Latest IntelligencePage 66
Search by keyword →New BitUnlocker Downgrade Attack on Windows 11 Allows Access to Encrypted Disks Within 5 Minutes
A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers with physical access to decrypt...
Hackers Abuse CVE-2026-41940 to Take Over cPanel and WHM Servers
A fatal authentication bypass vulnerability is actively affecting cPanel and WebHost Manager (WHM) servers worldwide. Tracked as CVE-2026-41940 and bearing an a...
84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials
A significant supply-chain compromise affecting 84 npm package artifacts across the TanStack namespace. The malicious versions, published to the npm registry at...
GM agrees to $12.75M California settlement over sale of drivers’ data
California Attorney General Rob Bonta announced a proposed $12.75 million settlement agreement with General Motors (GM) over allegations that the company violat...
Official CheckMarx Jenkins package compromised with infostealer
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...
New GhostLock tool abuses Windows API to block file access
A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block...
FCC Softens Ban on Foreign-Made Routers
The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place....
Tech Can't Stop These Threats — Your People Can
Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense....
20 Leaders Who Built the CISO Era: 2 Decades of Change
As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise...
California hits GM with record $12.75M fine for selling driver location data
California Attorney General Rob Bonta and a coalition of state prosecutors have secured a $12.75 million settlement with General Motors over the automaker’s col...
FCC moves to impose “Know Your Customer” rules for VoIP providers
The Federal Communications Commission (FCC) has proposed stricter “Know Your Customer” (KYC) requirements for voice service providers as part of a broader effor...
Frame Security Emerges From Stealth With $50M for Awareness and Training Platform
Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security. The post Frame Security Emerges From Stealth With $50M...
Google says cybercriminals used AI to develop zero-day exploit
Google Threat Intelligence Group (GTIG) says it has identified what it believes is the first known case of cybercriminals using artificial intelligence to help ...
Popular Go Library fsnotify Raises Supply Chain Alarms After Maintainer Access Changes
A widely used Go library called fsnotify has found itself at the center of a supply chain security scare after a sudden change in maintainer access triggered al...
Google Warns of Hackers Using AI to Create Working Zero-Day Exploit
Google Threat Intelligence Group recently published an alarming report detailing the rapid industrialization of generative artificial intelligence in adversaria...
Hackers Use PlugX-Like DLL Sideloading Chain in Fake Claude Malware Campaign
Cybercriminals are getting creative with how they lure victims into downloading malware, and a new campaign involving a fake version of Anthropic’s Claude...
Instructure confirms hackers used Canvas flaw to deface portals
Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message...
Hackers Use Fake DeepSeek TUI GitHub Repositories to Deliver Malware
Hackers are once again targeting developers and AI enthusiasts by impersonating popular open-source tools on GitHub. This time, the target is DeepSeek TUI, a le...
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation....
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls A...