cyber
·
news
News
Deep Dives
Settings
Sign in
2160 items
Unread (2160)
All
Dismissed
All
Critical
High
Supply Chain
Ransomware
Breaches
Zero-Day
CVEs
HIGH
CVE-2024-47091 (CVSS 7.8) — Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2....
NVD
CVE-2024-47091
24d ago
INFO
Attackers Weaponize RubyGems for Data Dead Drops
rss:darkreading
breaches
malware
threat-actors
+2
24d ago
INFO
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
The Hacker News
25d ago
INFO
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
The Hacker News
25d ago
INFO
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
The Hacker News
supply-chain
breaches
malware
+19
1d ago
INFO
VoidStealer Malware Darts Past Google Chrome's Encryption
rss:darkreading
31d ago
INFO
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
The Hacker News
25d ago
INFO
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
rss:googleprojectzero
25d ago
INFO
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
SecurityWeek
16d ago
INFO
Google accidentally exposed details of unfixed Chromium flaw
BleepingComputer
16d ago
INFO
Google API Keys Remain Active After Deletion
rss:darkreading
16d ago
INFO
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
The Hacker News
10d ago
INFO
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
SecurityWeek
9d ago
INFO
US charges Google security engineer with Polymarket insider trading
BleepingComputer
8d ago
INFO
Google Chrome adds session cookie theft protection for all users
BleepingComputer
8d ago
INFO
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
The Hacker News
6d ago
INFO
Google fixes one actively exploited Android zero-day, 124 flaws
BleepingComputer
4d ago
INFO
Google adds Android protection against AI deepfake scam calls
BleepingComputer
4d ago
INFO
Malicious Notifications Could Trick Google Gemini Users
rss:darkreading
3d ago
INFO
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
The Hacker News
3d ago
INFO
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
The Hacker News
3d ago
INFO
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
The Hacker News
2d ago
INFO
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
The Hacker News
2d ago
INFO
Gemini Voice Assistant Hijacked via Messaging Notifications
SecurityWeek
2d ago
CRITICAL
CVE-2025-11159 (CVSS 9.1) — Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 da...
NVD
CVE-2025-11159
25d ago
HIGH
CVE-2026-44301 (CVSS 8.1) — Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses No...
NVD
CVE-2026-44301
25d ago
HIGH
CVE-2026-42844 (CVSS 8.8) — Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user wit...
NVD
CVE-2026-42844
25d ago
INFO
Patch Tuesday, May 2026 Edition
Krebs
breaches
threat-actors
25d ago
HIGH
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
The Hacker News
supply-chain
breaches
malware
+19
20d ago
INFO
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
rss:darkreading
26d ago
INFO
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
rss:darkreading
25d ago
INFO
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
The Hacker News
24d ago
INFO
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
The Hacker News
24d ago
INFO
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
The Hacker News
22d ago
INFO
Can Laws Stop Deepfakes? South Korea Aims to Find Out
rss:darkreading
20d ago
INFO
Processes and Culture Top Reasons Behind Data Breaches
rss:darkreading
17d ago
INFO
When Identity is the Attack Path
The Hacker News
16d ago
INFO
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The Hacker News
16d ago
INFO
Meta settles school district lawsuit claiming addictive design harmed students' mental health
The Record
15d ago
INFO
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
The Hacker News
14d ago
INFO
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
The Hacker News
12d ago
INFO
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Hacker News
12d ago
INFO
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
SecurityWeek
10d ago
INFO
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
SecurityWeek
8d ago
INFO
California AG sues 23andMe over 2023 breach exposing health data
BleepingComputer
8d ago
INFO
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
SecurityWeek
3d ago
INFO
Chrome 149 Patches 429 Vulnerabilities
SecurityWeek
1d ago
INFO
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The Record
1d ago
MEDIUM
CVE-2026-42191 (CVSS 6.5) — OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implement...
NVD
CVE-2026-42191
25d ago
HIGH
CVE-2026-34653 (CVSS 8.7) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34653
25d ago
HIGH
CVE-2026-34652 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34652
25d ago
HIGH
CVE-2026-34651 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34651
25d ago
HIGH
CVE-2026-34650 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34650
25d ago
HIGH
CVE-2026-34649 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34649
25d ago
HIGH
CVE-2026-34648 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34648
25d ago
HIGH
CVE-2026-34647 (CVSS 7.4) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34647
25d ago
HIGH
CVE-2026-34646 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34646
25d ago
HIGH
CVE-2026-34645 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD
CVE-2026-34645
25d ago
CRITICAL
CVE-2026-44343 (CVSS 9.8) — WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities aff...
NVD
CVE-2026-44343
25d ago
HIGH
CVE-2026-44166 (CVSS 7.6) — Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situati...
NVD
CVE-2026-44166
25d ago
HIGH
CVE-2026-42831 (CVSS 7.8) — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local...
