influence the Ransomware Ecosystem‎

Inflation, cryptocurrency market volatility, and the ability to invest in defenses all influence the impact and severity of a ransomware attack, according to incident response efforts and ransomware negotiators.‎

DR TECHNOLOGY

HP Brings Quantum-Safe Encryption to Printers‎

Starting this fall, HP's 8000 Series enterprise and commercial printers, which include Color LaserJet Enterprise MFP 8801, Mono MFP 8601, and LaserJet Pro Mono SFP 8501, will feature new quantum ASICs and endpoint controllers to protect them from future quantum attacks.‎

VIRTUAL EVENT

TODAY! Cybersecurity's Most Promising New and Emerging Technologies

Join us today at 11 Eastern for this all-day virtual event, designed to update cybersecurity teams on some of the most promising emerging cybersecurity technologies and provide advice on using them.

- Commentary -

Opinions from thought leaders around the cybersecurity industry

Salt Typhoon: A Wake-up Call for Critical Infrastructure ‎

The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape.‎‎