網路安全資訊

Dutch authorities have successfully dismantled a massive botnet infrastructure responsible for enslaving approximately 17 million compromised devices, including computers, tablets,...

Security researchers have identified active exploitation of a critical zero-day vulnerability in the WP Maps Pro WordPress plugin, tracked as CVE-2026-8732 with a severity rating o...

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate...

A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the ke...

Moscow’s agents are building fake companies, recruiting middlemen and deploying cyber spies and hackers who gather information that could be used to attack key infrastructure. The ...

The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code P...

Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a medium-severity authentication bypass vulnerability (CVSS 7.8) affecting PAN-OS and Prisma Access GlobalPro...

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 20...

California Attorney General Rob Bonta has filed a lawsuit against 23andMe (now Chrome Holding Co.) for failing to protect sensitive customer genetic and personal information during...

Security researchers at Permiso Security have uncovered a critical vulnerability in OpenAI's ChatGPT, dubbed ChatGPhish, that transforms the AI assistant's web summarization featur...

Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. ...

As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry's last two decades....

Sysdig researchers have documented a sophisticated cyberattack where threat actors deployed a large language model (LLM) agent to automate post-exploitation activities following th...

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 20...

DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market ha...

Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]...

Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]...

The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing....

Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service....

Noteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attack...

The notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April. The post Charter Communications Data Breach Could Impact Nearly 5 ...

MokN's platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abuse occurs. The post MokN...

The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch na...

Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security ...

Security researchers at Red Access have uncovered a alarming trend in enterprise data exposure through what they term the 'Shadow Builders' phenomenon. In a comprehensive investiga...

Cybersecurity researchers have uncovered a malicious NuGet package disguised as an official C# software development kit for Sicoob, one of Brazil's largest cooperative financial sy...

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corpora...

A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. [...]...

A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentra...

The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data b...