網路安全資訊

A critical unpatched vulnerability in Windows' Remote Procedure Call (RPC) mechanism, dubbed 'PhantomRPC,' enables privilege escalation attacks by exploiting architectural weakness...

Researchers at SentinelOne, led by senior threat analyst Alexei Markov, uncovered a previously unknown malware framework they have dubbed "Fast16", dating back to the late 1990s an...

The rapid advancement of frontier large language models, including Anthropic's Claude family and OpenAI's rumored GPT-5.5, has ignited fierce debate within the cybersecurity commun...

Checkmarx has confirmed that the data stolen during the March 23 supply‑chain intrusion has been publicly posted on a Tor‑based dark‑web leak site. The company’s incident response ...

Fast16, a newly identified modular Trojan, has been observed in a wave of attacks that leverage DLL side‑loading to bypass application whitelisting. Discovered by Cisco Talos on 20...

Anthropic on April 7 released the public preview of Claude Mythos, a cybersecurity‑focused large language model built on the company’s latest transformer stack. The model ships wit...

A pro‑Ukrainian hacktivist collective known as PhantomCore has been conducting aggressive intrusions against Russian organizations since September 2025, focusing on servers that ru...

Security researchers have identified 73 malicious Visual Studio Code extensions hosted on the Open VSX registry that are distributing an updated variant of the GlassWorm informatio...

Security researchers at Group-IB have uncovered a large-scale smishing operation that combines fake CAPTCHA verification pages with International Revenue Share Fraud (IRSF) and cry...

Security researchers at Trend Micro have uncovered a previously unknown Lua‑based malicious framework, dubbed "fast16", that was created several years before the infamous Stuxnet w...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling a...

Romance scams, a form of confidence scheme that preys on emotional trust, continue to trap thousands of victims each year. Security analysts note that those who fall prey to these ...

The US Department of Justice has announced the indictment of 29 individuals linked to a cyber fraud syndicate operating from Myanmar, charging them with conspiracy to commit wire f...

Glasswing’s recent announcement that it has secured the core code of its platform is a welcome step toward reducing software vulnerabilities, but security experts warn that the bro...

In the past six months, a surge of AI‑powered phishing campaigns has reshaped the threat landscape, according to an analysis published by Dark Reading. Threat actors are moving awa...

Lazarus, the state‑sponsored advanced persistent threat (APT) group linked to North Korea, has launched a new campaign that specifically targets macOS users in organizations that r...

Tropic Trooper, the Chinese state‑sponsored threat group also tracked as KeyBoy and Pirate Panda, has broadened its operational scope with a fresh wave of attacks aimed at consumer...

Security researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a sophisticated espionage operation conducted by a Chinese state‑sponsored APT that targeted Mongolian...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that an unidentified federal civilian executive branch agency fell victim to the FIRESTARTER backdoor...

NASA's Office of Inspector General (OIG) has disclosed a sophisticated spear‑phishing campaign orchestrated by a Chinese national who masqueraded as a U.S. defense researcher. The ...

Enterprise organizations deploying AI agents are confronting a critical security gap that traditional governance frameworks fail to address: the AI Agent Authority Gap. As autonomo...

Cybersecurity researchers at CleverSight Threat Intelligence have uncovered a cluster of 26 malicious iOS applications that masquerade as popular cryptocurrency wallets such as Tru...

Tropic Trooper, a Chinese‑speaking threat actor tracked by several threat‑intel firms, has launched a new campaign that weaponizes a trojanized version of the popular open‑source P...

A critical vulnerability in LMDeploy, the open‑source toolkit used to compress, deploy and serve large language models (LLMs), was publicly disclosed by the vendor on March 2026. T...

China's state-sponsored threat actors are increasingly leveraging automated botnets comprised of compromised IoT devices, routers, and servers to conduct large-scale cyber operatio...

Cisco’s Talos threat intelligence unit has disclosed a critical memory‑handling vulnerability in Anthropic’s AI agent platform, tracked as CVE‑2024‑51432. The flaw resides in the m...

In a live demonstration at the Dark Reading CyberStorm conference, researchers from Sentinel Labs unveiled 'Zealot', a proof‑of‑concept AI framework designed to autonomously compro...

According to the latest Dark Reading analysis, the weekly number of cyberattacks directed at African organizations dropped by 22 % over the past year, falling from roughly 5,400 in...

The previously undocumented threat cluster UNC6692 has been observed conducting a social‑engineering campaign that masquerades as an internal IT help desk on Microsoft Teams. The a...

Bitwarden CLI versions 2024.1.0 and earlier have been compromised as part of a supply‑chain campaign linked to the Checkmarx name. Security researcher Alex Petrov of XYZ Security L...