網路安全資訊

Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack. The post Ghost CMS Vulnerability Exploited to Hack Ove...

The affected third-party vendor has not been named, but one possible candidate is TriZetto. The post Oncology Institute Discloses Data Breach appeared first on SecurityWeek....

Radiology Associates of Richmond (RAR), a Richmond, Virginia-based medical imaging services provider, has disclosed a significant data breach affecting 266,183 individuals. The bre...

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financia...

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed Tr...

Many findings have been confirmed to be critical or high-severity vulnerabilities and the number will continue to increase.  The post Anthropic: Mythos Detected 23,000 Potential Vu...

Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first o...

Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories. The post DocketWise Data Breach Impacts 1...

Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in...

A coordinated campaign is actively exploiting a critical SQL injection flaw (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript that drives a ClickFix attack flow. Discove...

A sophisticated supply chain attack has compromised the Laravel Lang localization packages, affecting four repositories and potentially hundreds of historical versions. Security re...

Anthropic's Project Glasswing initiative has uncovered more than 10,000 high- or critical-severity vulnerabilities across systemically important software globally since its launch ...

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the package...

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases U...

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spoti...

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive c...

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS scor...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (K...

The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability ...

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new nomination form enabling security researchers, vendors, and industry partners to submit vulnerabiliti...

Authorities in Europe and North America have successfully dismantled First VPN, a criminal VPN service specifically designed to anonymize ransomware operations and other cyberattac...

The FBI has issued a critical advisory regarding Kali365, a Telegram-based Phishing-as-a-Service (PhaaS) platform that enables cybercriminals to compromise Microsoft 365 accounts b...

The bellwether lawsuit was the first of at least 1,200 to be brought by a school district against Meta, Snap, YouTube and TikTok for similar alleged harms. The other cases have not...

The Belarus-aligned threat actor Ghostwriter, also tracked as UAC-0057 and UNC1151, has been observed conducting sophisticated phishing campaigns against Ukrainian government entit...

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour...

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed fo...

Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, ...

Two former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. [...]...

Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]...

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. [...]...