Latest Cybersecurity News

How the Story of a USB Penetration Test Went Viral

Dark Reading

How the Story of a USB Penetration Test Went Viral

Two decades ago Dark Reading posted its first blockbuster — a story from a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making column with its author Steve Stasiukonis, Dark Reading sen...

Dark Reading3d ago1m2

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitra...

The Hacker News3d ago1m2

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

The most severe of these security defects could allow remote attackers to execute arbitrary code.

SecurityWeek3d ago2m2

Karakurt Ransomware Negotiator Sentenced to Prison

Karakurt Ransomware Negotiator Sentenced to Prison

Deniss Zolotarjovs was directly involved in extortion strategies and in negotiations with victim companies.

SecurityWeek3d ago2m2

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

AI infrastructure exposes 1M services from 2M hosts due to weak defaults, increasing risk of data leaks and system compromise

The Hacker News3d ago6m2

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs

The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests.

SecurityWeek3d ago2m2

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft spreads BirdCall via sqgame.net since late 2024, targeting Android users, enabling surveillance and data theft.

The Hacker News3d ago4m2

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year.

SecurityWeek3d ago3m2

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

CVE-2026-22679 exploited via debug endpoint in Weaver E-cology before 20260312, enabling RCE and system compromise.

The Hacker News3d ago2m2

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft disclosed a credential theft campaign targeting 35,000+ users at 13,000+ organizations across 26 countries.

The Hacker News3d ago6m2

Physical Cargo Theft Gets a Boost From Cybercriminals

Dark Reading

Physical Cargo Theft Gets a Boost From Cybercriminals

Cargo theft is no longer about small groups of criminals operating on the ground, but transnational cybercriminal syndicates using access to supply chain systems to reroute goods.

Dark Reading3d ago1m2

RMM Tools Fuel Stealthy Phishing Campaign

Dark Reading