網路安全資訊

The FBI and CISA have updated their March advisory (PSA I-062626-PSA) warning that Russian intelligence services are now actively phishing Signal users into surrendering their Back...

A Chinese-speaking advanced persistent threat (APT) actor tracked as CL-STA-1062 has been linked to a newly discovered custom backdoor called TinyRCT, deployed in a sustained cyber...

Cybersecurity researchers at Socket have uncovered a new wave of the Mini Shai-Hulud, Miasma, and Hades malware campaign, this time targeting npm packages associated with LeoPlatfo...

Microsoft has disclosed an active phishing campaign targeting hotel and hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP archives to delive...

Despite the growing abundance of security telemetry, most SOC teams still struggle with fundamental questions during incident investigation: What actually happened? What evidence s...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on Tuesday that a critical security flaw in Lantronix EDS5000 Series serial-to-IP converte...

The U.S. Department of Justice announced on Tuesday the seizure of a cloud computing account operated by subsidiaries of Cambodia-based conglomerate HuiOne Group, a network accused...

Symantec researchers have uncovered a new stealthy backdoor dubbed "Mistic" being deployed by KongTuke (also tracked as Woodgnat), a financially motivated initial access broker act...

A critical vulnerability in Cisco's Unified Communications Manager (Unified CM) is being actively exploited in the wild, according to exploit intelligence firm Defused. The flaw, t...

A Russian-speaking initial access broker (IAB) has been linked to a massive credential-harvesting campaign called FortiBleed, which has compromised over 430,000 FortiGate firewalls...

Cybersecurity researchers at JFrog have uncovered three malicious npm packages designed to deliver a Windows-based remote access trojan (RAT) to developers who install them. Publis...

Security researchers at Kaspersky have uncovered an active social engineering campaign abusing WhatsApp Direct Messages to distribute heavily obfuscated VBScript files disguised as...

Elastic Security Labs has uncovered a new campaign, tracked as REF8372, that delivers the CastleStealer information-stealing malware through a previously undocumented loader called...

Threat actors are actively exploiting a recently patched information disclosure vulnerability in the Gravity SMTP WordPress plugin, installed on roughly 100,000 websites. Tracked a...

Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is installed on over 100,000 websites. Tra...

In a significant blow against one of the web's most persistent malware distribution networks, Dutch law enforcement, working alongside the FBI, the Royal Canadian Mounted Police, a...

CISA has issued an urgent advisory urging Fortinet customers to secure their FortiGate appliances against an ongoing malicious campaign dubbed FortiBleed, which has already comprom...

The average enterprise security team juggles 40 or more security tools, generating massive amounts of internal telemetry and asset data. Yet these tools operate in silos, producing...

The Gentlemen ransomware-as-a-service (RaaS) operation is actively maintaining a sophisticated suite of endpoint detection and response (EDR) killers to help its affiliates evade d...

A cluster of 23 deceptive Chrome browser extensions has been uncovered routing user searches through monetization middleware before delivering results, exposing roughly 758,000 aff...

Microsoft's Defender Security Research Team has disclosed details of a sophisticated Windows-based cryptocurrency clipper campaign that has been active since February 2026. The mal...

INC Ransomware has cemented its position as one of the most prolific ransomware-as-a-service (RaaS) operations in 2026, claiming more than 830 victims since its emergence in August...

INC Ransomware has emerged as one of the most operationally disciplined ransomware groups active in 2024-2025, achieving consistent success not through novel exploit chains or zero...

A French-speaking threat actor tracked as "Poisson" compromised a small French automotive business and demonstrated a persistence technique that survived the loss of his command-an...

Security teams today are drowning in findings but starving for context. Vulnerability scanners, CSPM tools, endpoint detection platforms, attack surface monitors, SAST scanners, an...

A newly discovered data leak dubbed "FortiBleed" has exposed a massive trove of Fortinet and FortiGate VPN credentials spanning 73,932 firewall URLs across 194 countries. Security ...

Organizations now manage thousands of human and non-human identities spread across cloud services, SaaS applications, endpoints, and remote environments. As hybrid work, BYOD polic...

A new analysis of 3,000 organizational attack surfaces reveals that unnecessary internet-facing services remain the weakest link in enterprise defense. Intruder's 2026 Attack Surfa...

Cybersecurity researchers from Morphisec, BlueVoyant, and Huntress have independently identified a wave of ClickFix social engineering campaigns distributing three new malware load...

Security researchers at Zimperium's zLabs have uncovered a new Android banking trojan dubbed Rokarolla, named after its command-and-control infrastructure. The malware targets 217 ...

A newly disclosed technique dubbed GhostTree exploits a little-known feature of the Windows NTFS file system to conceal malware from security scanners. By creating recursive direct...

Security teams are drowning in IP data but starving for context, according to a new industry study from Spur Intelligence. The survey of more than 200 security practitioners found ...

Threat intelligence firm Defused Cyber has reported active in-the-wild exploitation of three critical vulnerabilities in Fortinet FortiSandbox appliances over the past 24 hours. Th...

Cybersecurity researchers at ESET have uncovered two previously undocumented Windows variants of SprySOCKS, a backdoor long believed to operate exclusively on Linux systems. Intern...

A China-linked espionage group tracked as UNC6508 maintained undetected access to North American medical, academic, and military research networks for over a year, quietly siphonin...

Cybersecurity researchers at Socket have uncovered a sprawling network of 152 Google Chrome extensions posing as live wallpaper and new tab add-ons that covertly distribute a poten...

Cybersecurity researchers at Group-IB have exposed a sprawling social engineering campaign operated through Sniper Dz, a turnkey phishing-as-a-service (PhaaS) platform dismantled l...

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a high-severity authentication bypass vulnerability (CVSS 7.8) affecting the GlobalProtect VPN portal and gat...

The Chinese state-linked espionage group "Velvet Ant" maintained undetected access to a large organization's critical infrastructure for an extraordinary 10 years, according to res...

More than 400 packages in the Arch User Repository (AUR) have been compromised to distribute a Linux rootkit and infostealer malware designed to harvest developer credentials, acce...

Supply-chain attacks rarely appear under their real name in underground forums. Long before a malicious package, compromised update, or breached vendor makes headlines, the precurs...

Section 702 of the Foreign Intelligence Surveillance Act (FISA) expired at midnight Friday after Congress and the White House failed to reach a deal to renew the controversial spy ...

For the past decade, Managed Detection and Response (MDR) filled a critical gap in enterprise security by providing outsourced 24/7 alert triage for teams that couldn't staff round...

An INTERPOL-coordinated operation codenamed "Operation Ramz" has successfully disrupted Sniper Dz, a decade-old phishing-as-a-service (PhaaS) platform responsible for harvesting ov...

Europol has announced the takedown of AudiA6, an industrial-scale cryptocurrency laundering service that processed more than €336 million (~$389 million) in illicit funds since lau...

Phishing attack volume has declined by approximately 20% over the past reporting period, according to new data highlighted by Dark Reading, but the decline tells a misl...

A new deep-dive into The Gentlemen ransomware operation reveals that the financially motivated threat group has claimed 478 victims since emerging in March 2025, and now operates a...

The latest threat intelligence roundup reveals a staggering expansion of the identity-based attack economy, with Flashpoint reporting that infostealer infections on more than 11.1 ...

Law enforcement agencies across 11 countries have jointly dismantled "AudiA6," a cryptocurrency laundering service that processed more than $380 million in illicit proceeds for ran...

Vietnam-aligned threat actor OceanLotus has been linked to two parallel cyber-espionage campaigns targeting domestic entities, leveraging its signature SPECTRALVIPER backdoor in a ...

For three decades, vulnerability management depended on a buffer: the months between disclosure and weaponization. Triage by severity, schedule remediation, validate, and move on. ...

State-sponsored threat actors from China and North Korea are scaling up cyber operations across the Asia-Pacific region, leveraging tactical gains to pursue higher-value targets in...

Cybersecurity researchers at Lumen's Black Lotus Labs have identified a significant resurgence of JDY, a covert China-linked botnet that has expanded to over 1,500 compromised smal...

A clean penetration test report may look reassuring, but security leaders should read it as a warning sign, not a victory lap. According to Autumn Stambaugh and Can Yüceel of Picus...

Two Russia-aligned cyber-espionage campaigns have continued weaponizing CVE-2025-8088, a path-traversal vulnerability in WinRAR patched in July 2025, to compromise Ukrainian organi...

Despite record investment in SIEM platforms, firewalls, IAM systems, and AI-driven detection, enterprise network security teams are still struggling with the same fundamental probl...

A new supply chain offensive dubbed Hades has compromised 19 packages in the Python Package Index (PyPI), deploying 37 malicious wheel artifacts that silently install a Bun-based c...

New variants of the NFCShare Android malware are spreading through a phishing campaign that impersonates legitimate banking apps, with malicious APKs hosted on public GitHub reposi...

Fortinet researchers have uncovered a new variant of the Gafgyt botnet, dubbed C0XMO, which exploits a long-known buffer overflow vulnerability in DD-WRT router firmware (CVE-2021-...

The Silent Ransom Group, tracked by Mandiant as UNC3753 (also known as Luna Moth and Chatty Spider), is actively targeting U.S. law firms and professional services organizations wi...

Hackers are actively exploiting a critical unauthenticated remote code execution (RCE) vulnerability in the Everest Forms Pro WordPress plugin to seize full control of vulnerable w...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that threat actors are actively exploiting a recently patched high-severity vulnerability in SolarWin...

ESET researchers have uncovered a new Android spyware strain dubbed "Asin" that has been actively targeting Arabic-speaking users through a series of malicious apps disguised as le...

Threat actors are actively weaponizing a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin, putting an estimated 4,000 active installations at ...

Cybersecurity researchers and the FBI are sounding the alarm on a massive wave of FIFA-themed fraud targeting World Cup 2026 fans, just days before the June 11 opening match. With ...

The threat actor tracked as PCPJack has compromised at least 230 cloud servers across Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure, converting them into a ...

Cisco has released a patch for a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) and its Session Management Edition that allows an u...

Cybersecurity researchers at Check Point have uncovered a large-scale SEO poisoning operation that impersonates popular open-source and freeware projects to distribute malware thro...

Unknown attackers maintained undetected access to the Outlook mailbox of a senior executive at a major global stock exchange for at least five months, systematically exfiltrating c...

A state-sponsored cyber-espionage campaign attributed to Pakistan-linked threat actors has been uncovered targeting Afghanistan's Ministry of Finance, leveraging the open-source Xe...

Cybersecurity researchers at Huntress have uncovered a sophisticated malspam campaign that exploits Google's DoubleClick domain to bypass security filters and deliver a remote acce...

Assume the breach. Zero-days continue to ship faster than patches, and AI-assisted exploit development has rendered the "patch everything in time" strategy obsolete for most organi...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity vulnerabilities—one in the Android Framework and another in the Linux kernel—to its Kno...

Cybersecurity researchers at Huntress have disclosed an unpatched vulnerability in the Windows "search:" URI handler that can be weaponized to leak a user's NTLMv2 hash to a remote...

Cybersecurity researchers at McAfee Labs have uncovered a malware-as-a-service (MaaS) campaign dubbed Weedhack that has been actively targeting Minecraft players since January 2026...

A large-scale malware-as-a-service operation dubbed WeedHack has infected more than 116,464 systems since January 2026 by targeting Minecraft players with trojanized mods, clients,...

Google has rolled out its June 2026 Android security bulletin, addressing 124 vulnerabilities across the mobile operating system, including a high-severity privilege escalation fla...

Russian state-sponsored hacking group Gamaredon, officially linked to the Federal Security Service (FSB), has been exploiting a WinRAR path traversal vulnerability (CVE-2025-8088) ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Oracle WebLogic Server flaw, tracked as CVE-2024-21182, to its Known Exploited Vulnerabil...

Endpoint detection and response (EDR) has become a default investment for mid-sized organizations, yet owning an advanced platform does not automatically translate into operational...

A new supply chain attack campaign dubbed "Miasma" has compromised multiple @redhat-cloud-services npm packages to steal credentials and secrets from developer machines, ultimately...

Seqrite Labs has uncovered a sophisticated cyber espionage operation dubbed Operation Dragon Weave, targeting government officials, research institutions, and financial services in...

