DarkReading Weekly

June 19, 2025

Signup

Weekly Edition

The latest news and insights for cybersecurity professionals

- The Latest News and Features -

'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories‎

The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware.‎

Keep Reading →

Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet‎

A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data‎

GodFather Banking Trojan Debuts Virtualization Tactic‎

The Android malware is targeting Turkish financial institutions, completely taking over legitimate banking and crypto apps by creating an isolated virtualized environment on a device.‎

'HoldingHands' Acts Like a Pickpocket With Taiwan Orgs‎

Since at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies.‎

Threat Actor Abuses TeamFiltration for Entra ID Account Takeovers‎

Researchers discovered a large-scale campaign using the open source penetration-testing framework that has targeted more than 80,000 Microsoft accounts.‎

Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'‎

Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.‎

Hacking the Hackers: When Bad Guys Let Their Guard Down‎

A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.‎

DR GLOBAL

Indian Car-Sharing Firm Zoomcar Latest to Suffer Breach‎

The company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails.‎

DR TECHNOLOGY

Private 5G: New Possibilities — and Potential Pitfalls‎

While ushering in "great operational value" for organizations, private 5G networks add yet another layer to CISOs' responsibilities.‎

THE EDGE

The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped‎

Many cybersecurity professionals still don't feel comfortable admitting when they need a break. And the impact goes beyond being overworked.‎

VIRTUAL EVENT

Strategic Security for the Modern Enterprise

Virtual event happens June 26: As the cyber threat landscape evolves, so must the strategies and technologies to protect sensitive data in the enterprise. Zero trust and SASE approaches to securing networks are all the rage, so how do you harness them to fortify your environment? In this virtual event, we'll explore these security strategies as well as next-generation threat detection.

SURVEY

Have Your Say: Dark Reading Seeks Your Input‎

Dark Reading is offering its readers the opportunity to tell us how we're doing via a new survey.‎

- Commentary -

Opinions from thought leaders around the cybersecurity industry

Foundations of Cybersecurity: Reassessing What Matters‎

To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.‎

Security Is Only as Strong as the Weakest Third-Party Link‎

Third-party risks are increasing dramatically, requiring CISOs to evolve from periodic assessments to continuous monitoring and treating partner vulnerabilities as their own to enhance organizational resilience.‎

More Commentary →