As part of its 20th anniversary celebration, Dark Reading looks back on 20 of the biggest newsmaking events from the past two decades that influenced the risk landscape for today's cybersecurity teams.

Two decades ago, pen tester Steve Stasiukonis caused a sensation by sprinkling rigged thumb drives around a credit union parking lot and following what curious employees did next. This episode looks back at the history-making event.

Chris Inglis was the head civilian in charge at the NSA when the Snowden leaks exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and "enculturation."

Key Takeaways We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator’s day-to-day workflow, supporting troubleshooting, orchestration, and refinement of the collection pipeline. This AI-assisted workflow resulted in the modular platform Bissa scanner […]

The post Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting appeared first on The DFIR Report.

Ridge Security released PurpleRidge 3.0 at RSAC 2026, a self-service penetration testing platform that uses agentic AI to give small and mid-sized businesses the kind of offensive security validation that has traditionally required dedicated teams and six-figure budgets. The upgrade marks a shift from the platform’s earlier machine-learning architecture to one built on agentic AI,..

The post Ridge Security Brings Agentic AI Pentesting to SMBs With PurpleRidge 3.0 appeared first on Security Boulevard.

RSA opened RSAC 2026 with a new deployment model for its ID Plus identity platform, aimed squarely at government agencies, financial services firms, and critical infrastructure operators that need identity security to work even when everything else fails. RSA ID Plus Sovereign Deployment is a “deploy anywhere” identity and access management solution that gives organizations..

The post RSA Launches ID Plus Sovereign Deployment for Organizations That Can’t Afford Identity Downtime appeared first on Security Boulevard.

Bindplane, the OpenTelemetry-based telemetry pipeline company, is bringing two new capabilities to RSAC 2026: Global Intelligence for autonomous pipeline management and Threat Intel Enrichment for real-time threat detection at the data layer. Global Intelligence monitors security data pipelines around the clock and surfaces recommendations to optimize their configuration. The long-term plan is for it to..

The post Bindplane Adds Autonomous Pipeline Monitoring and Threat Intel Enrichment Ahead of RSAC appeared first on Security Boulevard.

CTG, now operating under the Cegeka Group, is rolling out a cyber resilience scoring dashboard at RSAC 2026 that boils an organization’s security posture down to one number. The dashboard consolidates results from multiple security assessments into a single view. It produces an overall resilience score, domain-level maturity indicators, and progress tracking mapped to NIST,..

The post CTG Launches Cyber Resilience Scoring Dashboard to Give CISOs a Single Risk Number appeared first on Security Boulevard.

Booz Allen Hamilton is bringing a full product suite to RSAC 2026, and the pitch is blunt: human-speed defense no longer cuts it. The company’s new Vellox lineup spans five AI-native tools designed to match the pace of attackers who, according to Booz Allen’s own threat report, now move from initial access to lateral movement..

The post Booz Allen Rolls Out Vellox, a Five-Product AI Cyber Suite Built on Adversary Tradecraft appeared first on Security Boulevard.

Saloni Nanwate, AVP – Security Engineering, Protectt.ai Labs Pvt Ltd

India’s digital economy now lives on the smartphone. Banking, investing, healthcare consultations, shopping, even government services all sit inside mobile applications that people use dozens of times a day. For businesses this shift has unlocked enormous reach and convenience. It has also created a new reality for cybersecurity. Attackers are no longer trying only to break into enterprise networks or data centres. Increasingly they are going after the mobile applications where transactions actually happen. That is where money moves, identities are verified, and sensitive customer data lives. For industries such as banking, fintech and digital commerce, the mobile application has quietly become the most exposed point in the entire technology stack.

The Growing Cyber Risk in Mobile First Platforms

Mobile apps run on devices that companies do not control. Each user’s phone can have a different operating system version, different security posture and sometimes even malicious software already present. From a security perspective, this makes the mobile environment unpredictable. Cybercriminals are taking advantage of this reality. Instead of attacking infrastructure directly, they manipulate how apps behave once they are running on the device. Techniques such as reverse engineering, runtime tampering, session hijacking and overlay attacks allow attackers to interfere with legitimate app behaviour without triggering traditional security systems. Many organisations still rely heavily on perimeter defences that protect networks and backend infrastructure. But once an application is operating on a user’s device, that perimeter no longer exists. This is why mobile security strategies are gradually shifting toward protection mechanisms that are embedded directly within the application itself. Technologies such as runtime application self protection are becoming essential in this model. By monitoring application behaviour during execution, these systems allow apps to detect tampering, malicious tools or suspicious environments and respond immediately. In simple terms, the app becomes capable of defending itself while it is running.

Women Leaders Are Helping Redefine Cybersecurity Thinking

While the cyber threat landscape is evolving quickly, the cybersecurity industry itself is also changing. One of the most encouraging shifts has been the growing presence of women in leadership roles across cybersecurity and digital risk management. Cybersecurity is often viewed purely as a technical discipline. In reality it is equally about strategy, foresight and understanding human behaviour. Women leaders are increasingly shaping how organisations think about these dimensions of security. In the context of mobile platforms this perspective becomes particularly important. Securing digital ecosystems is not just about deploying tools. It requires understanding how users interact with applications, how fraudsters exploit human behaviour and how security can be built into digital experiences without frustrating legitimate users. Across the industry many women leaders are pushing organisations to adopt a security by design mindset. Instead of treating security as something that is added later, they advocate integrating protection throughout the application lifecycle. Security considerations begin during development, continue through testing and remain active even after the application reaches users. This approach reflects a broader shift in cybersecurity thinking. Prevention is no longer enough. Detection and response must happen continuously and in real time.

