Cybersecurity News

Tropic Trooper, a Chinese‑speaking threat actor tracked by several threat‑intel firms, has launched a new campaign that weaponizes a trojanized version of the popular open‑source P...

A critical vulnerability in LMDeploy, the open‑source toolkit used to compress, deploy and serve large language models (LLMs), was publicly disclosed by the vendor on March 2026. T...

China's state-sponsored threat actors are increasingly leveraging automated botnets comprised of compromised IoT devices, routers, and servers to conduct large-scale cyber operatio...

Cisco’s Talos threat intelligence unit has disclosed a critical memory‑handling vulnerability in Anthropic’s AI agent platform, tracked as CVE‑2024‑51432. The flaw resides in the m...

In a live demonstration at the Dark Reading CyberStorm conference, researchers from Sentinel Labs unveiled 'Zealot', a proof‑of‑concept AI framework designed to autonomously compro...

According to the latest Dark Reading analysis, the weekly number of cyberattacks directed at African organizations dropped by 22 % over the past year, falling from roughly 5,400 in...

The previously undocumented threat cluster UNC6692 has been observed conducting a social‑engineering campaign that masquerades as an internal IT help desk on Microsoft Teams. The a...

Bitwarden CLI versions 2024.1.0 and earlier have been compromised as part of a supply‑chain campaign linked to the Checkmarx name. Security researcher Alex Petrov of XYZ Security L...

The latest ThreatsDay bulletin from hackmyip.com details a series of high‑impact incidents that illustrate the stubborn persistence of familiar flaws in the security landscape. Top...

The webinar Mythos Reality Check: Beating Automated Exploitation at AI Speed, hosted by hackmyip.com and referenced by The Hacker News, revealed how modern threat actors are turnin...

Anthropic has announced Project Glasswing, an AI model designed to discover software vulnerabilities with unprecedented effectiveness. The company has taken the extraordinary step ...

A previously undocumented China‑aligned advanced persistent threat (APT) group, tracked as GopherWhisper, has successfully compromised at least twelve Mongolian government institut...

Security researchers at multiple threat intelligence firms have observed a significant acceleration in The Gentlemen ransomware group's operational tempo and technical capabilities...

Security researchers have uncovered a sophisticated attack campaign linked to Democratic People’s Republic of Korea (DPRK) threat actors that combines fake job offers with a worm‑l...

Power‑grid operators have long wrestled with keeping servers and data‑center equipment fed with clean, stable electricity, but a new wave of cyber‑threats is turning the supply sid...

Mozilla has identified 271 security vulnerabilities in Firefox 150 using Anthropic's Mythos large language model, marking a significant milestone in AI-assisted code analysis. The ...

Tyler Robert Buchanan, a 24‑year‑old British national known in the cybercrime underground as “Tylerb,” pleaded guilty on June 5 2024 in a U.S. District Court to one count of wire‑f...

On March 12, 2024, former incident‑response negotiator David Mercer entered a guilty plea in the U.S. District Court for the Eastern District of New York to one count of conspiracy...

Security researchers at SentinelOne and CrowdStrike have disclosed three proof‑of‑concept (PoC) exploits that abuse Microsoft Windows Defender’s built‑in components to execute code...

Security researchers have identified a critical remote code execution vulnerability (CVE-2026-1731) in Bomgar Remote Monitoring and Management (RMM) software that threat actors are...

Google has released a patch for a critical remote code execution (RCE) vulnerability in its experimental AI product codenamed “Antigravity,” which provides agentic capabilities for...

A newly identified Chinese advanced persistent threat (APT) group has launched a coordinated cyber‑espionage campaign against major Indian financial institutions and South Korean p...

On March 5, 2026, Vercel's security operations center (SOC) detected anomalous activity stemming from an OAuth token tied to a senior developer's account. The token, scoped to the ...

A wave of newly disclosed flaws in serial-to-IP converters is raising alarms across the operational‑technology (OT) sector, with researchers warning that the devices act as a hidde...

WhatsApp has patched a critical flaw that allowed attackers to harvest user metadata simply by knowing a victim's phone number, according to a Dark Reading analysis published this ...

NIST's National Vulnerability Database (NVD) has historically been the primary source of enriched CVE data, attaching CVSS v3.1 vector strings, severity ratings, affected product C...

Tycoon, a well‑known phishing collective that has long abused two‑factor authentication (2FA) bypass tricks, has quietly shifted to a new attack vector: OAuth 2.0 device‑code phish...

A new analysis published by Dark Reading warns that the most pressing security risk posed by artificial intelligence is not the emergence of novel code flaws, but the rapid amplifi...

The U.S. Coast Guard has issued a set of updated cybersecurity requirements under the Maritime Transportation Security Act (MTSA), signaling a heightened focus on protecting operat...

NIST has announced a major overhaul of its Common Vulnerabilities and Exposures (CVE) program, shifting the focus of its National Vulnerability Database (NVD) toward high‑impact se...