網路安全資訊

Japan’s financial services industry is on high alert after the release of Anthropic’s latest large language model, internally dubbed “Claude Mythos,” which early demonstrations sug...

Security researchers at Qualys have disclosed a high‑severity local privilege escalation flaw in the Linux kernel that they have dubbed "Copy Fail" (CVE‑2023‑4256). The vulnerabili...

Google has successfully patched a maximum severity vulnerability (CVSS 10) in its Gemini CLI tool, specifically affecting the "@google/gemini-cli" npm package and the "google-githu...

Security researchers have uncovered a new phishing-as-a-service platform called Bluekit that advertises more than 40 ready‑made templates targeting popular online services such as ...

Security researchers at Wiz have leveraged an AI‑powered reverse‑engineering engine to uncover a high‑severity flaw in GitHub’s continuous integration infrastructure that would hav...

Security researchers using an AI‑driven code analysis platform identified 38 distinct vulnerabilities in the OpenEMR electronic health record (EHR) system, including 12 rated criti...

A newly identified ransomware strain named Vect 2.0 has been observed executing wiper‑style attacks against organizations compromised through the TeamPCP software supply chain. The...

A coordinated cyberattack leveraging a newly identified wiper malware, named Lotus Wiper, has struck several energy companies and utility providers in Venezuela, according to a rep...

Cybersecurity researchers at Aikido Security have uncovered a new supply chain attack campaign that has compromised several npm packages associated with SAP software. The malicious...

Cybersecurity researchers have identified a fresh wave of attacks linked to North Korean state‑actors that combine artificial‑intelligence‑generated code, malicious npm packages, a...

In February 2026, a joint research team from SentinelLabs and the University of Calgary published a report revealing a paradigm shift in cyber‑attack tradecraft. The analysts, led ...

Security teams across industries are increasingly discovering that traditional vulnerability management approaches fail to accurately represent organizational risk. Despite closing...

cPanel and its WebHost Manager (WHM) product line contain a critical authentication flaw that could allow a remote attacker to bypass login controls and gain full control of the ho...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security flaws—one affecting ConnectWise ScreenConnect and the other targeting Microsoft Win...

Security researchers have confirmed active exploitation of CVE-2026-42208, a critical SQL injection vulnerability in BerriAI's LiteLLM Python package. The flaw, which was disclosed...

BlueNoroff, the North Korean threat group tracked as an advanced persistent threat (APT), has refined its attack playbook by weaponizing fake Zoom calls to snare cryptocurrency exe...

Chris Inglis, who served as NSA Deputy Director from 2011 to 2014 under Director Keith Alexander, has broken his silence on the agency's missteps during the Edward Snowden affair, ...

The ransomware ecosystem was rocked in early 2026 when two prominent ransomware‑as‑a‑service (RaaS) operations, 0APT and KryBit, turned on each other, spilling a treasure trove of ...

Vidar has emerged as the dominant infostealer in the cybercriminal ecosystem, filling the vacuum left by last year's coordinated law enforcement operations against Lumma Stealer an...

Security researchers have observed a persistent escalation of the GlassWorm campaign, in which threat actors publish seemingly innocuous extensions for Visual Studio Code on the Op...

Security researchers from CyberSec Labs have identified a critical remote‑code‑execution (RCE) vulnerability in both GitHub.com and GitHub Enterprise Server. Tracked as CVE‑2026‑38...

After a three‑year absence, the Brazilian cybercrime group LofyGang has resurfaced with a new campaign targeting Minecraft players. The outfit is deploying a freshly coded stealer ...

The cyber‑crime group behind the VECT 2.0 ransomware has been observed deploying a strain that behaves more like a data‑wiper than conventional ransomware. In recent incidents targ...

In the rush to hybrid cloud adoption, many organizations treat data movement as a simple connectivity chore. Open a ticket, spin up an SFTP gateway, push the data across, and consi...

Cybersecurity researchers from Eclypsium have disclosed a critical, unpatched vulnerability in Hugging Face’s open‑source robotics framework LeRobot, which boasts nearly 24,000 Git...

In the past, security teams could count on a brief, predictable window between the disclosure of a vulnerability and the release of a patch. That buffer has all but vanished as AI-...

A Chinese national linked to the Silk Typhoon advanced persistent threat (APT) group has been handed over to U.S. authorities after being arrested in Italy in July 2025. Xu Zewei, ...

Silverfort’s identity threat research team disclosed a critical misconfiguration in a Microsoft Entra ID administrative role designed for AI agents. The role, named “AI Service Adm...

Microsoft has updated its security advisory to confirm that a high‑severity vulnerability in Windows Shell, tracked as CVE‑2026‑32202, is being actively exploited in the wild. The ...

Cybersecurity researchers have identified a sophisticated campaign conducted by the threat actor UNC6692, who is combining social engineering, custom malware, and cloud infrastruct...