網路安全資訊

A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more....

A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools....

An improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared f...

The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘HTTP/2 Bomb’ E...

Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities. The post Microsoft Tries to Calm Legal Threat Fe...

The military branch would take 12 to 18 months to get up and running and also include roughly 5,000 members of the National Guard and up to 6,000 civilians, according to the commis...

Zoom CISO Sandra McLeod discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and her advice for aspiring cybersecurity...

A large-scale malware-as-a-service operation dubbed WeedHack has infected more than 116,464 systems since January 2026 by targeting Minecraft players with trojanized mods, clients,...

Google has rolled out its June 2026 Android security bulletin, addressing 124 vulnerabilities across the mobile operating system, including a high-severity privilege escalation fla...

Russian state-sponsored hacking group Gamaredon, officially linked to the Federal Security Service (FSB), has been exploiting a WinRAR path traversal vulnerability (CVE-2025-8088) ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Oracle WebLogic Server flaw, tracked as CVE-2024-21182, to its Known Exploited Vulnerabil...

Microsoft announced at its Build 2026 developer conference the release of Coreutils for Windows, a package that delivers common Linux command-line utilities as native Windows appli...

OpenAI says it's rolling out a new update that improves the existing GPT-5.5 Instant model, and this move comes ahead of the scheduled retirement of multiple legacy models, includi...

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to a...

A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. [...]...

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]...

As Zoom's CISO, Sandra McLeod, discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and advice for aspiring cybersecur...

Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing....

A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware....

China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware....

High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story....

The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release. The p...

The order notes that federal access to the models should be subject to “appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and non...

Microsoft is actively investigating a widespread service disruption affecting the mail flow pipeline for Exchange Online customers in North America and Germany. The incident, track...

Attackers have hijacked multiple high-value Instagram accounts by exploiting Meta's AI-powered support assistant, tricking it into transferring ownership using deepfake selfie vide...

The window between vulnerability disclosure and indiscriminate exploitation has collapsed from days to hours, driven by AI-powered tooling that automates discovery, reproduction, a...

AI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat det...

CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploit...

As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. T...

A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations. The pos...