News Feed

Black Hat USA

Name That Toon Contest

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Infosecurity Europe

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]

New CIFSwitch Linux flaw gives root on multiple distributions

A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]

Name That Toon: Mark of (Cybersecurity) Progress

As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry's last two decades.

ChatGPT share links abused to host fake outage pages to deliver malware

Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]

California AG sues 23andMe over 2023 breach exposing health data

California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]

Asia's Cyber Insurance Market Shows Signs of Life

The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing.

From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market

DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. [...]

Dutch govt disrupts malware botnet with 17 million infected devices

Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]

Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more

Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.

With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service.

Chris Lamprecht: The First Person In History To Be Legally Banned From The Internet

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 28, 2026 – Listen to the podcast A 1997 WIRED story reported on Chris Lamprecht, the first person to be legally banned from using the Internet. When U.S. District Court Judge Sam The post Chris Lamprecht: The …

Google Chrome adds session cookie theft protection for all users

Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]

'The Com' Cyberattacks Support Violence & Sexploitation

Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.

Man sent to prison for selling data of 7 millions elderly Americans

A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. [...]

US charges Google security engineer with Polymarket insider trading

A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market. [...]