Cybersecurity News

The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release. The p...

The order notes that federal access to the models should be subject to “appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and non...

Microsoft is actively investigating a widespread service disruption affecting the mail flow pipeline for Exchange Online customers in North America and Germany. The incident, track...

Attackers have hijacked multiple high-value Instagram accounts by exploiting Meta's AI-powered support assistant, tricking it into transferring ownership using deepfake selfie vide...

The window between vulnerability disclosure and indiscriminate exploitation has collapsed from days to hours, driven by AI-powered tooling that automates discovery, reproduction, a...

AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat det...

CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploit...

As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. T...

A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations. The pos...

Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities ...

Only approximately 50 companies have had access to Mythos until now and they have found thousands of vulnerabilities in their products. The post Anthropic Expanding Mythos Access t...

AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. The post The Zero-Knowled...

A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Br...

In a statement, Russia's Federal Security Service (FSB) said it had uncovered what it described as a "large-scale operation" involving malicious software installed on the mobile de...

According to the company’s preliminary analysis, a compromised GitHub account was used to push the malicious code out to customers, hitting 32 packages downloaded roughly 117,000 t...

Endpoint detection and response (EDR) has become a default investment for mid-sized organizations, yet owning an advanced platform does not automatically translate into operational...

Researchers at Seqrite Labs have uncovered a spear-phishing campaign dubbed Operation XENOFISCAL, attributed to the Pakistan-aligned SideCopy threat group, which is targeting Afgha...

Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]...

Twenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orchestrated, and way more sophisticated tha...

The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability Exploited in the Wild a...

Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address. The post Meta AI Hands Over High-Profile Instagram Accounts ...

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Red Hat NPM Packages appe...

Dashlane’s security systems automatically locked accounts to protect them against the hacking attempts. The post Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downlo...

Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities...

Password manager Dashlane has disclosed a brute-force security incident in which encrypted password vaults belonging to fewer than 20 personal plan subscribers were downloaded by a...

Police described the incident as a large-scale disclosure of sensitive personal information that posed a threat to both the affected individuals and the institutions they serve. Th...

A new supply chain attack campaign dubbed "Miasma" has compromised multiple @redhat-cloud-services npm packages to steal credentials and secrets from developer machines, ultimately...

More than 30 npm packages under the @redhat-cloud-services namespace were compromised in a sophisticated supply‑chain attack that delivered a new variant of the Shai‑Hulud credenti...

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]...

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity...