網路安全資訊
來自頂級安全媒體的最新動態
The education sector continues to absorb punishing blows from third-party breaches, with ransomware groups like Cl0p exploiting software vulnerabilities in vendors to cascade damag...
A coordinated international law enforcement operation, backed by private-sector partners Bitdefender, Bitsight, ESET, and Microsoft, has disrupted the infrastructure behind the Ama...
Market intelligence platform Klue has confirmed a security incident in which attackers exploited a compromised legacy credential to steal OAuth tokens, gaining access to multiple c...
CISA has issued an urgent advisory urging Fortinet customers to secure their FortiGate appliances against an ongoing malicious campaign dubbed FortiBleed, which has already comprom...
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its external license system vendor on June 19, 2026, compromising the personal information of more than 3 ...
Nintendo of America has confirmed that threat actors stole internal survey data from TinyPulse, a third-party employee engagement platform owned by WebMD Health Services, but stres...
When a shopper enters their card number on a modern checkout page, their browser is executing far more than the merchant's own code. Analytics tags, tag managers, support widgets, ...
A newly discovered data leak dubbed "FortiBleed" has exposed a massive trove of Fortinet and FortiGate VPN credentials spanning 73,932 firewall URLs across 194 countries. Security ...
Ezekiel Dean Potter, a 34-year-old former senior IT support specialist for Iowa's Saydel Community School District, has been sentenced to 21 months in federal prison for a sustaine...
In a sweeping supply chain attack dubbed Atomic Arch, threat actors compromised more than 400 packages in the Arch User Repository (AUR) between June 11 and June 12, rewriting buil...
The Maine Attorney General's Office has temporarily disabled public access to its state-run data breach notification portal after fraudulent breach reports impersonating VRChat and...
ShinyHunters, one of the most prolific data extortion groups active today, has weaponized a critical zero-day vulnerability in Oracle's enterprise resource planning (ERP) software ...
A Ukrainian national extradited from Ireland to the United States has pleaded guilty to conspiracy to commit wire fraud for his role in the Conti ransomware operation, the U.S. Dep...
Supply-chain attacks rarely appear under their real name in underground forums. Long before a malicious package, compromised update, or breached vendor makes headlines, the precurs...
This week in cybersecurity saw a wave of high-impact developments spanning government accountability, corporate breaches, and AI security. A former IBM cybersecurity executive has ...
A Missouri bankruptcy court administrator has greenlit a $46.8 million settlement fund compensating millions of victims of the 2023 23andMe data breach. The deal, confirmed on Wedn...
South Korea's Personal Information Protection Commission (PIPC) has imposed a record 624.7 billion won ($409 million) fine on Coupang, the country's largest online retailer, over a...
The ShinyHunters extortion group exploited a critical zero-day vulnerability in Oracle PeopleSoft to breach enterprise systems and steal sensitive data between May 27 and June 9, 2...
Kyushu Electric Power Co., Inc., one of Japan's largest regional electric utilities serving over 12.6 million residents across the Kyushu region, has disclosed a physical security ...
ServiceNow disclosed a security incident on June 9, 2026, revealing that attackers exploited an unauthenticated access flaw in a REST API endpoint to query data from hosted custome...
SoFi Securities (Hong Kong) Limited is notifying customers of a data breach that exposed an unknown volume of personal information through a third-party vendor database. The subsid...
Google Mandiant and the Google Threat Intelligence Group (GTIG) have detailed a financially motivated data theft extortion campaign by threat actor UNC3753—also tracked as Chatty S...
The Silent Ransom Group, tracked by Mandiant as UNC3753 (also known as Luna Moth and Chatty Spider), is actively targeting U.S. law firms and professional services organizations wi...
Unknown attackers maintained undetected access to the Outlook mailbox of a senior executive at a major global stock exchange for at least five months, systematically exfiltrating c...
Password manager Dashlane has disclosed a brute-force security incident in which encrypted password vaults belonging to fewer than 20 personal plan subscribers were downloaded by a...
California Attorney General Rob Bonta has filed a lawsuit against 23andMe (now Chrome Holding Co.) for failing to protect sensitive customer genetic and personal information during...
Security researchers at Red Access have uncovered a alarming trend in enterprise data exposure through what they term the 'Shadow Builders' phenomenon. In a comprehensive investiga...
