网络安全资讯

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabili...

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices ...

The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker....

The FBI says First VPN has been used by dozens of ransomware groups for network reconnaissance and intrusions. The post ‘First VPN’ Cybercrime Service Disrupted, Admini...

CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appe...

Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack S...

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked ...

A Belarus-linked hacking group known as GhostWriter has launched a new espionage campaign against Ukrainian government officials using fake emails disguised as messages from a popu...

The large-scale data breach reportedly hit Unimed, a company that handles billing services for privately insured and self-paying patients on behalf of numerous German hospitals....

Google inadvertently exposed technical details of an unfixed Chromium vulnerability that allows JavaScript to persist in the background after the browser is closed, effectively giv...

Jacob Butler, known in cybercrime circles as "Dort," has been arrested in Canada and faces criminal charges in both the United States and Canada for allegedly operating the Kimw...

Finding ways to document both component and execution attributes for AI bill of materials (AI BOM)....

A security researcher discovered the API keys can still be used for 23 minutes after deletion, even though the cloud provider claims deletion is immediate....

The regulator, Ofcom, had required Roblox, Snapchat, Instagram, Facebook, YouTube and TikTok to answer questions about their efforts to remove harmful algorithms, check kids’ ages ...

Adam Young, 42, and Harrison Gevirtz, 33, pleaded guilty to misprision of a felony after they were accused of offering phone numbers, call routing services, call tracking tools and...

Cybersecurity researchers from Lumen Technologies Black Lotus Labs have uncovered a sophisticated Linux malware campaign targeting a telecommunications provider in the Middle East ...

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: a...

Apple revealed that it blocked over $11 billion in fraudulent App Store transactions over the last six years, more than $2.2 billion in potentially fraudulent App Store transaction...

Modern crypto drainers don't hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishin...

A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. [....

Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. [...]...

A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. [...]...

AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent ide...

"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers....

The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity....

Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in ...

The proposals would require researchers to cease activity the moment a vulnerability is identified, meaning they could not confirm it was real, assess its severity or determine its...

Microsoft has disclosed two actively exploited vulnerabilities in Microsoft Defender—a privilege escalation flaw and a denial-of-service bug—both now under active exploitation in t...

A threat actor recently obtained an AWS access key cached on a developer's workstation through standard browser behavior—no misconfiguration or policy violation required. This sing...