Latest Cybersecurity News

Stay informed with real-time threat intelligence, vulnerability disclosures, and expert analysis from the cybersecurity community.

All Malware & Threats467 Vulnerabilities239 Data Breaches20 Ransomware0 APT & Threat Actors0 Cloud Security0 MENA Cybersecurity0 Compliance & Frameworks0 Tools & Tutorials0 Industry News1124

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

The Hacker News

Industry News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

OAuth tokens without expiry enable breaches like Drift attack on 700+ firms, bypassing MFA and exposing sensitive data.

The Hacker News3d ago7m4

Industry News

How the Story of a USB Penetration Test Went Viral

Dark Reading

Industry News

How the Story of a USB Penetration Test Went Viral

Two decades ago Dark Reading posted its first blockbuster — a story from a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making column with its author Steve Stasiukonis, Dark Reading sen...

Dark Reading3d ago1m4

Industry News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitra...

The Hacker News3d ago1m4

Vulnerabilities

Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)

SANS ISC

Vulnerabilities

Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)

Yup, that is for real.

SANS ISC3d ago1m4

Vulnerabilities

SSL.com rotates their root certificate today, (Tue, May 5th)

SANS ISC

Vulnerabilities

SSL.com rotates their root certificate today, (Tue, May 5th)

I just got an email from SSL.com last night, they are rotating &#;x26;#;xc2;&#;x26;#;xa0;out their root certificate today (May 5,2026). &#;x26;#;xc2;&#;x26;#;xa0;This is normal, business as usual stuff for a CA, but certificates get used for all kinds of things, and sometimes they aren&#;x26;#;39...

SANS ISC3d ago1m4

Google now offers up to $1.5 million for some Android exploits

BleepingComputer

Malware & Threats

Google now offers up to $1.5 million for some Android exploits

Google overhauls its Android and Chrome vulnerability rewards programs, offering bounties of up to $1.5 million for the most difficult exploits while scaling back payouts for flaws that artificial intelligence (AI) has made easier to find.

BleepingComputer3d ago2m4

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

SecurityWeek

Industry News

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

The most severe of these security defects could allow remote attackers to execute arbitrary code.

SecurityWeek3d ago2m4

Karakurt Ransomware Negotiator Sentenced to Prison

SecurityWeek

Industry News

Karakurt Ransomware Negotiator Sentenced to Prison

Deniss Zolotarjovs was directly involved in extortion strategies and in negotiations with victim companies.

SecurityWeek3d ago2m4

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

The Hacker News

Industry News

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

AI infrastructure exposes 1M services from 2M hosts due to weak defaults, increasing risk of data leaks and system compromise

The Hacker News3d ago6m4

Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison

BleepingComputer

Malware & Threats

Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison

A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his "cold case" negotiator role in the Russian Karakurt ransomware group.

BleepingComputer3d ago3m4

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

BleepingComputer

Malware & Threats

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices.

BleepingComputer3d ago3m4

Latest Cybersecurity News

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

How the Story of a USB Penetration Test Went Viral

How the Story of a USB Penetration Test Went Viral

How the Story of a USB Penetration Test Went Viral

How the Story of a USB Penetration Test Went Viral

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Cleartext Passwords in MS Edge&#x3f; In 2026&#x3f;, (Mon, May 4th)

Cleartext Passwords in MS Edge&#x3f; In 2026&#x3f;, (Mon, May 4th)

SSL.com rotates their root certificate today, (Tue, May 5th)

SSL.com rotates their root certificate today, (Tue, May 5th)

Google now offers up to $1.5 million for some Android exploits

Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server

Karakurt Ransomware Negotiator Sentenced to Prison

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)

Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)