Editor's note
Black Hat USA 2025 is returning for its 28th year, covering the latest in infosec for technical experts, thought leaders, innovative vendors and cybersecurity pros.
The two-day main event -- to take place August 6-7 at Mandalay Bay in Las Vegas -- features more than 100 sessions on a plethora of topics: large language model (LLM) and agentic AI security and exploits, pwning AI providers, IoT security, autonomous vehicle resilience and smart automation, identity and access management, user phishing training, passwordless, and network security. Topics like fraudulent North Korean IT workers, red teaming and lateral movement attacks are also on the agenda.
Four days of specialized trainings, August 2-5, will cover the latest in hacking techniques, AI security and safety, threat detection and incident response, and more. This year marks the inaugural Financial Services Summit, as well as the second annual AI Summit and Innovators & Investors Summit. It also includes the 11th annual CISO Summit and fifth annual Omdia Analyst Summit.
Informa TechTarget's editorial team will be on-site to report from the conference, keeping readers updated on the latest news.
1News from the conference floor
Black Hat presenters divulge the latest attacks and sound warning bells on what could be coming next.
-
Article
Researcher deploys fuzzer to test autonomous vehicle safety
As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems. Read Now
-
Article
U.S. still prioritizing zero-trust migration to limit hacks' damage
The zero-trust initiative, which gained steam during the Biden administration, is still underway. Read Now
-
Article
Citizen Lab founder flags rise of U.S. authoritarianism
Citizen Lab director and founder Ron Deibert explained how civil society is locked in 'vicious cycle,' and human rights are being abused as a result, covering Israeli spyware, the Khashoggi killing, and an erosion of democratic norms in the U.S. Read Now
-
Article
Black Hat USA: Startup breaks secrets management tools
Researchers at Cyata, an agentic identity specialist that has just emerged from stealth, found 14 CVEs in the widely used CyberArk Conjur and HashiCorp Vault enterprise secrets management platforms Read Now
-
Article
Google Gemini AI bot hijacks smart homes, turns off the lights
Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence. Read Now
-
Article
Critical zero-day bugs crack open CyberArk, HashiCorp password vaults
Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities. Read Now
-
Article
'ReVault' security flaws impact millions of Dell laptops
The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems. Read Now
-
Article
VexTrio cybercrime outfit run by legit ad tech firms
New research reveals that a malicious traffic distribution system (TDS) is run not by 'hackers in hoodies,' but by a series of corporations operating in the commercial digital advertising industry. Read Now
-
Article
To raise or not to raise: Bootstrapped founders share their views
A trio of startup founders -- GreyNoise's Andrew Morris, Thinkst Canary's Haroon Meer, and runZero's HD Moore -- agree that raising venture capital funding can be beneficial, but a company's success depends on how well the product fits customer needs. Read Now
-
Article
Black Hat USA: Halcyon and Sophos tag-team ransomware fightback
Ransomware experts Halcyon and Sophos are to pool their expertise in ransomware, working together to enhance data- and intelligence-sharing and bringing more comprehensive protection to customers Read Now
-
Article
Agentic AI a target-rich zone for cyber attackers in 2025
At Black Hat USA 2025, CrowdStrike warns that cyber criminals and nation-states are weaponising GenAI to scale attacks and target AI agents, turning autonomous systems against their makers Read Now
2Black Hat USA 2025 pre-conference coverage
Last year's Black Hat USA conference covered a range of essential topics, from LLM threats, ransomware negotiations and election security to cyber-physical security threats, VPN attacks and generative AI coding tool risks. Here are an array of highlights here for you to get up to speed and prep for this year's event.