Security researchers at GoDaddy have uncovered a sophisticated WordPress malware campaign that leverages Steam Community profile comments to conceal command-and-control (C2) commun...

Dutch authorities have successfully dismantled a massive botnet infrastructure responsible for enslaving approximately 17 million compromised devices, including computers, tablets,...

The Iranian threat actor MuddyWater has been linked to a sophisticated cyber espionage campaign that compromised at least nine organizations across nine countries on four continent...

Multi-factor authentication (MFA) was designed to close a critical gap in identity security by requiring a second factor beyond passwords. However, attackers have developed a techn...

A critical high-severity vulnerability (CVE-2026-5426, CVSS 7.5) in Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) widely used in Japan, was actively exploi...

Threat actors are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980, CVSS 9.4) to compromise over 700 websites across multiple sectors includi...

Network Detection and Response (NDR) has long carried a reputation for being noisy and overwhelming security operations center (SOC) teams with alert fatigue. However, the emergenc...

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new nomination form enabling security researchers, vendors, and industry partners to submit vulnerabiliti...

Authorities in Europe and North America have successfully dismantled First VPN, a criminal VPN service specifically designed to anonymize ransomware operations and other cyberattac...

Jacob Butler, known in cybercrime circles as "Dort," has been arrested in Canada and faces criminal charges in both the United States and Canada for allegedly operating the Kimw...

Cybersecurity researchers from Lumen Technologies Black Lotus Labs have uncovered a sophisticated Linux malware campaign targeting a telecommunications provider in the Middle East ...

Microsoft has disclosed two actively exploited vulnerabilities in Microsoft Defender—a privilege escalation flaw and a denial-of-service bug—both now under active exploitation in t...

Ukrainian cyberpolice, working in coordination with U.S. law enforcement, have identified an 18-year-old male from Odesa suspected of orchestrating an infostealer malware operation...

INTERPOL's Operation Ramz has concluded with a significant blow to cybercriminal operations across the Middle East and North Africa (MENA) region. The coordinated crackdown, spanni...

Phishing attacks continue to evolve beyond simple credential harvesting, creating multi-stage risks that can compromise email systems, SaaS applications, cloud platforms, and inter...

In a concentrated 48-hour window, threat actors launched coordinated attacks against npm, PyPI, and Docker Hub, marking a significant escalation in software supply chain aggression...

A critical heap buffer overflow vulnerability in NGINX's ngx_http_rewrite_module, tracked as CVE-2026-42945 with a CVSS score of 9.2, is now under active exploitation mere days aft...

Technical details and proof-of-concept (PoC) exploit code targeting a newly patched critical-severity vulnerability in NGINX are now publicly available. Tracked as CVE-2026-42945 w...

Bitdefender's analysis of 700,000 high-severity incidents reveals that legitimate-tool abuse now accounts for 84% of attacks, fundamentally reshaping how organizations must approac...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20182, a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller...

The cybersecurity industry’s beloved “purple team” concept is broken by design. According to data from CISA KEV, VulnCheck KEV, and ExploitDB, the mean time from ...

German law‑enforcement agencies, led by the Federal Criminal Police Office (BKA) and the Hessian State Criminal Police Office (LKA Hessen) in close coordination with Europol’s Euro...

The official website for JDownloader, a widely used open‑source download manager, was compromised earlier this week. Attackers altered the download links for both Windows and Linux...

U.S. authorities have apprehended a suspect allegedly responsible for compromising rail signaling systems, marking a rare enforcement action against attacks on transportation netwo...

Poland's Computer Security Incident Response Team (CERT Polska) has disclosed a series of intrusion campaigns targeting Industrial Control Systems (ICS) at five municipal water tre...

RansomHouse, a known ransomware operation, has claimed responsibility for a breach at Trellix, a prominent cybersecurity vendor. The group posted several screenshots on a dark‑web ...

A Slovakian national, Alan Bill, 33, was sentenced on Thursday to 16 years (192 months) in federal prison after pleading guilty to conspiracy to distribute controlled substances. B...

