網路安全資訊

Security researchers have uncovered a previously undocumented Linux implant, dubbed Quasar Linux (QLNX), that is actively targeting software developers. Discovered during an invest...

Education technology provider Instructure has disclosed a significant data breach after a threat actor operating under the alias 'CSAMKing' claimed to have stolen approximately 280...

On April 8, 2026, Disc Soft Ltd. confirmed that the official DAEMON Tools Pro installer (version 8.0.0.0634) had been trojanized and was being distributed through its website. The ...

On 12 March 2026, Taiwanese authorities arrested a 23‑year‑old university student for allegedly compromising the TETRA (Terrestrial Trunked Radio) communication network that underp...

The Federal Trade Commission announced a settlement with data broker Kochava and its subsidiary Collective Data Solutions (CDS) that prohibits them from selling or sharing precise ...

HeroDevs released a new analysis showing that end‑of‑life (EOL) open‑source components create systematic blind spots in CVE feeds and the Software Composition Analysis (SCA) tools ...

The ShinyHunters extortion group has claimed responsibility for a significant data breach at Vimeo, the popular online video platform owned by IAC. Security researchers first ident...

Google announced a major overhaul of its Android and Chrome vulnerability reward programs, raising the maximum payout to $1.5 million for the most sophisticated exploit chains targ...

A Latvian national was sentenced on Friday to 8.5 years in a U.S. federal prison after being extradited to face charges related to his work as a "cold case" negotiator for the Russ...

Security researchers have uncovered a new variant of the CloudZ remote‑access trojan (RAT) that delivers a previously undocumented plugin named Pheno. This plugin exploits the Micr...

The North Korean threat group APT37, also tracked as ScarCruft, has been observed delivering an Android variant of its BirdCall backdoor through a supply‑chain compromise of a popu...

Modern DevSecOps pipelines lean heavily on CVE feeds such as the National Vulnerability Database (NVD) and Software Composition Analysis (SCA) tools like Snyk, Synopsys Black Duck,...

Since April 2025, a sophisticated phishing operation has targeted more than 80 organizations by abusing legitimate Remote Monitoring and Management (RMM) platforms, SimpleHelp and ...

Progress Software has released urgent updates for MOVEit Automation (formerly Central) that address two security flaws, the most severe of which is a critical authentication bypass...

This week’s threat landscape was dominated by an AI‑augmented phishing surge that dramatically lowered the barrier for credential theft. Researchers at Cisco Talos documented a cam...

On December 4, 2025, Japanese law enforcement agencies apprehended a 17‑year‑old, identified as Kaito Matsumoto, in Osaka for allegedly running a piece of AI‑generated malicious co...

The China-based advanced persistent threat (APT) group Silver Fox, also tracked as Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne, has launched a sophi...

Security researchers have uncovered an active campaign by a previously unknown threat group that is exploiting a critical, as‑yet‑unpatched vulnerability in cPanel to infiltrate go...

An international law enforcement coalition dubbed 'Operation Crypto Shield,' led by the FBI, Europol, and China's Ministry of Public Security, has achieved a landmark victory again...

Physical cargo theft is no longer the domain of opportunistic street gangs; it has morphed into a high‑tech enterprise orchestrated by transnational cybercriminal syndicates. Accor...

Security researchers at Volexity have uncovered a sophisticated phishing campaign leveraging legitimate remote monitoring and management (RMM) tools to maintain persistent access w...

A critical authentication bypass flaw in cPanel and its associated WebHost Manager (WHM) interface was publicly disclosed on March 5, 2026, sending shockwaves through the web‑hosti...

Security researchers have uncovered a sophisticated campaign by the China-backed advanced persistent threat (APT) group Silver Fox, targeting organizations in India and Russia with...

Twenty years ago, Dark Reading entered the cybersecurity media landscape without the traditional safety net of a print edition, proving that compelling content and editorial expert...

Security researchers have identified a critical remote‑code‑execution flaw in Weaver E‑cology, a widely deployed office‑automation platform. The vulnerability, tracked as CVE‑2026‑...

Kaspersky researchers identified a surge in phishing campaigns leveraging Amazon Simple Email Service (SES). Attackers abuse the trusted infrastructure by sending emails via verifi...

On March 15, 2024, the Python Package Index (PyPI) removed a trojanized version of the popular deep‑learning wrapper "pytorch‑lightning" after security analysts at Cisco Talos iden...

Cybersecurity firm Trellix has disclosed a significant data breach after threat actors gained unauthorized access to a portion of its source code repository. The incident, discover...

Amazon Simple Email Service (SES), the cloud‑based email sending platform offered by Amazon Web Services, is increasingly being weaponized by threat actors to distribute phishing e...

Fraudsters are not breaking into credit unions with zero‑days or ransomware; they are exploiting the normal loan origination workflow. Flare’s threat‑intelligence team uncovered a ...