-
Article
Dark Reading News Desk turns 10, back at Black Hat USA for 2025
Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on the latest research from Black Hat — no trip to Las Vegas required. Read Now
-
Article
Stop AI bot traffic: Protecting your organization's website
As crawlers and bots bog down websites in the era of AI, some researchers say that the solution for the Internet's most vulnerable websites is already here. Read Now
-
Article
Black Hat 2025: Navigating AI and supply chain security
Experts at the conference will discuss how AI impacts software supply chain security, highlighting challenges and strategies for developers and security teams. Read Now
-
Article
New 'Shade BIOS' technique beats every kind of security
What if malware didn't require an operating system to function? How would anyone possibly notice, let alone disable it? Read Now
-
Article
Low-code tools in Microsoft Azure allowed unprivileged access
Using the API Connections for Azure Logic Apps, a security researcher found unauthenticated users could access sensitive data of other customers. Read Now
-
Article
Human digital twins could give attackers a dangerous advantage
While this emerging impersonation technology offers many benefits, digital twins also have several drawbacks, including use in social engineering attacks. Read Now
-
Article
Malicious implants are coming to AI components, applications
A red teamer is publishing research next month about how weaknesses in modern security products lay the groundwork for stealthy implants in AI-powered applications. Read Now
-
Article
Women who 'hacked the status quo' aim to inspire cybersecurity careers
A group of female cybersecurity pioneers will share what they've learned about navigating a field dominated by men, in order to help other women empower themselves and pursue successful cybersecurity careers. Read Now
-
Article
An Nvidia container bug and chance to harden Kubernetes
A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants. Read Now
-
Podcast
Risk & Repeat: Recapping Black Hat USA 2024
Highlights from Black Hat USA 2024 include a keynote panel on securing election infrastructure as well as several sessions on potential threats against new AI technology. Listen Now
-
Article
Black Hat USA 2024 Highlights
Check out all the highlights from Black Hat USA 2024 at the Mandalay Bay in Las Vegas. Read Now
-
Article
Black Hat USA 2024 takeaways for data security and IAM
Black Hat USA 2024 showcased recurring themes of data security and IAM, encompassing the platform vs. point product debate, cleaning identity data and GenAI security. Read Now
-
Article
CISA director: Cybersecurity is ‘not an impossible problem’
In Jen Easterly’s view, the solution to the industry’s pains lies in secure by design. “We got ourselves into this, we have to get ourselves out,” she said during a media briefing at Black Hat. Read Now
-
Article
Microsoft deputy CISO recounts responding to the CrowdStrike outage
The industry’s collective response to the massive outage underscored for Ann Johnson its ability to come together and put competitive interests aside. Read Now
-
Article
New AI malware PoC reliably evades Microsoft Defender
Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that. Read Now
-
Article
Ransomware reshaped how cyber insurers perform security assessments
Cyber-insurance companies were forced to adapt once ransomware skyrocketed and highlighted crucial security weaknesses among organizations in all sectors. Read Now
-
Article
We've all been wrong: Phishing training doesn't work
Teaching employees to detect malicious emails isn't really having an impact. What other options do organizations have? Read Now
-
Article
Rethinking cyber-risk as traditional models fall short
Systemic cyber-risk models are not accounting for rapidly evolving threats -- and a time when organizations are more interconnected than ever. Read Now
-
Article
Hackers make hay? Smart tractors vulnerable to full takeover
Hackers can spy on tens of thousands of connected tractors in the latest IoT threat, and brick them too, thanks to poor security in an aftermarket steering system. Read Now
-
Article
Evolving threat landscape influencing cyber insurance market
Many aspects of cyber insurance were addressed throughout Black Hat USA 2024, including changes in the threat landscape that affect policies and coverage. Read Now
-
Article
Cyber-risk management: Key takeaways from Black Hat 2024
Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks. Read Now
-
Article
CrowdStrike, AI dominate conversation at Black Hat USA 2024
Although the trend of vendors pitching AI-powered products nonstop has continued at Black Hat USA 2024, CrowdStrike and the recent IT outage was an even larger point of discussion. Read Now
-
Article
Knostic wins 2024 Black Hat Startup Spotlight Competition
During a 'Shark Tank'-like final, each startup's representative spent five minutes detailing their company and product, with an additional five minutes to take questions from eight judges from Omdia, investment firms, and top companies in cyber. Read Now