Cybersecurity News

Anthropic is preparing to bring its agentic Claude Cowork experience to mobile devices, according to screenshots shared on X. Claude Cowork, the desktop-focused agentic mode introd...

A widely used Google Chrome ad-blocking extension, Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), carries a dormant capability to inject arbitrary Jav...

This week's threat landscape blended privacy innovation with two decades of dormant risk. Cloudflare announced a partnership with Google Chrome, Microsoft Edge, and Mozilla Firefox...

Google is rolling out new privacy controls across its Search services and Google Play, giving users more granular control over saved history and personalized recommendations. In an...

The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its external license system vendor on June 19, 2026, compromising the personal information of more than 3 ...

Apple has released a firmware update for its Beats Studio Buds wireless earbuds to remediate a high-severity Bluetooth vulnerability, tracked as CVE-2025-20701, that allowed nearby...

A cluster of 23 deceptive Chrome browser extensions has been uncovered routing user searches through monetization middleware before delivering results, exposing roughly 758,000 aff...

Google has begun notifying advertisers that, starting on or shortly after August 3, 2026, it will repurpose IP addresses collected from users in the European Economic Area (EEA), t...

On June 16, 2026, India's Ministry of Electronics and Information Technology invoked Section 69A of the IT Act to block Telegram nationwide until June 22, following a recommendatio...

The UK government will require anyone opening a new social media account to verify their age by uploading government-issued ID or passing a facial age scan, under regulations annou...

The U.S. Federal Trade Commission has revealed that Americans lost a record $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020 and accounting f...

Security teams are drowning in IP data but starving for context, according to a new industry study from Spur Intelligence. The survey of more than 200 security practitioners found ...

The UK government has announced plans to block anyone under 16 from accessing social media platforms, with Prime Minister Keir Starmer calling the measures the strongest child onli...

Cybersecurity researchers at Socket have uncovered a sprawling network of 152 Google Chrome extensions posing as live wallpaper and new tab add-ons that covertly distribute a poten...

Anthropic has pulled the plug on its two most powerful AI models, Fable 5 and Mythos 5, for every user worldwide after receiving a US government export control directive on June 12...

A Missouri bankruptcy court administrator has greenlit a $46.8 million settlement fund compensating millions of victims of the 2023 23andMe data breach. The deal, confirmed on Wedn...

Section 702 of the Foreign Intelligence Surveillance Act (FISA) expired at midnight Friday after Congress and the White House failed to reach a deal to renew the controversial spy ...

Kyushu Electric Power Co., Inc., one of Japan's largest regional electric utilities serving over 12.6 million residents across the Kyushu region, has disclosed a physical security ...

Meta announced on Tuesday that it will broaden its use of cross-site business data to personalize user experiences across Facebook and Instagram feeds, as well as responses generat...

Researchers at Graz University of Technology have unveiled FROST, a new side-channel attack that lets any malicious website determine which sites you visit and which applications y...

Meta announced on Monday that it detected and neutralized a new wave of spear-phishing campaigns orchestrated by Israeli commercial spyware vendor NSO Group, targeting journalists,...

OpenAI has begun deploying a new Lockdown Mode for ChatGPT, targeting personal accounts on Free, Go, Plus, Pro, and self-serve ChatGPT Business plans. The feature is designed for u...

A reverse-engineering analysis published June 5 by Include Security and independent researcher Buchodi has exposed how Bright Data, the successor to Luminati and operator of what i...

ESET researchers have uncovered a new Android spyware strain dubbed "Asin" that has been actively targeting Arabic-speaking users through a series of malicious apps disguised as le...

Brave Software has publicly launched Brave Origin, a $59.99 paid version of its privacy-focused browser that removes cryptocurrency wallets, AI integrations, rewards programs, and ...

California Attorney General Rob Bonta has filed a lawsuit against 23andMe (now Chrome Holding Co.) for failing to protect sensitive customer genetic and personal information during...