Kaspersky researchers have uncovered a convergence between the pro‑Ukraine hacktivist group BO Team and the advanced threat actor Head Mare, revealing that the two have begun shari...

The Hacker News recently highlighted an emerging cybersecurity threat model dubbed "Patient Zero" that organizations increasingly struggle to detect. A specialized webinar hosted b...

A recent analysis of more than 25 million security alerts collected from a dozen global security operations centers (SOCs) over a six‑month period reveals that low‑severity events ...

Cybersecurity researchers have disclosed a previously unknown Linux backdoor called PamDOORa that is being actively advertised on the Russian cybercrime forum Rehub for $1,600 by a...

Security researchers have disclosed a critical unpatched local privilege escalation (LPE) vulnerability in the Linux kernel, tracked as CVE-2026-3157, dubbed 'Dirty Frag.' The flaw...

Modern threat actors launch campaigns that generate thousands of alerts per hour, leaving security operations centers (SOCs) drowning in data. Even with a larger team of analysts, ...

Ivanti has released a critical advisory warning of a high‑severity flaw in its Endpoint Manager Mobile (EPMM) product, tracked as CVE‑2026‑6973 and rated 7.2 on the CVSS scale. The...

Organizations often believe that securing a retainer with a reputable incident response (IR) firm or pre‑approving an external provider is sufficient to survive a cyber crisis. Whi...

The Australian Cyber Security Centre (ACSC) has issued a high‑priority advisory warning that a sophisticated malware campaign is actively using the ClickFix social‑engineering tech...

Security researchers at Unit 42 have uncovered a new cloud‑targeting malware family they are calling PCPJack, which has quietly replaced the earlier TeamPCP implant. PCPJack distin...

Ethan J. Rivera, a 20‑year‑old from Los Angeles, California, was sentenced on Friday to 78 months (6.5 years) in federal prison for his role in a sophisticated criminal operation t...

Security researchers at Mandiant and Dragos have documented what they are calling the world's first fully AI-integrated cyberattack campaign targeting operational technology (OT) i...

Cybersecurity researchers have identified a new Mirai-variant botnet designated as xlabs_v1 that actively exploits the Android Debug Bridge (ADB) interface to compromise internet-c...

The Hacker News (THN) has officially opened the call for entries for the Cybersecurity Stars Awards 2026, an initiative designed to shine a spotlight on the behind‑the‑scenes work ...

A sophisticated phishing campaign is leveraging Google’s sponsored search ads to mimic the login page of ManageWP, GoDaddy’s platform for centrally managing large fleets of WordPre...

Acronis researchers have documented a systematic shift in ransomware operations: before triggering encryption, threat actors now deliberately cripple backup infrastructure. Their 2...

hackmyip.com will host a live webinar titled "Why Network Incidents Escalate and How to Fix Response Gaps" on March 15, 2025 at 2:00 PM EST. The session will feature Alex Rivera, s...

Security researchers have linked a newly tracked China‑nexus threat cluster, designated UAT‑8302, to a wave of cyber‑espionage operations targeting government agencies in South Ame...

Microsoft’s Threat Intelligence Center (MSTIC) has released details of a large‑scale credential‑harvesting operation that successfully targeted roughly 35,000 users in 26 countries...

Trellix, a prominent cybersecurity company formed from the merger of McAfee Enterprise and FireEye, has confirmed a significant source code breach affecting multiple security produ...

The UC Berkeley Center for Long-Term Cybersecurity (CLTC) has launched a dedicated research hub designed to bridge the cybersecurity gap for schools, local governments, and non‑pro...

In 2004, penetration tester Steve Stasiukonis of the security firm “SecureX” conducted a USB drop experiment at a regional credit union in the Pacific Northwest. Armed with a batch...

Education technology provider Instructure has disclosed a significant data breach after a threat actor operating under the alias 'CSAMKing' claimed to have stolen approximately 280...

On April 8, 2026, Disc Soft Ltd. confirmed that the official DAEMON Tools Pro installer (version 8.0.0.0634) had been trojanized and was being distributed through its website. The ...

On 12 March 2026, Taiwanese authorities arrested a 23‑year‑old university student for allegedly compromising the TETRA (Terrestrial Trunked Radio) communication network that underp...

