Cybersecurity News

The cyber‑crime group behind the VECT 2.0 ransomware has been observed deploying a strain that behaves more like a data‑wiper than conventional ransomware. In recent incidents targ...

In the rush to hybrid cloud adoption, many organizations treat data movement as a simple connectivity chore. Open a ticket, spin up an SFTP gateway, push the data across, and consi...

Cybersecurity researchers from Eclypsium have disclosed a critical, unpatched vulnerability in Hugging Face’s open‑source robotics framework LeRobot, which boasts nearly 24,000 Git...

In the past, security teams could count on a brief, predictable window between the disclosure of a vulnerability and the release of a patch. That buffer has all but vanished as AI-...

A Chinese national linked to the Silk Typhoon advanced persistent threat (APT) group has been handed over to U.S. authorities after being arrested in Italy in July 2025. Xu Zewei, ...

Silverfort’s identity threat research team disclosed a critical misconfiguration in a Microsoft Entra ID administrative role designed for AI agents. The role, named “AI Service Adm...

Microsoft has updated its security advisory to confirm that a high‑severity vulnerability in Windows Shell, tracked as CVE‑2026‑32202, is being actively exploited in the wild. The ...

Cybersecurity researchers have identified a sophisticated campaign conducted by the threat actor UNC6692, who is combining social engineering, custom malware, and cloud infrastruct...

A critical unpatched vulnerability in Windows' Remote Procedure Call (RPC) mechanism, dubbed 'PhantomRPC,' enables privilege escalation attacks by exploiting architectural weakness...

Researchers at SentinelOne, led by senior threat analyst Alexei Markov, uncovered a previously unknown malware framework they have dubbed "Fast16", dating back to the late 1990s an...

The rapid advancement of frontier large language models, including Anthropic's Claude family and OpenAI's rumored GPT-5.5, has ignited fierce debate within the cybersecurity commun...

Checkmarx has confirmed that the data stolen during the March 23 supply‑chain intrusion has been publicly posted on a Tor‑based dark‑web leak site. The company’s incident response ...

Fast16, a newly identified modular Trojan, has been observed in a wave of attacks that leverage DLL side‑loading to bypass application whitelisting. Discovered by Cisco Talos on 20...

Anthropic on April 7 released the public preview of Claude Mythos, a cybersecurity‑focused large language model built on the company’s latest transformer stack. The model ships wit...

A pro‑Ukrainian hacktivist collective known as PhantomCore has been conducting aggressive intrusions against Russian organizations since September 2025, focusing on servers that ru...

Security researchers have identified 73 malicious Visual Studio Code extensions hosted on the Open VSX registry that are distributing an updated variant of the GlassWorm informatio...

Security researchers at Group-IB have uncovered a large-scale smishing operation that combines fake CAPTCHA verification pages with International Revenue Share Fraud (IRSF) and cry...

Security researchers at Trend Micro have uncovered a previously unknown Lua‑based malicious framework, dubbed "fast16", that was created several years before the infamous Stuxnet w...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling a...

Romance scams, a form of confidence scheme that preys on emotional trust, continue to trap thousands of victims each year. Security analysts note that those who fall prey to these ...

The US Department of Justice has announced the indictment of 29 individuals linked to a cyber fraud syndicate operating from Myanmar, charging them with conspiracy to commit wire f...

Glasswing’s recent announcement that it has secured the core code of its platform is a welcome step toward reducing software vulnerabilities, but security experts warn that the bro...

In the past six months, a surge of AI‑powered phishing campaigns has reshaped the threat landscape, according to an analysis published by Dark Reading. Threat actors are moving awa...

Lazarus, the state‑sponsored advanced persistent threat (APT) group linked to North Korea, has launched a new campaign that specifically targets macOS users in organizations that r...

Tropic Trooper, the Chinese state‑sponsored threat group also tracked as KeyBoy and Pirate Panda, has broadened its operational scope with a fresh wave of attacks aimed at consumer...

Security researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a sophisticated espionage operation conducted by a Chinese state‑sponsored APT that targeted Mongolian...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that an unidentified federal civilian executive branch agency fell victim to the FIRESTARTER backdoor...

NASA's Office of Inspector General (OIG) has disclosed a sophisticated spear‑phishing campaign orchestrated by a Chinese national who masqueraded as a U.S. defense researcher. The ...

Enterprise organizations deploying AI agents are confronting a critical security gap that traditional governance frameworks fail to address: the AI Agent Authority Gap. As autonomo...

Cybersecurity researchers at CleverSight Threat Intelligence have uncovered a cluster of 26 malicious iOS applications that masquerade as popular cryptocurrency wallets such as Tru...