CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.
May 8, 2025
Weekly Edition
The latest news and insights for cybersecurity professionals
- The Latest News and Features -
Feed image
Researcher Says Patched Commvault Bug Still Exploitable‎‎
CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.‎‎
Feed image
AI Domination: RSAC 2025 Social Media Roundup‎‎
Documented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week.‎‎
Feed image
'Bring Your Own Installer' Attack Targets SentinelOne EDR‎
Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.‎
Feed image
Despite Arrests, Scattered Spider Continues High-Profile Hacking‎
While law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.‎
Feed image
SANS Top 5: Cyber Has Busted Out of the SOC‎
This year's top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI's capabilities.‎
Feed image
CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation‎
The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.‎
Feed image
Play Ransomware Group Used Windows Zero-Day‎
Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.‎
Feed image
Attackers Ramp Up Efforts Targeting Developer Secrets‎
Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.‎
DR GLOBAL
Feed image
'Lemon Sandstorm' Underscores Risks to Middle East Infrastructure‎
The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed.‎
THE EDGE
Feed image
The Dark Side of Digital: Breaking the Silence on Youth Mental Health‎
Industry experts at RSAC 2025 called for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about Internet anonymity, mental health, and the growing disconnect between generations.‎
DR TECHNOLOGY
Feed image
AI Agents Fail in Novel Ways, Put Businesses at Risk‎
Microsoft researchers identify 10 new potential pitfalls for companies that are developing or deploying agentic AI systems, with failures potentially leading to the AI becoming a malicious insider.‎
- Commentary -
Opinions from thought leaders around the cybersecurity industry
Feed image
Infrastructure as Code: An IaC Guide to Cloud Security‎
IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.‎
Feed image
How to Prevent AI Agents From Becoming the Bad Guys‎
When designed with strong governance principles, AI can drive innovation while maintaining the people's trust and security.‎
- Upcoming Events -
May 14, 2025
May 15, 2025
Aug 2, 2025
- More Resources -
WHITE PAPER
WHITE PAPER
WHITE PAPER
REPORT
- Elsewhere in Cyber This Week -
CYBERSECURITY DIVE
MICROSOFT
HEIMDAL
- Do You Find Today’s Newsletter Helpful? -
Yes
Not sure
No
You received this message because you are subscribed to Dark Reading's Weekly newsletter.
If a friend forwarded you this message, sign up here to get it in your inbox. Thoughts about this newsletter? Give us feedback.
Copyright © 2025 TechTarget, Inc. or its subsidiaries. All rights reserved.
Operated by TechTarget, Inc. and its subsidiaries,
275 Grove Street, Newton, Massachusetts, 02466 US