Attack & News

Latest cybersecurity news, threat reports, and attack campaigns

All Feeds Attack & News Gov Alerts / ISAC Vulnerability Alerts Privacy & Governance Fraud & Scams

506 articles

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-s…

NEWShighCyberScoopabout 2 hours ago

CISA directive orders agencies to prioritize vulnerability patching in a new way

A vulnerability that meets all four criteria would need to be fixed within three days, for instance. The post CISA directive order…

NEWSInfosecurity Magazineabout 2 hours ago

Fake Software Tutorials on TikTok Spread Vidar Stealer

Threat actors push fake free-software tutorials on TikTok and Instagram to spread Vidar stealer

NEWSInfosecurity Magazineabout 2 hours ago

New SilabRAT Trojan Hijacks Sessions to Steal Crypto

MaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal crypto

NEWShighInfosecurity Magazineabout 2 hours ago

Cybersecurity Software Fails to Detect Fifth of Brower-Based Phishing Attacks

Menlo Security research warns that as enterprise applications become increasingly browser based, traditional cybersecurity tools l…

NEWSHackreadabout 3 hours ago

ServiceNow Discloses Security Incident Exposing Customer Data

ServiceNow applied a security update after an API access issue exposed customer data, with affected firms notified through direct…

NEWScriticalThe Hacker Newsabout 3 hours ago

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result i…

NEWShighThe Hacker Newsabout 3 hours ago

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applic…

NEWSBleeping Computerabout 3 hours ago

China-linked JDY botnet expands targeting of U.S. military networks

The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded i…

NEWShighThe Hacker Newsabout 3 hours ago

CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited…

NEWSBleeping Computerabout 4 hours ago

The 5 Best Practices for Secure Identity Verification

Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Speco…

NEWSKrebs on Securityabout 4 hours ago

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attractin…

NEWSSecurityWeekabout 4 hours ago

Infostealers Turn Millions of Devices Into Credential Theft Machines

As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomwa…

NEWSWired Securityabout 4 hours ago

Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US

The ACLU is suing two Florida police departments over the arrest of a Fort Myers man in a child-abduction case, saying officers tr…

NEWSSecurityWeekabout 4 hours ago

Cyera Raises $600 Million at $12 Billion Valuation

Cyera is positioned as one of the most valuable privately held cybersecurity firms in the world with total funding topping $2 bill…

NEWScriticalBleeping Computerabout 4 hours ago

Microsoft patches Exchange Server zero-day exploited in attacks

Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScrip…

NEWSThe Registerabout 5 hours ago

GitHub pulls pin on npm's auto-run scripts

Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors

NEWSHackreadabout 5 hours ago

Cloud Security Report Finds Fragmented Tools Widening the Cloud Complexity Gap

Washington D.C., USA, 10th June 2026, CyberNewswire

NEWSSecurityWeekabout 6 hours ago

Aryon Security Raises $29 Million in Series A Funding

In the post-Mythos era, the company’s platform helps organizations enforce security controls across environments. The post Aryon S…

NEWScriticalSecurityWeekabout 6 hours ago

Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers

Claroty researchers have analyzed the security of Vertiv UPS network cards and the Trane Tracer SC+ HVAC controller. The post Crit…

NEWSSecurityWeekabout 6 hours ago

CISO Forum Webinar Today: 2026 Mid-Year Review

Learn more about protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI g…

NEWScriticalSecurityWeekabout 6 hours ago

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. The post New Windows…

NEWSBleeping Computerabout 6 hours ago

Microsoft: Some Windows PCs fail to install latest monthly updates

Microsoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that…

NEWScriticalThe Registerabout 7 hours ago

Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9

Remote, unauthenticated RCE with root privileges is about as bad as it gets

NEWSInfosecurity Magazineabout 7 hours ago

New Fable 5 Is a "Mythos-Class" LLM Available to All, Anthropic Announces

Anthropic unveils Claude Mythos 5 and Fable 5, a restricted-access frontier AI model and guardrailed version for everyone to use

NEWSSecurityWeekabout 7 hours ago

After AI Reaches Production: 12 Ways Security Teams Can Take Control

Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and…

NEWSThe Hacker Newsabout 8 hours ago

Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar

Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to d…

NEWSInfosecurity Magazineabout 8 hours ago

Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data Shows

Nearly 26% of identity crime victims faced multiple incidents in the past year, as ITRC warns of a growing "multi-layered crisis"

NEWSWired Securityabout 8 hours ago

Soccer Fans, You’re Being Watched

From anti-drone tech to face recognition, 2026 World Cup stadiums in the US, Canada, and Mexico are subjecting fans to an array of…

NEWSWired Securityabout 8 hours ago

Mapping Every Flock License Plate Reader Near US World Cup Stadiums

Most US World Cup stadiums are surrounded by surveillance cameras. Want to know if you’re being watched on your way to a match? Th…