網路安全資訊

Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repos...

Raising $59 million to date, Opal also announced five senior leadership appointments. The post Opal Security Raises $23 Million for AI-Native Identity Governance appeared first on ...

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a C...

Japanese tech giant Toshiba and retail chain Muji are warning visitors that suspicious sign-in screens appearing on their websites may be harvesting credentials, in a supply chain ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that threat actors are actively exploiting a recently patched high-severity vulnerability in SolarWin...

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust...

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentP...

Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption....

ESET researchers have uncovered a new Android spyware strain dubbed "Asin" that has been actively targeting Arabic-speaking users through a series of malicious apps disguised as le...

Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has been observed targeting Microsoft In...

Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing i...

A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web mark...

Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been foun...

Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer s...

AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say....

The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security....

CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability. The post OWASP Incu...

Other noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The post In Other News: Anthr...

The package bundles two draft laws — a Chips Act 2.0 and a Cloud and AI Development Act (CADA) — alongside an Open Source Strategy and a roadmap for digitalizing the energy system....

Threat actors are actively weaponizing a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin, putting an estimated 4,000 active installations at ...

Cybersecurity researchers and the FBI are sounding the alarm on a massive wave of FIFA-themed fraud targeting World Cup 2026 fans, just days before the June 11 opening match. With ...

On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privil...

The ShinyHunters extortion group leaked roughly 234 GB of data allegedly stolen from the dental benefits administrator. The post Hackers Leak DentaQuest Information Impacting 2.6 M...

Over 100 bugs are critical or high-severity, mainly use-after-free and insufficient validation of untrusted input flaws. The post Chrome 149 Patches 429 Vulnerabilities appeared fi...

Experts commented on the EO’s voluntary nature, the balance between innovation and security, and potential implementation gaps. The post Industry Reactions to New Trump AI Cybersec...

Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Targ...

The company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 4...

The threat actor tracked as PCPJack has compromised at least 230 cloud servers across Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure, converting them into a ...

The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026...

Russian authorities have promoted Max as a domestic alternative to foreign messaging platforms such as Telegram and WhatsApp....