Radiology Associates of Richmond (RAR), a Richmond, Virginia-based medical imaging services provider, has disclosed a significant data breach affecting 266,183 individuals. The bre...

Authorities in Europe and North America have successfully dismantled First VPN, a criminal VPN service specifically designed to anonymize ransomware operations and other cyberattac...

Discord has officially announced the completion of its end-to-end encryption (E2EE) deployment for all voice and video calls, marking a significant milestone in user privacy protec...

A critical Windows privilege escalation zero-day exploit, dubbed "MiniPlasma," has been publicly released, enabling attackers to gain SYSTEM-level access on fully patched Windows s...

German law‑enforcement agencies, led by the Federal Criminal Police Office (BKA) and the Hessian State Criminal Police Office (LKA Hessen) in close coordination with Europol’s Euro...

General Motors has agreed to pay a $12.75 million settlement to the State of California for collecting and sharing sensitive driver data without proper consent, marking the largest...

Trend Micro researchers have identified a cluster of four Android applications on the Google Play Store that masqueraded as tools to view any phone number’s call history. The apps,...

NVIDIA has officially confirmed a data breach impacting its GeForce NOW service, exposing personal information for a subset of users in Armenia. The disclosure, made in a statement...

Zara, the Spanish fast‑fashion giant, has confirmed a data breach that exposed the personal information of approximately 197,000 customers. The compromise was uncovered after the b...

ShinyHunters, the notorious threat group behind a string of high‑profile data thefts, announced on March 5 that it had executed a second intrusion into Instructure, the education‑t...

Organizations investing heavily in data loss prevention (DLP) solutions are discovering a critical blind spot: the browser has become the primary vector for inadvertent data exfilt...

Two U.S. nationals were sentenced to 18 months in federal prison each for managing laptop farms that facilitated North Korean IT workers in securing remote positions at nearly 70 A...

Ethan J. Rivera, a 20‑year‑old from Los Angeles, California, was sentenced on Friday to 78 months (6.5 years) in federal prison for his role in a sophisticated criminal operation t...

Security researchers have uncovered a sophisticated cyberattack campaign leveraging the Windows Phone Link application to steal text messages and circumvent two-factor authenticati...

A joint research effort by the Security Research Lab (SRL) and the AI Security Initiative (AISI) scanned over one million publicly reachable AI endpoints across IPv4 space between ...

Education technology provider Instructure has disclosed a significant data breach after a threat actor operating under the alias 'CSAMKing' claimed to have stolen approximately 280...

The Federal Trade Commission announced a settlement with data broker Kochava and its subsidiary Collective Data Solutions (CDS) that prohibits them from selling or sharing precise ...

The ShinyHunters extortion group has claimed responsibility for a significant data breach at Vimeo, the popular online video platform owned by IAC. Security researchers first ident...

Security researchers have uncovered a new variant of the CloudZ remote‑access trojan (RAT) that delivers a previously undocumented plugin named Pheno. This plugin exploits the Micr...

Fraudsters are not breaking into credit unions with zero‑days or ransomware; they are exploiting the normal loan origination workflow. Flare’s threat‑intelligence team uncovered a ...

Instructure, the educational technology company behind the popular Canvas learning‑management system, confirmed on March 5 2026 that unauthorized actors had accessed its internal n...

Microsoft has begun rolling out a preview of a modernized Run dialog for Windows 11, promising a noticeable boost in responsiveness and the addition of a native dark mode. The upda...

Dark Reading is inviting security professionals and enthusiasts to take part in a caption contest that reflects on two decades of cybersecurity evolution. The competition, titled "...

Dark Reading marks its 20th anniversary this month, reflecting on two decades of delivering timely cybersecurity news, analysis, and insights to professionals worldwide. Launched o...

French police (the Direction centrale de la police judiciaire, DCPJ) and the Paris Prosecutor’s Office have detained a 15‑year‑old, known by the alias "M4L", on suspicion of sellin...

BleepingComputer published a story on March 5, 2026 claiming that Instructure, the education‑technology company behind the Canvas learning‑management platform, had suffered a new d...