A Latvian national was sentenced on Friday to 8.5 years in a U.S. federal prison after being extradited to face charges related to his work as a "cold case" negotiator for the Russ...

An international law enforcement coalition dubbed 'Operation Crypto Shield,' led by the FBI, Europol, and China's Ministry of Public Security, has achieved a landmark victory again...

Physical cargo theft is no longer the domain of opportunistic street gangs; it has morphed into a high‑tech enterprise orchestrated by transnational cybercriminal syndicates. Accor...

Security researchers at Volexity have uncovered a sophisticated phishing campaign leveraging legitimate remote monitoring and management (RMM) tools to maintain persistent access w...

Twenty years ago, Dark Reading entered the cybersecurity media landscape without the traditional safety net of a print edition, proving that compelling content and editorial expert...

Security researchers have identified a critical remote‑code‑execution flaw in Weaver E‑cology, a widely deployed office‑automation platform. The vulnerability, tracked as CVE‑2026‑...

Kaspersky researchers identified a surge in phishing campaigns leveraging Amazon Simple Email Service (SES). Attackers abuse the trusted infrastructure by sending emails via verifi...

Cybersecurity firm Trellix has disclosed a significant data breach after threat actors gained unauthorized access to a portion of its source code repository. The incident, discover...

Amazon Simple Email Service (SES), the cloud‑based email sending platform offered by Amazon Web Services, is increasingly being weaponized by threat actors to distribute phishing e...

Fraudsters are not breaking into credit unions with zero‑days or ransomware; they are exploiting the normal loan origination workflow. Flare’s threat‑intelligence team uncovered a ...

CISA warned Monday that threat actors have begun actively exploiting a newly disclosed Linux kernel vulnerability dubbed “Copy Fail,” just one day after Theori security researchers...

Instructure, the educational technology company behind the popular Canvas learning‑management system, confirmed on March 5 2026 that unauthorized actors had accessed its internal n...

Security researchers have flagged a new iteration of the consent‑phishing tool known as ConsentFix, now labeled v3, which dramatically expands the scale and automation of attacks a...

Cybersecurity researchers have identified two distinct cybercrime groups orchestrating rapid, high‑impact extortion campaigns that operate almost entirely within Software‑as‑a‑Serv...

Cybersecurity researchers have uncovered a sophisticated espionage operation linked to Chinese state actors, targeting a broad spectrum of victims across Asia and a NATO member sta...

Managed security services are on a steep ascent, with the market expected to swell from $38.31 billion in 2025 to $69.16 billion by 2030, making cybersecurity the fastest‑growing s...

North Korean advanced persistent threat (APT) groups have consolidated their dominance over the cryptocurrency threat landscape in 2026, accounting for an estimated 76 % of all dig...

Dark Reading marks its 20th anniversary this month, reflecting on two decades of delivering timely cybersecurity news, analysis, and insights to professionals worldwide. Launched o...

Criminal IP, a provider of exposure‑based threat intelligence, announced a partnership with Securonix to embed its rich contextual data directly into the Securonix ThreatQ platform...

A federal court has sentenced two former cybersecurity incident response professionals to four years in prison each for their roles in conducting BlackCat (ALPHV) ransomware attack...

Security researchers at SentinelOne and WithSecure have uncovered a sophisticated Python-based backdoor named DEEP#DOOR that leverages legitimate tunneling services to establish co...

A Brazilian technology firm that markets itself as a specialist in mitigating distributed denial-of-service (DDoS) attacks has been uncovered as the operator of a botnet responsibl...

Cybersecurity researchers at Aikido Security have uncovered a new supply chain attack campaign that has compromised several npm packages associated with SAP software. The malicious...

In February 2026, a joint research team from SentinelLabs and the University of Calgary published a report revealing a paradigm shift in cyber‑attack tradecraft. The analysts, led ...

Security teams across industries are increasingly discovering that traditional vulnerability management approaches fail to accurately represent organizational risk. Despite closing...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security flaws—one affecting ConnectWise ScreenConnect and the other targeting Microsoft Win...

Chris Inglis, who served as NSA Deputy Director from 2011 to 2014 under Director Keith Alexander, has broken his silence on the agency's missteps during the Edward Snowden affair, ...

