Unpatched Windows Server Flaw Threatens Active Directory Users

Attackers can exploit a vulnerability present in the delegated Managed Service Account (dMSA) feature that fumbles permission handling and is present by default.

May 22, 2025 Signup

Daily Edition

Today’s news and insights for cybersecurity professionals

- Today's News and Features -

TOP STORY

Unpatched Windows Server Flaw Threatens Active Directory Users‎‎‎‎ Attackers can exploit a vulnerability present in the delegated Managed Service Account (dMSA) feature that fumbles permission handling and is present by default.‎‎‎‎ Keep Reading →

Lumma Stealer Takedown Reveals Sprawling Operation‎‎‎‎ The FBI and partners have disrupted "the world's most popular malware," a sleek enterprise with thousands of moving parts, responsible for millions of cyberattacks in every part of the world.‎‎‎‎

GitLab's AI Assistant Opened Devs to Code Theft‎‎‎ Even after a fix was issued, lingering prompt injection risks in GitLab's AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more.‎‎‎

Ivanti EPMM Exploitation Tied to Previous Zero-Day Attacks‎‎‎‎ Wiz researchers found an opportunistic threat actor has been targeting vulnerable edge devices, including Ivanti VPNs and Palo Alto firewalls.‎‎‎‎

Pandas Galore: Chinese Hackers Boost Attacks in Latin America‎‎‎‎ Vixen Panda, Aquatic Panda — both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike.‎‎‎‎

Marks & Spencer Projects Cyberattack Cost of $400M‎ The company expects it will continue to struggle with online disruptions until at least July, due to the attack.‎

Unimicron, Presto Attacks Mark Industrial Ransomware Surge‎‎‎‎ A number of major industrial organizations suffered ransomware attacks last quarter, such as PCB manufacturer Unimicron, appliance maker Presto, and more — a harbinger of a rapidly developing and diversifying threat landscape.‎‎‎‎

THE EDGE

Experts Chart Path to Creating Safer Online Spaces for Women‎‎‎ Gaps in laws, technology, and corporate accountability continue to put women's safety and privacy online at risk.‎‎‎

DR TECHNOLOGY

Keeping LLMs on the Rails Poses Design, Engineering Challenges‎‎‎ Despite adding alignment training, guardrails, and filters, large language models continue to jump their imposed rails and give up secrets, make unfiltered statements, and provide dangerous information.‎‎‎

PODCAST

Dark Reading Confidential: The Day I Found an APT Group in the Most Unlikely PlaceEpisode 6: Threat hunters Ismael Valenzuela and Vitor Ventura share stories about the tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way. Listen now!

SPONSORED ARTICLE

Agentic AI: A New Era of Autonomous Security Operations‎‎‎‎ Agentic AI helps security teams work smarter by triaging alerts, hunting threats, and acting fast without needing predefined input.‎‎‎‎

Read More →

- Commentary -

Opinions from thought leaders around the cybersecurity industry

The Hidden Cybersecurity Risks of M&A‎‎‎‎ Merger and acquisition due diligence typically focuses on financials, legal risks, and operational efficiencies. Cybersecurity is often an afterthought — and that's a problem.‎‎‎‎

Why Rigid Security Programs Keep Failing‎‎‎‎ Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.‎‎‎‎

More Commentary →

- Upcoming Events -

May 29, 2025 Detecting Zero Days on the Edge

Jun 19, 2025 DevSecOps Achievement Unlocked

Aug 2, 2025 [Conference] Black Hat USA - August 2-7 - Learn More

More Events →

- More Resources -

WHITE PAPER Delivering Globally Consistent App Performance to the Hybrid Workforce

WHITE PAPER Omdia Universe: Selecting a Next-Generation Security Information and Event Management Solution, 2024-25

WHITE PAPER Autonomous Patch Management Strategies for Distributed Networks

REPORT Building Blocks for Next-Gen Security Operations

More Resources →

- Elsewhere in Cyber Today -

TECH TARGET SEARCH SECURITY

Best practices for board-level cybersecurity oversight

CYBERSECURITY DIVE

AI drives cyber strategies, security execs say

TRUSTWAVE

Storm-0558 and the Dangers of Cross-Tenant Token Forgery

- Do You Find Today’s Newsletter Helpful? -

Yes Not sure No

You received this message because you are subscribed to Dark Reading's Daily newsletter. If a friend forwarded you this message, sign up here to get it in your inbox. Thoughts about this newsletter? Give us feedback.

Advertise With Us | Privacy Policy | Unsubscribe Copyright © 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US