NVD
CVE-2026-42831
25d ago
MEDIUM
CVE-2026-42348 (CVSS 5.9) — OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when ...
NVD
CVE-2026-42348
25d ago
HIGH
CVE-2026-40420 (CVSS 8.8) — Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate pr...
NVD
CVE-2026-40420
25d ago
HIGH
CVE-2026-40419 (CVSS 7.8) — Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
NVD
CVE-2026-40419
25d ago
HIGH
CVE-2026-40418 (CVSS 7.8) — Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges ...
NVD
CVE-2026-40418
25d ago
HIGH
CVE-2026-40417 (CVSS 7.8) — Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges...
NVD
CVE-2026-40417
25d ago
CRITICAL
CVE-2026-40379 (CVSS 9.3) — Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized ...
NVD
CVE-2026-40379
25d ago
HIGH
CVE-2026-40367 (CVSS 8.4) — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co...
NVD
CVE-2026-40367
25d ago
HIGH
CVE-2026-40366 (CVSS 8.4) — Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
NVD
CVE-2026-40366
25d ago
HIGH
CVE-2026-40364 (CVSS 8.4) — Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una...
NVD
CVE-2026-40364
25d ago
HIGH
CVE-2026-40363 (CVSS 8.4) — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local...
NVD
CVE-2026-40363
25d ago
HIGH
CVE-2026-40362 (CVSS 7.8) — Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code...
NVD
CVE-2026-40362
25d ago
HIGH
CVE-2026-40361 (CVSS 8.4) — Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
NVD
CVE-2026-40361
25d ago
HIGH
CVE-2026-40360 (CVSS 7.8) — Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information...
NVD
CVE-2026-40360
25d ago
HIGH
CVE-2026-40359 (CVSS 7.8) — Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
NVD
CVE-2026-40359
25d ago
HIGH
CVE-2026-40358 (CVSS 8.4) — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
NVD
CVE-2026-40358
25d ago
HIGH
CVE-2026-35438 (CVSS 8.3) — Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges ov...
NVD
CVE-2026-35438
25d ago
HIGH
CVE-2026-35436 (CVSS 8.8) — Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized att...
NVD
CVE-2026-35436
25d ago
INFO
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
The Hacker News
supply-chain
breaches
malware
25d ago
HIGH
CVE-2026-32687 (CVSS 7.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
NVD
CVE-2026-32687
25d ago
INFO
Hugging Face Packages Weaponized With a Single File Tweak
rss:darkreading
breaches
malware
threat-actors
25d ago
INFO
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
The Hacker News
supply-chain
breaches
malware
25d ago
INFO
20 Leaders Who Built the CISO Era: 2 Decades of Change
rss:darkreading
breaches
malware
threat-actors
25d ago
HIGH
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
The Hacker News
supply-chain
breaches
malware
+81
19d ago
INFO
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
rss:cisa-advisories
25d ago
INFO
Fuji Electric Tellus
rss:cisa-advisories
25d ago
INFO
ABB AC500 V3 Multiple Vulnerabilities
rss:cisa-advisories
25d ago
INFO
Subnet Solutions PowerSYSTEM Center
rss:cisa-advisories
25d ago
INFO
ABB Automation Builder Gateway for Windows
rss:cisa-advisories
25d ago
INFO
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
rss:cisa-advisories
25d ago
INFO
Siemens Siemens ROS#
rss:cisa-advisories
23d ago
INFO
Siemens gWAP
rss:cisa-advisories
23d ago
INFO
Siemens SIMATIC
rss:cisa-advisories
23d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories
23d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories
23d ago
INFO
Siemens Simcenter Femap
rss:cisa-advisories
23d ago
INFO
Universal Robots Polyscope 5
rss:cisa-advisories
23d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories
23d ago
INFO
Siemens Teamcenter
rss:cisa-advisories
23d ago
INFO
Siemens Solid Edge
rss:cisa-advisories
23d ago
INFO
Siemens SENTRON 7KT PAC1261 Data Manager
rss:cisa-advisories
23d ago
INFO
Siemens Opcenter RDnL
rss:cisa-advisories
23d ago
INFO
Siemens Ruggedcom Rox
rss:cisa-advisories
23d ago
INFO
Siemens Industrial Devices
rss:cisa-advisories
23d ago
INFO
Siemens SIMATIC S7 PLC Web Server
rss:cisa-advisories
23d ago
INFO
Siemens SIPROTEC 5
rss:cisa-advisories
23d ago
INFO
Siemens SIMATIC
rss:cisa-advisories
23d ago
INFO
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
The Hacker News
21d ago
INFO
Kieback & Peter DDC Building Controllers
rss:cisa-advisories
18d ago
INFO
Siemens RUGGEDCOM APE1808 Devices
rss:cisa-advisories
18d ago
INFO
ABB CoreSense HM and CoreSense M10
rss:cisa-advisories
18d ago
INFO
ScadaBR
rss:cisa-advisories