The ransomware ecosystem was rocked in early 2026 when two prominent ransomware‑as‑a‑service (RaaS) operations, 0APT and KryBit, turned on each other, spilling a treasure trove of ...

Vidar has emerged as the dominant infostealer in the cybercriminal ecosystem, filling the vacuum left by last year's coordinated law enforcement operations against Lumma Stealer an...

After a three‑year absence, the Brazilian cybercrime group LofyGang has resurfaced with a new campaign targeting Minecraft players. The outfit is deploying a freshly coded stealer ...

A Chinese national linked to the Silk Typhoon advanced persistent threat (APT) group has been handed over to U.S. authorities after being arrested in Italy in July 2025. Xu Zewei, ...

Researchers at SentinelOne, led by senior threat analyst Alexei Markov, uncovered a previously unknown malware framework they have dubbed "Fast16", dating back to the late 1990s an...

Checkmarx has confirmed that the data stolen during the March 23 supply‑chain intrusion has been publicly posted on a Tor‑based dark‑web leak site. The company’s incident response ...

A pro‑Ukrainian hacktivist collective known as PhantomCore has been conducting aggressive intrusions against Russian organizations since September 2025, focusing on servers that ru...

Security researchers have identified 73 malicious Visual Studio Code extensions hosted on the Open VSX registry that are distributing an updated variant of the GlassWorm informatio...

Security researchers at Group-IB have uncovered a large-scale smishing operation that combines fake CAPTCHA verification pages with International Revenue Share Fraud (IRSF) and cry...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling a...

The US Department of Justice has announced the indictment of 29 individuals linked to a cyber fraud syndicate operating from Myanmar, charging them with conspiracy to commit wire f...

In the past six months, a surge of AI‑powered phishing campaigns has reshaped the threat landscape, according to an analysis published by Dark Reading. Threat actors are moving awa...

Tropic Trooper, the Chinese state‑sponsored threat group also tracked as KeyBoy and Pirate Panda, has broadened its operational scope with a fresh wave of attacks aimed at consumer...

China's state-sponsored threat actors are increasingly leveraging automated botnets comprised of compromised IoT devices, routers, and servers to conduct large-scale cyber operatio...

According to the latest Dark Reading analysis, the weekly number of cyberattacks directed at African organizations dropped by 22 % over the past year, falling from roughly 5,400 in...

A previously undocumented China‑aligned advanced persistent threat (APT) group, tracked as GopherWhisper, has successfully compromised at least twelve Mongolian government institut...

Security researchers at multiple threat intelligence firms have observed a significant acceleration in The Gentlemen ransomware group's operational tempo and technical capabilities...

A newly identified Chinese advanced persistent threat (APT) group has launched a coordinated cyber‑espionage campaign against major Indian financial institutions and South Korean p...

NIST's National Vulnerability Database (NVD) has historically been the primary source of enriched CVE data, attaching CVSS v3.1 vector strings, severity ratings, affected product C...

Tycoon, a well‑known phishing collective that has long abused two‑factor authentication (2FA) bypass tricks, has quietly shifted to a new attack vector: OAuth 2.0 device‑code phish...

The UK Cabinet Office’s Emerging Technology Cybersecurity Division (ETCD), in close collaboration with the National Cyber Security Centre (NCSC), has publicly released results from...

German authorities have publicly exposed the identity of the notorious hacker known as "UNKN", linking the alias to 31‑year‑old Russian national Daniil Maksimov. Maksimov is allege...

Security researchers at SecureSphere Labs have uncovered a new file‑wiping worm they have named CanisterWorm, attributed to a financially motivated threat actor tracked under the a...

The U.S. Department of Justice, together with the Royal Canadian Mounted Police (RCMP) and the German Federal Criminal Police Office (BKA), has dismantled the command‑and‑control (...

Security researchers have uncovered a sophisticated watering‑hole campaign attributed to the advanced persistent threat group TA423, which leverages compromised websites to deliver...

A coordinated phishing operation attributed to the threat group 0ktapus has ensnared more than 130 organizations across multiple industries, according to researchers at Threatpost....