Latest Cybersecurity News

Stay informed with real-time threat intelligence, vulnerability disclosures, and expert analysis from the cybersecurity community.

All Malware & Threats472 Vulnerabilities240 Data Breaches20 Ransomware0 APT & Threat Actors0 Cloud Security0 MENA Cybersecurity0 Compliance & Frameworks0 Tools & Tutorials0 Industry News1129

Industry News

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

Dark Reading

Industry News

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills.

Dark ReadingApr 3, 20261m5

TrueConf Zero-Day Exploited in Asian Government Attacks

SecurityWeek

Industry News

TrueConf Zero-Day Exploited in Asian Government Attacks

A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads.

SecurityWeekApr 3, 20263m5

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

SecurityWeek

Industry News

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident.

SecurityWeekApr 3, 20265m5

Critical ShareFile Flaws Lead to Unauthenticated RCE

SecurityWeek

Industry News

Critical ShareFile Flaws Lead to Unauthenticated RCE

The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server.

SecurityWeekApr 3, 20262m5

Industry News

CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry

Dark Reading

Industry News

CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry

Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry.

Dark ReadingApr 3, 20261m5

Microsoft still working to fix Exchange Online mailbox access issues

BleepingComputer

Malware & Threats

Microsoft still working to fix Exchange Online mailbox access issues

Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks.

BleepingComputerApr 3, 20262m5

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The Hacker News

Industry News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply chains.

The Hacker NewsApr 3, 20263m5

Mobile Attack Surface Expands as Enterprises Lose Control

SecurityWeek

Industry News

Mobile Attack Surface Expands as Enterprises Lose Control

Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk.

SecurityWeekApr 3, 20266m5

Industry News

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The Hacker News

Industry News

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it...

The Hacker NewsApr 3, 20261m5

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

SecurityWeek

Industry News

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems.

SecurityWeekApr 3, 20263m5

T-Mobile Sets the Record Straight on Latest Data Breach Filing

SecurityWeek

Industry News

T-Mobile Sets the Record Straight on Latest Data Breach Filing

The cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek.

SecurityWeekApr 3, 20262m5

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

SecurityWeek

Industry News

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults.

SecurityWeekApr 3, 20264m5