网络安全资讯

Security analysts have uncovered a sophisticated intrusion campaign leveraging the CloudZ remote access trojan (RAT) alongside a previously undocumented plugin called Pheno to targ...

Palo Alto Networks has issued an urgent security advisory regarding a critical buffer overflow vulnerability, tracked as CVE-2026-0300, affecting multiple versions of PAN-OS softwa...

Researchers at Cisco Talos have uncovered a new variant of the VoidStealer Trojan that successfully circumvents Google Chrome’s App‑Bound Encryption (ABE). The malware, tracked as ...

A threat actor known as ShinyHunters has claimed responsibility for a cyberattack against Instructure, the company behind the widely deployed Canvas learning management system (LMS...

Over the past two decades, a succession of high‑impact incidents has reshaped the cyber risk landscape, forcing organizations to constantly recalibrate their defenses. From the rev...

Security researchers have uncovered a sophisticated cyberattack campaign leveraging the Windows Phone Link application to steal text messages and circumvent two-factor authenticati...

As the conflict with Iran intensifies, cyber operatives have turned their focus on the United Arab Emirates, with breach attempts spiking threefold over the past few weeks. Securit...

A sophisticated phishing campaign is leveraging Google’s sponsored search ads to mimic the login page of ManageWP, GoDaddy’s platform for centrally managing large fleets of WordPre...

Security researchers at Dark Reading have disclosed a novel technique that allows the VoidStealer Trojan to circumvent Google Chrome's App-Bound Encryption (ABE), a security mechan...

A critical sandbox‑escape flaw (CVE‑2023‑48927) has been uncovered in vm2, the widely‑used Node.js sandboxing library. The vulnerability, discovered by security researcher Alex Tsv...

Cisco has released patches for a high‑severity denial‑of‑service (DoS) vulnerability affecting its Crosswork Network Controller and Network Services Orchestrator (NSO) products. Tr...

Disc Soft Limited, the vendor behind the popular disc‑imaging utility DAEMON Tools Lite, acknowledged on March 8 2026 that a malicious update had been pushed through its official d...

Acronis researchers have documented a systematic shift in ransomware operations: before triggering encryption, threat actors now deliberately cripple backup infrastructure. Their 2...

MuddyWater, the Iranian advanced persistent threat (APT) group also tracked as Static Kitten, has been observed disguising its espionage operations behind a non‑functional Chaos ra...

hackmyip.com will host a live webinar titled "Why Network Incidents Escalate and How to Fix Response Gaps" on March 15, 2025 at 2:00 PM EST. The session will feature Alex Rivera, s...

Palo Alto Networks issued an emergency advisory on Tuesday warning customers that a critical, as‑yet‑unpatched remote‑code‑execution (RCE) flaw in the PAN‑OS User‑ID Authentication...

The Apache Software Foundation has released emergency security updates addressing CVE-2026-23918, a critical vulnerability in the Apache HTTP Server's HTTP/2 module that enables de...

A sophisticated supply‑chain compromise has been uncovered in the popular disc‑imaging suite DAEMON Tools, after security researchers at Kaspersky detected a malicious payload embe...

Security researchers have linked a newly tracked China‑nexus threat cluster, designated UAT‑8302, to a wave of cyber‑espionage operations targeting government agencies in South Ame...

In the past twelve months, enterprises have rushed to embed AI‑powered writing assistants, workflow automations and productivity plugins into their Google Workspace and Microsoft 3...

Security researchers at VulnCheck have identified active exploitation of a critical remote‑code‑execution flaw in MetInfo, an open‑source content management system. The vulnerabili...

A joint research effort by the Security Research Lab (SRL) and the AI Security Initiative (AISI) scanned over one million publicly reachable AI endpoints across IPv4 space between ...

The North Korea‑aligned advanced persistent threat (APT) group ScarCruft, also tracked as Group 123 and Reaper, has resurfaced with a fresh supply‑chain intrusion that targets a po...

Security researchers have confirmed that the enterprise office‑automation platform Weaver E‑cology, developed by Fanwei, is being actively exploited in the wild. The flaw, tracked ...

Microsoft’s Threat Intelligence Center (MSTIC) has released details of a large‑scale credential‑harvesting operation that successfully targeted roughly 35,000 users in 26 countries...

Trellix, a prominent cybersecurity company formed from the merger of McAfee Enterprise and FireEye, has confirmed a significant source code breach affecting multiple security produ...

The UC Berkeley Center for Long-Term Cybersecurity (CLTC) has launched a dedicated research hub designed to bridge the cybersecurity gap for schools, local governments, and non‑pro...

When Alex Rivera, "CISO of Globex Systems", commissioned a penetration test in Q3 2023, his first decision was to define a precise scope that included internal VLAN segmentation, c...

A new proof‑of‑concept (PoC) published by security researcher Alex Chen of CyberX Labs shows that Microsoft Edge stores user passwords in plaintext within the browser’s process mem...

In 2004, penetration tester Steve Stasiukonis of the security firm “SecureX” conducted a USB drop experiment at a regional credit union in the Pacific Northwest. Armed with a batch...