Cybersecurity researchers have uncovered a malicious NuGet package disguised as an official C# software development kit for Sicoob, one of Brazil's largest cooperative financial sy...
GitHub has officially confirmed that a sophisticated supply chain attack compromised its internal repositories, resulting in the exfiltration of approximately 3,800 repositories by...
Radiology Associates of Richmond (RAR), a Richmond, Virginia-based medical imaging services provider, has disclosed a significant data breach affecting 266,183 individuals. The bre...
A sophisticated supply chain attack has compromised the Laravel Lang localization packages, affecting four repositories and potentially hundreds of historical versions. Security re...
GitHub has officially confirmed that the breach of its internal repositories resulted from a compromise of an employee device involving a poisoned version of the Nx Console Microso...
Ukrainian cyberpolice, working in coordination with U.S. law enforcement, have identified an 18-year-old male from Odesa suspected of orchestrating an infostealer malware operation...
GitHub has confirmed a significant security incident in which threat actor TeamPCP exfiltrated approximately 3,800 internal repositories after compromising an employee's device thr...
Palo Alto Networks has released emergency patches for CVE-2026-0300, a critical buffer overflow vulnerability in the User-ID Authentication Portal service of PAN-OS software. The f...
West Pharmaceutical Services, a $3 billion S&P 500 drug‑packaging firm, disclosed on May 13, 2026 that it was hit by a material cyberattack. The company detected the intrusion on M...
Cybersecurity researchers have identified a sophisticated campaign dubbed "GemStuffer" that has compromised the RubyGems package repository with over 150 malicious gems designed to...
A sophisticated phishing operation dubbed "Operation HookedWing" has been systematically targeting organizations across critical sectors for over four years, according to threat in...
Braintrust, an AI infrastructure provider, disclosed on March 5 2026 that an unauthorized party had gained access to one of its Amazon Web Services (AWS) accounts. The intrusion, d...
RansomHouse, a known ransomware operation, has claimed responsibility for a breach at Trellix, a prominent cybersecurity vendor. The group posted several screenshots on a dark‑web ...
General Motors has agreed to pay a $12.75 million settlement to the State of California for collecting and sharing sensitive driver data without proper consent, marking the largest...
A federal jury in Virginia has convicted 39-year-old Richmond resident James E. Thornton on multiple charges stemming from a 2023 cyber intrusion that resulted in the deletion of 9...
On Thursday, May 30 2025, a coordinated cyber incident hit Instructure's Canvas learning management system, displaying a ransom note from an unidentified cybercriminal group to stu...
The Hacker News recently highlighted an emerging cybersecurity threat model dubbed "Patient Zero" that organizations increasingly struggle to detect. A specialized webinar hosted b...
NVIDIA has officially confirmed a data breach impacting its GeForce NOW service, exposing personal information for a subset of users in Armenia. The disclosure, made in a statement...
Trellix, a prominent cybersecurity vendor, disclosed on [date] that its internal source‑code repository had been compromised. The intrusion was promptly claimed by the RansomHouse ...
Zara, the Spanish fast‑fashion giant, has confirmed a data breach that exposed the personal information of approximately 197,000 customers. The compromise was uncovered after the b...
A massive data‑extortion campaign slammed the widely‑used learning‑management platform Canvas on Tuesday, forcing districts and universities across the United States to suspend onl...
ShinyHunters, the notorious threat group behind a string of high‑profile data thefts, announced on March 5 that it had executed a second intrusion into Instructure, the education‑t...
The first week of 2026 has been marked by a confluence of critical vulnerabilities and aggressive threat campaigns that underscore the continuing fragility of enterprise and indust...
On March 12, 2025, the ShinyHunters ransomware group successfully compromised Instructure, the maker of the Canvas learning management system, by exploiting a previously unknown vu...
Organizations investing heavily in data loss prevention (DLP) solutions are discovering a critical blind spot: the browser has become the primary vector for inadvertent data exfilt...
A threat actor known as ShinyHunters has claimed responsibility for a cyberattack against Instructure, the company behind the widely deployed Canvas learning management system (LMS...
Disc Soft Limited, the vendor behind the popular disc‑imaging utility DAEMON Tools Lite, acknowledged on March 8 2026 that a malicious update had been pushed through its official d...
