Real cyber-threats unfolding around the world right now — ransomware, phishing, malware, breaches and zero-day exploits. Click any threat to see what happened and exactly how to stay protected.
A new security advisory has been reported. Click "Read full advisory" for the complete technical details.
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating …
Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including compute…
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracke…
A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attacker…
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Acces…
As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures …
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to do…
California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failu…
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial int…
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions a…
The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could b…
DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller…
Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local…
Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities th…
Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolli…
Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal ga…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active …
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting …
A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 milli…
Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees b…
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit f…
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to…
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set…
The future of cybersecurity is germinating, as nation states vie for dominance in the embodied AI market and its supply…
Dutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider's core…
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allow…
AI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap.
In this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizat…
View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmwar…
View CSAF Summary Successful exploitation of this vulnerability could result in an attacker gaining administrator acces…
View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attack…
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary han…
View CSAF Summary Schneider Electric is aware of a vulnerability in its EcostruxureTM Machine Expert HVAC product. The …
View CSAF Summary Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the…
CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ec…
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights…
Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the disco…
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT i…
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency…
Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor…
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a f…
We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public…
This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new …
The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as…
Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their c…
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are provin…
Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching…
During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp serv…
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and c…
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has bee…
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire …
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating syste…