0

NIST Enrichment Reductions Impact CVE Coverage, Accuracy

Thứ Ba, 30 tháng 6, 2026
The National Institute of Standards and Technology (NIST) scaled back the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers.
0

Vulnerabilities Expose Private Data in Indian Government Systems

Thứ Hai, 29 tháng 6, 2026
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
0

Iran, Russia, China Target Water Systems for Sabotage

Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.
0

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.
0

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

Thứ Bảy, 27 tháng 6, 2026
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
0

New Initiative Tackles Security for End-of-Life Open Source Software

Thứ Sáu, 26 tháng 6, 2026
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.
0

AI Decline? Confidence in Autonomous Penetration Testing Falls

Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
0

Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions

Cisco joins a growing list of security platform providers who are betting that securing the agentic workforce means turning identity into the primary control plane.
0

In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw

Thứ Năm, 25 tháng 6, 2026
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
0

EdTech Attackers Shift From Schools to Their Software Suppliers

Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters' Notebook video series.
0

Local Police Collusion Hampers Crackdown on Asian Scam Centers

With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts.
0

Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure

Thứ Tư, 24 tháng 6, 2026
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
0

Do CISOs Need a Code of Ethics?

Kickbacks, no-show jobs, "dirty" VCs, and shelf ware — industry expert Robert "RSnake" Hansen explains why he thinks its time for a CISO code of ethics to ensure cybersecurity bosses aren't engaged in self-dealing that could risk enterprise, and even national, security.
0

More Malicious OpenClaw Skills Threaten AI Supply Chain

OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats.
0

Apple's MacOS Gap Lets Users Disable Security Tools

Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits.
0

Scope of Salesforce Attacks Expands as Icarus Leaks Data

Thứ Ba, 23 tháng 6, 2026
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
0

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

The CI/CD workflow weakness affects Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache's Doris analytics database, Cloudflare's Workers SDK, and Python Software Foundation's Black.
0

SocGholish Takedown Highlights Malicious TDS Threats

SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims' networks for cybercrime groups such as the notorious Evil Corp.
0

He Thought He Was Secure; His Phone Number Got Stolen Anyway

Threat actors can easily steal one-time passwords sent by text when they conduct a SIM swap attack. This can lead to account takeovers, so users must layer up their security measures.
0

DifyTap Bugs Let Attackers 'Wiretap' AI Chat Histories

Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data.
0

Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign

Thứ Hai, 22 tháng 6, 2026
Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.
0

Novo Nordisk Breach Exposes Software Development Pipeline Risk

Thứ Năm, 18 tháng 6, 2026
A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.
0

Operation Escaneo Signals Shift in LatAm Threat Landscape

The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two.
0

FIFA Bug Exposed World Cup Streams to Remote Takeover

A hacker could have "Rickrolled" the World Cup — or worse — thanks to FIFA's unenforced Entra access controls.
0

Salesforce Data Thefts Continue via Klue App Compromise

Klue's Battlecards is now the third integrated application that has been compromised to steal customers' Salesforce data, and victims include Huntress, the cybersecurity vendor.
0

Get Out of Security Debt by Tackling the Exposure Problem

Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?
0

EU Gets a Head Start in Developing 6G Network Security

"Shield-6G" will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow.
0

INC Ransomware Thrives by Mastering the Basics

Thứ Tư, 17 tháng 6, 2026
And one of those basics is focusing on sectors where a ransomware disruption creates immediate pressure to pay up, like with healthcare.
0

Security Community Slams US Ban on Exporting Mythos, Fable

Thứ Ba, 16 tháng 6, 2026
An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models.
0

HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk

The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.
0

Rokarolla Android Trojan Levels Up to Full Device Control, Persistence

The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with extensive device surveillance and remote control.
0

'Lorem Ipsum' Malware Pivots to ClickFix Delivery

New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society.
0

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

Thứ Hai, 15 tháng 6, 2026
The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.
0

Most CISOs Report Pressure to Bury Bad Security News

Executive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures.
0

The Beginning of the End of Social Engineering

AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.
0

US Cracks Down on Anthropic AI Models Amid Abuse Concerns

Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the AI models.
0

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

Thứ Sáu, 12 tháng 6, 2026
A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.
0

Claude Fable 5 Doesn't Change the Mythos Security Story

Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explained.
0

Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure

Thứ Năm, 11 tháng 6, 2026
Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.
0

Chinese, N. Korean Threat Groups Build on Asia-Pacific Success

Thứ Tư, 10 tháng 6, 2026
North Korea's gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms.
0

AI Risk Worries Insurers and Businesses Alike

As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage?
0

Bug Bounty Research Triggers ServiceNow Security Alert

Bug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances.
0

AI Slop Will Kill Cybersecurity Storytelling If We Let It

AI-generated content threatens credibility in cybersecurity. This "Ask the Expert" column explores why human oversight matters and how to maintain authentic narratives.
0

Blame AI: Patch Tuesday Hits Record 206 CVEs

Thứ Ba, 9 tháng 6, 2026
Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.
0

Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month.
0

Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks

Thứ Hai, 8 tháng 6, 2026
The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.
0

Check Point VPN Flaw Exploited Since Early May

A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
0

Iran Signed a Ceasefire — Its Hackers Didn't

An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.
0

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.
0

Exposed Fuel Tank Gauges Under Attack in the US

Thứ Sáu, 5 tháng 6, 2026
Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.
0

Rust-Written IronWorm Hits NPM Supply Chain

Thứ Năm, 4 tháng 6, 2026
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.
0

4 Critical Threats Where Attackers Have the Advantage

Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
0

Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs

Organizations are growing serious about what nation’s rules apply to their data. Experts point to geopolitical tensions as a main contributing factor.
0

Attackers Use AI to Automate EDR Evasion Testing

Thứ Tư, 3 tháng 6, 2026
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
0

Tropical Blend: Cyber & Politics Ramp Up Across Latin America

China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests.
0

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data.
0

FBI-Flagged Phishing Kit Kali365 Expands Its Reach

Thứ Ba, 2 tháng 6, 2026
Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing.
0

China Uses Dual-Method Cyberattack on Czech Orgs

China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.
0

Securing AI Agents Before They Go Rogue Is Next to Impossible

High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story.
0

Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense

Twenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orchestrated, and way more sophisticated than your dad's firewall.
0

Microsoft's Zero-Day Legal Threats Spark Backlash

Thứ Hai, 1 tháng 6, 2026
After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.
0

Anthropic to Open Mythos AI to EU's ENISA

The European security agency's entry to Project Glasswing is the result of "strong bilateral cooperation" between the European Commission and Anthropic.
0

Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit

Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.