网络安全资讯

A coordinated supply chain attack compromised JavaScript files served by three popular WordPress plugins—PushEngage, OptinMonster, and TrustPulse—turning trusted scripts into vecto...

Cybersecurity researchers at Group-IB have exposed a sprawling social engineering campaign operated through Sniper Dz, a turnkey phishing-as-a-service (PhaaS) platform dismantled l...

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a high-severity authentication bypass vulnerability (CVSS 7.8) affecting the GlobalProtect VPN portal and gat...

Oleksii Oleksiyovych Lytvynenko admitted to working on the development of a loader for the Conti gang. The post Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges appear...

The pharmaceutical giant says the attackers gained access to personal data stored on the compromised systems.  The post Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems ...

French officials say roughly 73,000 government accounts were affected, while the threat actor claims to have stolen messages and user data from the sovereign Tchap platform. The po...

The extortion group threatens to leak 297 GB of data allegedly stolen from the Council of Europe, including employee personal information. The post ShinyHunters Claims Council of E...

The platform used more than 9,000 phishing sites, stealing nearly 4 million credit cards and causing roughly $1.9 billion in losses. The post FBI, Google Dismantle ‘Outsider ...

Someone posted fake VRChat and Discord data breach reports on the system, prompting the Maine AG to take action. The post Maine Disables Data Breach Portal Due to Fake Submissions ...

Poland has warned that Ghostwriter, the Belarus-linked hacker group, has expanded its phishing operations to target personal Gmail accounts belonging to senior public figures and t...

The FBI, in coordination with Google and Black Lotus Labs, has dismantled a sprawling Chinese phishing-as-a-service operation known as Outsider Enterprise, responsible for 9,000 fa...

Ezekiel Dean Potter, a 34-year-old former senior IT support specialist for Iowa's Saydel Community School District, has been sentenced to 21 months in federal prison for a sustaine...

Splunk has rolled out emergency security patches for a critical vulnerability in Splunk Enterprise that allows remote attackers to execute arbitrary code without any authentication...

The Chinese state-linked espionage group "Velvet Ant" maintained undetected access to a large organization's critical infrastructure for an extraordinary 10 years, according to res...

GitHub has announced that NPM 12, expected to release in July, will no longer execute dependency scripts by default, a significant security overhaul aimed at neutralizing the wave ...

Anthropic announced on Friday that it will abruptly disable its most advanced AI models, Claude Fable 5 and Mythos 5, for all users after the U.S. government issued an export contr...

Anthropic has pulled the plug on its two most powerful AI models, Fable 5 and Mythos 5, for every user worldwide after receiving a US government export control directive on June 12...

Anthropic announced Friday that it has taken its latest artificial intelligence models, Fable 5 and Mythos 5, offline to comply with a directive from the Trump administration aimed...

In a sweeping supply chain attack dubbed Atomic Arch, threat actors compromised more than 400 packages in the Arch User Repository (AUR) between June 11 and June 12, rewriting buil...

Google has filed a federal lawsuit in Manhattan against a Chinese cybercrime operation it accuses of abusing its Gemini AI assistant to power a large-scale smishing campaign target...

A China-nexus advanced persistent threat tracked as Velvet Ant by incident response firm Sygnia maintained covert access to a target network for nearly a decade by compromising the...

The Maine Attorney General's Office has temporarily disabled public access to its state-run data breach notification portal after fraudulent breach reports impersonating VRChat and...

Security researchers at application security firm Aikido have disclosed a severe authentication bypass vulnerability in phpBB, the widely used open-source forum platform, that h...

ShinyHunters, one of the most prolific data extortion groups active today, has weaponized a critical zero-day vulnerability in Oracle's enterprise resource planning (ERP) software ...

Cybersecurity researchers at Tenet Security have uncovered a new attack class dubbed “Agentjacking” that tricks AI coding agents into executing arbitrary code on developer machines...

A Ukrainian national extradited from Ireland to the United States has pleaded guilty to conspiracy to commit wire fraud for his role in the Conti ransomware operation, the U.S. Dep...

More than 400 packages in the Arch User Repository (AUR) have been compromised to distribute a Linux rootkit and infostealer malware designed to harvest developer credentials, acce...

Supply-chain attacks rarely appear under their real name in underground forums. Long before a malicious package, compromised update, or breached vendor makes headlines, the precurs...

Anthropic has clarified the distinction between its latest large language model releases, confirming that Claude Mythos 5 does not represent a fundamental shift in the security pos...

This week in cybersecurity saw a wave of high-impact developments spanning government accountability, corporate breaches, and AI security. A former IBM cybersecurity executive has ...