164 stories from 24 sources
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vul…
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exp…
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the…
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on…
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day January 2026 saw 23 actively exploited CVEs, including APT28’s Microsoft Office zero-day and critical au…
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including o…
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day March 2026 saw a 139% increase in high-impact vulnerabilities, with Recorded Future's Insikt Gr…
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from ther…
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come unde…
CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attack…
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Ransomware and vendor breaches persist. The "2026 Data Breach Investigations Report" (DBIR) highlights how evolving social engineering tactics make…
Your Supply Chain Breach Is Someone Else's Payday A supply chain attack by TeamPCP compromised trusted software tools to harvest credentials at scale, enabling payroll fraud, logistics theft, and ransomware extortion.
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active install…
Hypersonic Supply Chain Attacks: One Solution That Didn’t Need to Know the Payload Learn how SentinelOne has stopped three recent zero-day supply chain attacks with AI-driven defense built for machine-speed threats.
Microsoft's Zero-Day Legal Threats Spark Backlash After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.
注意喚起: Cisco ASAおよびFTDにおける複数の脆弱性(CVE-2025-20333、CVE-2025-20362)に関する注意喚起 (更新)
注意喚起: Palo Alto Networks製PAN-OSにおける認証回避の脆弱性(CVE-2026-0265)に関する注意喚起 (公開)
ZEC drops 30% as Shielded Labs reveals more about infinite counterfeit bug ZEC market capitalization fell by almost $3 billion over the past 24 hours following the disclosure of a critical vulnerability, despite it bein…
NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases The catalog revision is part of NIST’s response to a recent executive order on strengthening the nation’s cybersecurity.
ZEC Crashes 38% as Zcash Discloses ‘Critical Counterfeiting Vulnerability’ An Orchard vulnerability that allowed undetectable counterfeiting of ZEC in its shielded pool has reignited debate over privacy coins.
4 Critical Threats Where Attackers Have the Advantage Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
CISA Warns of FIRESTARTER Malware Targeting Cisco ASA including Firepower and Secure Firewall Products
CISA Issues Updated RESURGE Malware Analysis Highlighting a Stealthy but Active Threat
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days befor…
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspec…
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gainin…
Hackers Leak DentaQuest Information Impacting 2.6 Million The ShinyHunters extortion group leaked roughly 234 GB of data allegedly stolen from the dental benefits administrator. The post Hackers Leak DentaQuest Informat…
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals The company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI S…
Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense Twenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orches…
With Complex Cloud Integrations, Small Errors Lead to Major Compromises Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a…
Canvas Breach Disrupts Schools & Colleges Nationwide An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities…
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and pri…
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer…
IT threat evolution in Q1 2026. Non-mobile statistics The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, dur…
BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.
Digital Citizenship Glossary: Key Terms Every Internet User Should Know A glossary of key internet terms every user should know to protect themselves from scams, phishing, malware, and other digital threats.
Ransomware Actors Show Up In Person to Steal Law Firm Data The FBI warned that the extortion gang Silent Ransom Group is targeting law firms and social-engineering its way into servers and databases.
Lazarus Doesn't Need AGI Explore the 2026 Claude Mythos breach, supply chain risks, and the $2B+ crypto theft pipeline.
Attackers Use AI to Automate EDR Evasion Testing Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Threat Activity Enablers: The Backbone of Today’s Threat Landscape Behind every ransomware demand, botnet, or threat activity group is a server sitting in a data center.
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-M…
Update on regulated medical device apps in the European Economic Area, United Kingdom, and United States To provide additional transparency to customers, the App Store will now display whether an app is a regulated medi…
Apple Push Notification service server certificate update The Certification Authority (CA) for Apple Push Notification service (APNs) is changing. APNs will update the server certificates in sandbox on January 20, 2025,…
Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats This week, Apple released iOS 26.5 , an update that supports end-to-end encryption for Rich Communication Services (RCS), meaning conversations between…
NIST NVD Enrichment Policy Change: Prioritizing Vulnerabilities with Attacker Behavior Signals NVD enrichment now covers only 15–20% of CVEs. Learn how Recorded Future Vulnerability Intelligence prioritizes risk using r…
NIST Guidelines Can Help Organizations Detect Face Photo Morphs, Deter Identity Fraud Face morphing software, which combines photos of different people into a single image, is being used to commit identity fraud.
Draft NIST Guidelines Rethink Cybersecurity for the AI Era New guidelines can help an organization determine ways to incorporate AI into its operations while mitigating cybersecurity risks.
NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States There are currently more than 514,000 cybersecurity job openings in the U.S.
Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines Cybersecurity and privacy risks can threaten patient confidentiality.
Your AI bill is out of control. Cloudflare can fix it now.
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate…
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybe…
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") t…
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., G…
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called…
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apa…
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targetin…
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults d…
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing al…