網路安全資訊

Researchers at Obsidian Security have disclosed a three-vulnerability chain in LiteLLM, a widely deployed open-source AI gateway that brokers calls to more than 100 model providers...

Researchers at Varonis Threat Labs have disclosed a critical chain of three vulnerabilities in Microsoft 365 Copilot's Enterprise Search feature that, if exploited, would have allo...

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson ...

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means...

WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). [...]...

Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileg...

The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...]...

The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butcheri...

Employees are increasingly building automations, agents, and apps with AI tools outside traditional security oversight. Tines explores how CISOs are handling AI-driven code sprawl,...

A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. [...]...

A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint ...

The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Cam...

Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavi...

Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions and exfiltrate sensitive data....

AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself....

Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the technology....

Mackay Sugar was targeted in a cyberattack carried out by a threat group known as The Gentlemen. The post Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sug...

Google’s Threat Intelligence Group has been tracking the cyberespionage group as UNC6508 since early 2025. The post Chinese Hackers Target Medical, Military, and AI Research in Nor...

The startup has built a security-first identity platform to protect humans, machines, and AI agents. The post NewCore Emerges From Stealth Mode With $66 Million in Funding appeared...

According to customer complaints, the disruption affected a range of services used by businesses, leading to interruptions in cash register operations, difficulties selling certain...

According to the deputy prosecutor general, the ship’s officers have now been charged with “having damaged two subsea telecommunications cables and of having attempted to damage a ...

According to the company, the directive cited national security authorities. It appears to be the first time such authorities have been used to curtail the export of AI models rath...

Cybersecurity researchers at Socket have uncovered a sprawling network of 152 Google Chrome extensions posing as live wallpaper and new tab add-ons that covertly distribute a poten...

A coordinated supply chain attack compromised JavaScript files served by three popular WordPress plugins—PushEngage, OptinMonster, and TrustPulse—turning trusted scripts into vecto...

Cybersecurity researchers at Group-IB have exposed a sprawling social engineering campaign operated through Sniper Dz, a turnkey phishing-as-a-service (PhaaS) platform dismantled l...

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a high-severity authentication bypass vulnerability (CVSS 7.8) affecting the GlobalProtect VPN portal and gat...

Oleksii Oleksiyovych Lytvynenko admitted to working on the development of a loader for the Conti gang. The post Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges appear...

The pharmaceutical giant says the attackers gained access to personal data stored on the compromised systems.  The post Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems ...

French officials say roughly 73,000 government accounts were affected, while the threat actor claims to have stolen messages and user data from the sovereign Tchap platform. The po...

The extortion group threatens to leak 297 GB of data allegedly stolen from the Council of Europe, including employee personal information. The post ShinyHunters Claims Council of E...