Microsoft has expanded its Windows 11 in‑box app removal policy by adding a dynamic list that lets IT administrators select exactly which pre‑installed Microsoft Store applications...

Microsoft released the optional cumulative update KB5083631 for Windows 11 22H2, delivering 34 changes that span new functionality, performance tweaks, and critical security patche...

Chris Inglis, who served as NSA Deputy Director from 2011 to 2014 under Director Keith Alexander, has broken his silence on the agency's missteps during the Edward Snowden affair, ...

Security researchers at Group-IB have uncovered a large-scale smishing operation that combines fake CAPTCHA verification pages with International Revenue Share Fraud (IRSF) and cry...

Romance scams, a form of confidence scheme that preys on emotional trust, continue to trap thousands of victims each year. Security analysts note that those who fall prey to these ...

The US Department of Justice has announced the indictment of 29 individuals linked to a cyber fraud syndicate operating from Myanmar, charging them with conspiracy to commit wire f...

Cybersecurity researchers at CleverSight Threat Intelligence have uncovered a cluster of 26 malicious iOS applications that masquerade as popular cryptocurrency wallets such as Tru...

WhatsApp has patched a critical flaw that allowed attackers to harvest user metadata simply by knowing a victim's phone number, according to a Dark Reading analysis published this ...

German authorities have publicly exposed the identity of the notorious hacker known as "UNKN", linking the alias to 31‑year‑old Russian national Daniil Maksimov. Maksimov is allege...

Worldcoin’s World ID initiative, built by Tools for Humanity, is deploying a biometric authentication system based on iris scanning to assign a unique human identity to every AI ag...

AI assistants, often marketed as autonomous "agents", are rapidly becoming a staple in developer toolchains, promising to automate everything from code generation to system configu...

Google has announced significant changes to its Android app distribution model, implementing mandatory developer verification for all apps published on Google Play Store. The new r...

Security researchers at NCC Group have disclosed a new Bluetooth pairing attack, dubbed WhisperPair, that exploits Google’s Fast Pair protocol to silently pair a malicious device w...

Google announced on Monday that it will retire the Dark Web Report feature from its Google Account dashboard, ending a service that warned users when their personal information app...

A leaked document published by the dark‑web user W1ckedG0pher has disclosed the full roster of Google Pixel phones that can be compromised by Cellebrite’s Universal Forensic Extrac...

Google has officially announced its Android developer verification program will feature both free and paid tiers, marking a significant shift in how developers are authenticated be...

Former WhatsApp security chief filed a lawsuit against Meta Platforms Inc., alleging that the company consistently placed user‑acquisition targets ahead of critical security measur...

Google on Monday rebuffed recent reports—published by Ars Technica—that claimed a massive breach exposing all 2.5 billion Gmail accounts, asserting that its security controls are r...

Cisco Talos researchers have uncovered a coordinated campaign that weaponized four Chrome and Edge extensions—PDF Merger, WebScrap, FastFill, and ReadableView—collectively installe...

Starting Monday, Google began rolling out a platform update for Android 14 (API level 34) that expands the capabilities of its on‑device AI assistant, Gemini. The change introduces...

Nintendo has alerted owners of its upcoming Switch 2 console that the built‑in GameChat feature creates temporary local copies of voice and text conversations, and that those recor...

Over the weekend, Nelnet Servicing, a major U.S. student‑loan servicer operating under contract with the Department of Education’s Federal Student Aid (FSA) office, disclosed a dat...

Cybercriminals are now hawking root access to tens of thousands of unpatched Chinese‑made surveillance cameras, a market that has surged after the disclosure of a critical remote‑c...

Peiter “Mudge” Zatko, Twitter’s former head of security, filed a whistleblower complaint in July 2022 with the Federal Trade Commission (FTC) and the Senate Select Committee on Int...

A wave of phishing campaigns masquerading as airline and hotel reservation confirmations is compounding the frustration of travelers already grappling with cancellations and overbo...