Real cyber-threats unfolding around the world right now — ransomware, phishing, malware, breaches and zero-day exploits. Click any threat to see what happened and exactly how to stay protected.
The Dutch Police announced the arrest of multiple individuals suspected of being part of an international investment fr…
Nearly a dozen vulnerable and now revoked UEFI shim bootloaders remained trusted for years, giving attackers a path to …
Email attacks overtook exploits as the top ransomware root cause last year. Multifactor authentication (MFA) was deploy…
Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could b…
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things (IoT) botnet framework d…
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent a…
We're thrilled to unveil the latest evolution of Dark Reading's DR Global section — your go-to source for region-specif…
The US government's restrictions on Anthropic and OpenAI frontier models have intensified calls in the UK and other cou…
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack …
A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is buil…
When combined with another exploit, the "PromptFiction" vulnerability, which has been fixed, could have enabled an end-…
Intruder built an AI-powered "vulnerability vending machine" that combines code slicing with LLMs to automatically disc…
Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been pu…
Simple age-old bugs give bad actors access to developers' secrets and source code-rich environments.
Developed by CISA, the National Security Agency (NSA) and international partners, this joint guidance contains best pra…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of activ…
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workfl…
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called Le…
A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full acc…
Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No …
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting …
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, a…
Microsoft is blocking this month's Windows 11 security updates on some Dell devices because they are causing shutdowns …
The West African country advanced rules to force organizations to disclose cyberattacks, joining other nations in a shi…
U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof …
SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 s…
CardinalOps will give Cribl customers the ability to map detection rules and security controls to the MITRE ATT&CK fram…
Three of the 622 CVEs for which Microsoft issued patches this week are zero-days; there are more than 60 critical vulne…
SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-…
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems an…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of acti…
View CSAF Summary ABB is aware of public reports of a vulnerability CVE‑2026‑31431 (Copy Fail) in the product versions …
View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory, where …
View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory. An upd…
CISA is aware of active exploitation of vulnerabilities CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, enabling cy…
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read or delete files, stop t…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contracto…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active …
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software i…
This report contains industrial threat statistics for Q1 2026, including industrial threat distribution by type, source…
The OAuth 2.0 Device Authorization Grant specification was designed to streamline authentication for Smart TVs, IoT dev…
An inside look at the active Armored Likho APT campaign. The attackers are using spear-phishing, AI-generated loaders, …
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains asso…
Kaspersky Compromise Assessment specialists analyze trends from the service's 2025 projects and provide tips on how to …
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via …
Researching OpenClaw vulnerabilities, malicious skills, and other security issues with the popular agent, and providing…
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications …
Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a …
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack tha…
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay…
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidl…
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and su…
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly def…