18d ago
INFO
ZKTeco CCTV Cameras
rss:cisa-advisories
18d ago
INFO
CISA Exposes Secrets, Credentials in 'Private' Repo
rss:darkreading
18d ago
INFO
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
The Hacker News
18d ago
INFO
GitHub investigates internal repositories breach claimed by TeamPCP
BleepingComputer
18d ago
INFO
GitHub confirms breach of 3,800 repos via malicious VSCode extension
BleepingComputer
18d ago
INFO
Schnieider Electric EcoStruxure Machine Expert HVAC (SEVD-2026-132-01)
rss:cisa-advisories
17d ago
INFO
Senator presses CISA for answers about alleged GitHub repository leak
The Record
17d ago
INFO
GitHub confirms being hacked by TeamPCP, says customer data unaffected
The Record
17d ago
INFO
Grafana breach caused by missed token rotation after TanStack attack
BleepingComputer
17d ago
INFO
GitHub Confirms Breach, 4K Internal Repos Stolen
rss:darkreading
17d ago
INFO
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
The Hacker News
17d ago
INFO
GitHub links repo breach to TanStack npm supply-chain attack
BleepingComputer
17d ago
INFO
ABB Terra AC Wallbox
rss:cisa-advisories
16d ago
INFO
ABB B&R Automation Studio
rss:cisa-advisories
16d ago
INFO
ABB B&R Automation Runtime
rss:cisa-advisories
16d ago
INFO
ABB B&R PCs
rss:cisa-advisories
16d ago
INFO
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
SecurityWeek
16d ago
INFO
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
The Hacker News
15d ago
INFO
CISA Security Leak
rss:schneier
15d ago
INFO
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Krebs
15d ago
INFO
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
The Hacker News
14d ago
INFO
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
The Hacker News
14d ago
INFO
Laravel Lang packages hijacked to deploy credential-stealing malware
BleepingComputer
14d ago
INFO
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
SecurityWeek
13d ago
INFO
ABB Terra AC
rss:cisa-advisories
11d ago
INFO
ABB LVS MConfig
rss:cisa-advisories
11d ago
INFO
ABB Ability Camera Connect
rss:cisa-advisories
11d ago
INFO
Eppendorf BioFlo 320
rss:cisa-advisories
11d ago
INFO
ABB AbilityTM Zenon Remote Transport Vulnerability
rss:cisa-advisories
11d ago
INFO
ABB AC500 V2
rss:cisa-advisories
11d ago
INFO
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
rss:cisa-advisories
11d ago
INFO
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
rss:darkreading
11d ago
INFO
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
The Hacker News
10d ago
INFO
ABB EIBPORT
rss:cisa-advisories
9d ago
INFO
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
rss:cisa-advisories
9d ago
INFO
ABB Busch-Welcome 2 Wire Door Opener Actuator
rss:cisa-advisories
9d ago
INFO
Fourth Frontier Frontier X Mobile Application, Frontier X2
rss:cisa-advisories
9d ago
INFO
CP Plus 8 Ch. Network Video Recorder
rss:cisa-advisories
9d ago
INFO
XCharge C6
rss:cisa-advisories
9d ago
INFO
KMW CCTV Security Cameras
rss:cisa-advisories
9d ago
INFO
MacGregor Voyage Data Recorder (VDR) G4e
rss:cisa-advisories
9d ago
INFO
Supply Chain Compromises Impact Nx Console and GitHub Repositories
rss:cisa-advisories
9d ago
INFO
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
The Hacker News
9d ago
INFO
Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more
The Record
8d ago
INFO
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
The Hacker News
6d ago
INFO
Red Hat removes tainted packages after software pipeline compromise
The Record
4d ago
INFO
VS Code zero-day lets hackers steal GitHub tokens in one click
BleepingComputer
4d ago
INFO
NAVTOR NavBox
rss:cisa-advisories
2d ago
INFO
Hitachi Energy MACH HiDraw
rss:cisa-advisories
2d ago
INFO
Hitachi Energy ITT600 Explorer
rss:cisa-advisories
2d ago
INFO
B&R PPT30 Operating System
rss:cisa-advisories
2d ago
INFO
Hitachi Energy RTU500
rss:cisa-advisories
2d ago
INFO
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
The Hacker News
2d ago
Prev
Page 32 / 44
Next
INFO
rss:darkreading
Wed, 13 May 2026 21:09:20 UTC
✕ Dismiss
Attackers Weaponize RubyGems for Data Dead Drops
https://www.darkreading.com/application-security/attackers-weaponize-rubygems-data-dead-drops
TL;DR
Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective.
breaches
malware
threat-actors
supply-chain
Read full story ↗
Related coverage (2)
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
The Hacker News
25d ago
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
The Hacker News
25d ago