Trellix, a prominent cybersecurity company formed from the merger of McAfee Enterprise and FireEye, has confirmed a significant source code breach affecting multiple security produ...
A new proof‑of‑concept (PoC) published by security researcher Alex Chen of CyberX Labs shows that Microsoft Edge stores user passwords in plaintext within the browser’s process mem...
Education technology provider Instructure has disclosed a significant data breach after a threat actor operating under the alias 'CSAMKing' claimed to have stolen approximately 280...
The ShinyHunters extortion group has claimed responsibility for a significant data breach at Vimeo, the popular online video platform owned by IAC. Security researchers first ident...
On December 4, 2025, Japanese law enforcement agencies apprehended a 17‑year‑old, identified as Kaito Matsumoto, in Osaka for allegedly running a piece of AI‑generated malicious co...
Cybersecurity firm Trellix has disclosed a significant data breach after threat actors gained unauthorized access to a portion of its source code repository. The incident, discover...
Instructure, the educational technology company behind the popular Canvas learning‑management system, confirmed on March 5 2026 that unauthorized actors had accessed its internal n...
Trellix has officially acknowledged a security incident in which an unauthorized party gained access to a portion of its source code repositories. The company said it identified th...
A newly uncovered Vietnamese‑linked phishing campaign has compromised roughly 30,000 Facebook accounts by abusing Google’s low‑code AppSheet platform as a covert relay. Researchers...
Instructure, the company behind the widely used Canvas learning management system, disclosed on March 2 2026 that it had identified a cyber incident affecting its internal infrastr...
French police (the Direction centrale de la police judiciaire, DCPJ) and the Paris Prosecutor’s Office have detained a 15‑year‑old, known by the alias "M4L", on suspicion of sellin...
BleepingComputer published a story on March 5, 2026 claiming that Instructure, the education‑technology company behind the Canvas learning‑management platform, had suffered a new d...
Law enforcement agencies in the United States and Europe have dismantled a sprawling SMS phishing campaign that leveraged fake cellular base stations, known as IMSI catchers, to bl...
Security researchers using an AI‑driven code analysis platform identified 38 distinct vulnerabilities in the OpenEMR electronic health record (EHR) system, including 12 rated criti...
Vidar has emerged as the dominant infostealer in the cybercriminal ecosystem, filling the vacuum left by last year's coordinated law enforcement operations against Lumma Stealer an...
In the rush to hybrid cloud adoption, many organizations treat data movement as a simple connectivity chore. Open a ticket, spin up an SFTP gateway, push the data across, and consi...
Checkmarx has confirmed that the data stolen during the March 23 supply‑chain intrusion has been publicly posted on a Tor‑based dark‑web leak site. The company’s incident response ...
Tyler Robert Buchanan, a 24‑year‑old British national known in the cybercrime underground as “Tylerb,” pleaded guilty on June 5 2024 in a U.S. District Court to one count of wire‑f...
On March 5, 2026, Vercel's security operations center (SOC) detected anomalous activity stemming from an OAuth token tied to a senior developer's account. The token, scoped to the ...
WhatsApp has patched a critical flaw that allowed attackers to harvest user metadata simply by knowing a victim's phone number, according to a Dark Reading analysis published this ...
Even major online services that pride themselves on seamless login experiences are quietly exposing sensitive user data through SMS sign‑in links. Security researchers analyzing th...
Google announced on Monday that it will retire the Dark Web Report feature from its Google Account dashboard, ending a service that warned users when their personal information app...
Google on Monday rebuffed recent reports—published by Ars Technica—that claimed a massive breach exposing all 2.5 billion Gmail accounts, asserting that its security controls are r...
Clorox has filed a lawsuit against a service desk vendor following a 2023 cybersecurity breach that cost the company approximately $380 million. The legal action centers on allegat...
Nintendo has alerted owners of its upcoming Switch 2 console that the built‑in GameChat feature creates temporary local copies of voice and text conversations, and that those recor...
Over the weekend, Nelnet Servicing, a major U.S. student‑loan servicer operating under contract with the Department of Education’s Federal Student Aid (FSA) office, disclosed a dat...
Peiter “Mudge” Zatko, Twitter’s former head of security, filed a whistleblower complaint in July 2022 with the Federal Trade Commission (FTC) and the Senate Select Committee on Int...