网络安全资讯

A single malicious notification pushed through WhatsApp, Slack, SMS, Signal, Instagram, or Messenger was enough to hijack Google Gemini's voice assistant on Android, according to r...

Cybersecurity researchers at Huntress have uncovered a sophisticated malspam campaign that exploits Google's DoubleClick domain to bypass security filters and deliver a remote acce...

A single leftover debug flag in production builds of several Microsoft 365 Android applications disabled a critical security check, allowing any app installed on the same device to...

Redis has patched a use-after-free vulnerability in its blocking-client code that allows an authenticated user to execute arbitrary OS commands on the host running the database. Tr...

A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]...

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to te...

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used t...

A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]...

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender....

China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests....

Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix....

A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and dat...

In his first appearance before the panel since being confirmed in March, Mullin said that CISA probably needs “somewhere around” 2,800 employees, despite its ability to hire up to ...

Cybersecurity researchers have disclosed a critical one-click attack chain that abuses Microsoft Visual Studio Code (VS Code) webviews to steal fully scoped GitHub OAuth tokens. Di...

Enterprise identity and access management is approaching a structural breaking point. As organizations scale, identity data fragments across thousands of applications, decentralize...

Assume the breach. Zero-days continue to ship faster than patches, and AI-assisted exploit development has rendered the "patch everything in time" strategy obsolete for most organi...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity vulnerabilities—one in the Android Framework and another in the Linux kernel—to its Kno...

A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces...

Coralogix offers a full-stack observability platform that unifies logs, metrics, traces, security, and AI observability. The post Coralogix Raises $200M at $1.6B Valuation to Scale...

Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. The post Kirki, Burst Statistics WordPress Plugin Flaws...

The AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of their security defense...

The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in Espionage Operation ap...

The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525,000 People appeared...

Cybersecurity researchers at Huntress have disclosed an unpatched vulnerability in the Windows "search:" URI handler that can be weaponized to leak a user's NTLMv2 hash to a remote...

Cybersecurity researchers at Calif have disclosed a new remote denial-of-service vulnerability dubbed "HTTP/2 Bomb" that affects five major web server platforms: NGINX, Apache HTTP...

Cybersecurity researchers at McAfee Labs have uncovered a malware-as-a-service (MaaS) campaign dubbed Weedhack that has been actively targeting Minecraft players since January 2026...

Acer has confirmed it is actively developing patches for two maximum-severity zero-day vulnerabilities impacting its Wave 7 mesh routers. Both flaws were reported by independent se...

European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. [...]...

Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. ...

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking us...