Building a Stronger Cybersecurity Ecosystem

Another area where women leaders are making a significant impact is collaboration. Cyber threats rarely respect industry boundaries. Attackers share tools and techniques across regions and sectors, which means defenders must do the same. Many women leaders are actively encouraging stronger collaboration between enterprises, security researchers, regulators and technology providers. Knowledge sharing and cross industry dialogue are becoming increasingly important in identifying emerging threats before they spread widely. At the same time the industry faces a growing shortage of cybersecurity professionals. Encouraging more women to enter the field is not only about diversity. It is about strengthening the talent pool needed to defend an increasingly complex digital ecosystem. As India continues its transition toward a mobile driven digital economy, trust will remain the foundation of every digital interaction. Every secure transaction, every protected user session and every resilient mobile application contributes to maintaining that trust. It’s a moment to truly appreciate and recognise the incredible women shaping the future of cybersecurity. Through leadership, innovation and collaboration they are strengthening the defenses that protect millions of digital users every day. The next phase of digital growth will depend not only on new technologies but also on the people guiding how those technologies are secured. Women leaders are playing a vital role in ensuring that the mobile ecosystems powering today’s digital economy remain safe, resilient and trustworthy.

Exclusive: Lab tests discover ‘new form of insider risk’ with artificial intelligence agents engaging in autonomous, even ‘aggressive’ behaviours

Robert Booth UK technology editor

Rogue artificial intelligence agents have worked together to smuggle sensitive information out of supposedly secure systems, in the latest sign cyber-defences may be overwhelmed by unforeseen scheming by AIs.

With companies increasingly asking AI agents to carry out complex tasks in internal systems, the behaviour has sparked concerns that supposedly helpful technology could pose a serious inside threat.

Continue reading...

© Photograph: Andrey Kryuchkov/Alamy

© Photograph: Andrey Kryuchkov/Alamy

© Photograph: Andrey Kryuchkov/Alamy

Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Amazon.  This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java Spring […]

The post Apache ActiveMQ Exploit Leads to LockBit Ransomware appeared first on The DFIR Report.

Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! The intrusion began in early March 2025 with a single successful Remote Desktop Protocol (RDP) logon to an internet-exposed system. Notably, there was no evidence of credential stuffing, brute forcing, or other failed authentication attempts from the source IP, indicating the […]

The post Cat’s Got Your Files: Lynx Ransomware appeared first on The DFIR Report.

Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in May of 2025 Cyjax reported on a campaign using this method again, impersonating various IT tools. We observed a similar campaign in […]

The post From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira appeared first on The DFIR Report.

Starmer’s team is wary of spies but such fears are not new – with Theresa May once warned to get dressed under a duvet

When prime ministers travel to China, heightened security arrangements are a given – as is the quiet game of cat and mouse that takes place behind the scenes as each country tests out each other’s tradecraft and capabilities.

Keir Starmer’s team has been issued with burner phones and fresh sim cards, and is using temporary email addresses, to prevent devices being loaded with spyware or UK government servers being hacked into.

Continue reading...

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

© Photograph: Simon Dawson/Simon Dawson/10 Downing Street

Reuters news agency says it obtained document after visiting URL it predicted file would be uploaded to

• How Rachel Reeves’s budget was leaked 40 minutes early

The chair of the Office for Budget Responsibility has said he felt mortified by the early release of its budget forecasts as the watchdog launched a rapid inquiry into how it had “inadvertently made it possible” to see the documents.

Richard Hughes said he had written to the chancellor, Rachel Reeves, and the chair of the Treasury select committee, Meg Hillier, to apologise.

Continue reading...

© Photograph: Kirsty O’Connor/Treasury

© Photograph: Kirsty O’Connor/Treasury

© Photograph: Kirsty O’Connor/Treasury

Kensington and Westminster councils investigating whether data has been compromised as Hammersmith and Fulham also reports hack

Three London councils have reported a cyber-attack, prompting the rollout of emergency plans and the involvement of the National Crime Agency (NCA) as they investigate whether any data has been compromised.

The Royal Borough of Kensington and Chelsea (RBKC), and Westminster city council, which share some IT infrastructure, said a number of systems had been affected across both authorities, including phone lines. The councils shut down several computerised systems as a precaution to limit further possible damage.

Continue reading...

© Photograph: Artur Marciniec/Alamy

© Photograph: Artur Marciniec/Alamy

© Photograph: Artur Marciniec/Alamy

Key Takeaways Private Threat Briefs: 20+ private DFIR reports annually. Contact us today for pricing or a demo! Table of Contents: Case Summary Analysts Initial Access Execution Persistence Privilege Escalation Defense … Read More

Sensitive information relates to more than 100 individuals and their referees

Personal details submitted by applicants for a job at Tate art galleries have been leaked online, exposing their addresses, salaries and the phone numbers of their referees, the Guardian has learned.

The records, running to hundreds of pages, appeared on a website unrelated to the government-sponsored organisation, which operates the Tate Modern and Tate Britain galleries in London, Tate St Ives in Cornwall and Tate Liverpool.

Continue reading...

© Photograph: Justin Kase zsixz/Alamy

© Photograph: Justin Kase zsixz/Alamy

© Photograph: Justin Kase zsixz/Alamy

Hackers stole personal information of 6.6m people but outsourcing firm did not shut device targeted for 58 hours

The outsourcing company Capita has been fined £14m for data protection failings after hackers stole the personal information of 6.6 million people, including staff details and those of its clients’ customers.

John Edwards, the UK information commissioner who levied the fine, said the March 2023 data theft from the group and companies it supported, including 325 pension providers, caused anxiety and stress for those affected.

Continue reading...

© Photograph: Dado Ruvić/Reuters

© Photograph: Dado Ruvić/Reuters

© Photograph: Dado Ruvić/Reuters