Dark Reading

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade ...
CSO Online

Researchers warn of long‑running FortiSIEM root exploit vector as new CVE emerges

The latest phMonitor vulnerability continues a multiyear pattern of unauthenticated command‑injection flaws in Fortinet’s ...
Opinion
The Hacker NewsOpinion

What Should We Learn From How Attackers Leveraged AI in 2025?

Attackers in 2025 scale proven tactics like supply chain attacks, phishing, and store malware using automation and AI.

Victorian Department of Education says hackers stole students’ data

The Department of Education in Victoria, Australia, notified parents that attackers gained access to a database containing ...
CSO Online

Five Chrome extensions caught hijacking enterprise sessions

Malicious Chrome extensions posing as productivity tools were found stealing session tokens, blocking security controls, and ...
ET CIO

2026: The year identity becomes the governance layer for AI

In 2026, digital identity will become the critical layer for AI governance, especially in India, where oversight failures ...
Opinion
Security BoulevardOpinion

We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster

The recently disclosed ServiceNow vulnerability should terrify every CISO in America. CVE-2025-12420, dubbed “BodySnatcher,” represents everything wrong ...

Betterment Customer Data Exposed in Crypto Scam Hack

The breach occurred through a compromised third-party marketing platform, allowing attackers to impersonate the trusted ...

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

A couple of other interesting bugs that Childs points out are these two, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7 ...
The Silicon Review

n8n Supply Chain Attack Steals OAuth Tokens Via Nodes

A supply chain attack on n8n injected malicious community nodes to steal user OAuth tokens, highlighting critical risks in ...

Federal agencies told to fix or ditch Gogs as exploited zero-day lands on CISA hit list

CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the ...
InfoWorld

From typos to takeovers: Inside the industrialization of npm supply chain attacks

A dramatic spike in npm-focused intrusions shows how attackers have shifted from opportunistic typosquatting to systematic, credential-driven supply chain compromises — exploiting CI systems, ...