Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis anβ¦
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in theΒ wild. TheΒ vulnerability, trackedΒ as CVE-2026β¦
Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.
Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe, OSS mobile cracking tool.
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025,Β following a two-yearΒ period of minimal targeting in theΒ region. β¦
ThreatΒ actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from thβ¦
As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterpriβ¦
Create and add in different products from other sites you sell on and categorize them to make it easier for people to find them.
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills.
"Skull vibration harmonics generated by vital signs" can be used to sign in to VR, AR, and MR headsets, according to emerging research.
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
Once CrowdStrikeβs nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.
The next majorΒ breach hitting your clients probably won't comeΒ from inside theirΒ walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a sβ¦
TheΒ maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean β¦
Cybersecurity researchersΒ have discovered a new version ofΒ the SparkCat malware on the Apple App Store and Google Play Store, more than a year after theΒ trojan was discovered targeβ¦
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1,Β 2026. "Eaβ¦
The company's 8-K filing notes "unauthorized access" and that it's activated business continuity plans and taken some systems offline.
AΒ large-scale credential harvesting operationΒ has beenΒ observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private kβ¦
CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real woβ¦
CiscoΒ has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remoteβ¦
As AI took center stage at this year's conference, experts debated automation, oversight and the evolving role of human intelligence in cybersecurity β despite the US government's β¦
AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference.
TheΒ latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. NoΒ corporate fluff or boring lectures here, just a quick and honest looβ¦
Augmented Marauder's multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly.
A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attackβwhether it leads to short or long-term outages.
In DecemberΒ 2025, we shared the first-ever The State of Trusted OpenΒ Source report, featuring insights from our product data and customer base on open source consumption across ourβ¦
AΒ financially motivated operationΒ codenamed REF1695Β has beenΒ observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since NovemberΒ 202β¦
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected withΒ spyware. According to β¦
AppleΒ onΒ Wednesday expanded the availability of iOS 18.7.7Β and iPadOS 18.7.7Β to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit β¦
A newly released study exclusively shared with Dark Reading details the unique circumstances that make up Latin America's labor pool, and why organizations may want to expand theirβ¦
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute aβ¦
Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombiaβs health sector.
A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks.
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesnβt build. It doesnβt enable. Its entire function is tβ¦
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamβ¦
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late Februβ¦
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The hiβ¦
Technology Talk: That forgotten notebook holds plenty of secrets to enterprise access.
_Brian_Jackson_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to whatβs next. Threat actors now use malware less frequently iβ¦
Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors.
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We β¦
