Switch View
© Sector News
04.02.2026
CVE-2025-14321
News Preview
Currently trending CVE - Hype Score: 8 - Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2025-64328
News Preview
Currently trending CVE - Hype Score: 7 - FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known ...
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2025-0921
News Preview
Currently trending CVE - Hype Score: 1 - Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric ...
© CVE Monitor 2026
Worth to know
20.10.2025
Short Selling Radar
USA, Europe, Asia
Track Short Selling Activities worldwide
Knowing what matters
Short sale statistics, hedge fund activities and much more user-friendly information
© Sector News
04.02.2026
Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
News Preview
Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems.
The tech giant's AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdo...
© HackerNews 2026
Swarmalpha i/o · The Event Futures Prediction X
23.01.2026
© Sector News
04.02.2026
CISA: VMware ESXi flaw now exploited in ransomware attacks
News Preview
CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was used in zero-day attacks since at least February 2024. [...]
© BleepingComputer 2026
© Sector News
04.02.2026
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
News Preview
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT.
"The attack leverages IPFS-hosted VHD files, extreme script obfu...
© HackerNews 2026
© Sector News
04.02.2026
CVE-2024-54529
News Preview
Currently trending CVE - Hype Score: 8 - A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.
© CVE Monitor 2026
© Sector News
04.02.2026
CVE-2019-19006
News Preview
Currently trending CVE - Hype Score: 6 - Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
© CVE Monitor 2026
© Sector News
04.02.2026
CISA warns of five-year-old GitLab flaw exploited in attacks
News Preview
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. [...]
© BleepingComputer 2026
© Sector News
04.02.2026
The Double-Edged Sword of Non-Human Identities
News Preview
Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. [...]
© BleepingComputer 2026
© Sector News
04.02.2026
EDR killer tool uses signed kernel driver from forensic software
News Preview
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. [...]
© BleepingComputer 2026
© Sector News
04.02.2026
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
News Preview
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.
Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosys...
© HackerNews 2026
Advertisment
20.10.2025
© Sector News
04.02.2026
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
News Preview
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. [...]
© BleepingComputer 2026
© Sector News
04.02.2026
Extra Extra! Announcing DR Global Latin America
News Preview
Dark Reading has something new hitting the newsstand: a content section purpose-built for Latin American readers, featuring news, analysis, features, and multimedia.
© Dark Reading 2026
© Sector News
04.02.2026
Big Breach or Smooth Sailing? Mexican Gov't Faces Leak Allegations
News Preview
A hacktivist group claims a 2.3-terabyte data breach exposes the information of 36 million Mexicans, but no sensitive accounts are at risk, says government.
© Dark Reading 2026
© Sector News
04.02.2026
Microsoft rolls out native Sysmon monitoring in Windows 11
News Preview
Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. [...]
© BleepingComputer 2026
© Sector News
04.02.2026
Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
News Preview
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls.
The Challenge: Identity Lives Outside the Identity Stack
Identity and access management tools were built to govern users and directories.
Modern enterprises run on applications. Over time, identity logic has moved into application code, A...
© HackerNews 2026
© Sector News
04.02.2026
Owner of Incognito dark web drugs market gets 30 years in prison
News Preview
A Taiwanese man was sentenced to 30 years in prison for operating Incognito Market, one of the world's largest online narcotics marketplaces that sold over $105 million worth of illegal drugs to customers worldwide. [...]
© BleepingComputer 2026
© Sector News
04.02.2026
Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
News Preview
Attackers could even have used one vulnerable Lookout user to gain access to other GCP tenants' environments.
© Dark Reading 2026
© Sector News
04.02.2026
The First 90 Seconds: How Early Decisions Shape Incident Response Investigations
News Preview
Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete.
I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations t...
© HackerNews 2026
© Sector News
04.02.2026
CVE-2025-43529
News Preview
Currently trending CVE - Hype Score: 1 - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to ...
© CVE Monitor 2026
© Sector News
04.02.2026
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
News Preview
Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale.
The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using soci...
© HackerNews 2026
© Sector News
04.02.2026
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
News Preview
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.
The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't en...
© HackerNews 2026
© Sector News
04.02.2026
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
News Preview
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks.
The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vu...
© HackerNews 2026
© Sector News
04.02.2026
Coinbase confirms insider breach linked to leaked support tool screenshots
News Preview
Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
News Preview
APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.
© Dark Reading 2026
© Sector News
03.02.2026
Step Finance says compromised execs' devices led to $40M crypto theft
News Preview
Step Finance announced that it lost $40 million worth of digital assets after hackers compromised devices belonging to the company's team of executives. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
GlassWorm Malware Returns to Shatter Developer Ecosystems
News Preview
The self-replicating malware has poisoned a fresh set of Open VSX software components, leaving potential downstream victims with infostealer infections.
© Dark Reading 2026
© Sector News
03.02.2026
Wave of Citrix NetScaler scans use thousands of residential proxies
News Preview
A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of residential proxies to discover login panels. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
CVE-2023-27350
News Preview
Currently trending CVE - Hype Score: 3 - This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-49825
News Preview
Currently trending CVE - Hype Score: 3 - Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-6218
News Preview
Currently trending CVE - Hype Score: 3 - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-61984
News Preview
Currently trending CVE - Hype Score: 1 - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration ...
© CVE Monitor 2026
© Sector News
03.02.2026
CISA flags critical SolarWinds RCE flaw as exploited in attacks
News Preview
CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
AI May Supplant Pen Testers, But Oversight & Trust Are Not There Yet
News Preview
Crowdsourced bug bounties and pen-testing firms see AI agents stealing the low-hanging vulnerabilities from their human counterparts. Oversight remains key.
© Dark Reading 2026
© Sector News
03.02.2026
Iron Mountain: Data breach mostly limited to marketing materials
News Preview
Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
News Preview
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data.
The critical vulnerability has been codenamed DockerDash by cybe...
© HackerNews 2026
© Sector News
03.02.2026
8-Minute Access: AI Accelerates Breach of AWS Environment
News Preview
The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges.
© Dark Reading 2026
© Sector News
03.02.2026
Dark Patterns Undermine Security, One Click at a Time
News Preview
People trust organizations to do the right thing, but some websites and apps have user interfaces that ultimately lead to inadequate security.
© Dark Reading 2026
© Sector News
03.02.2026
CVE-2025-37947
News Preview
Currently trending CVE - Hype Score: 2 - In the Linux kernel, the following vulnerability has been resolved:
ksmbd: prevent out-of-bounds stream writes by validating *pos
ksmbd_vfs_stream_write() did not validate whether the write offset
(*pos) was within the bounds of the existing stream data length (v_len).
If *pos ...
© CVE Monitor 2026
© Sector News
03.02.2026
AI Agent Identity Management: A New Security Control Plane for CISOs
News Preview
Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
UK privacy watchdog probes Grok over AI-generated sexual images
News Preview
The United Kingdom's data protection authority launched a formal investigation into X and its Irish subsidiary over reports that the Grok AI assistant was used to generate nonconsensual sexual images. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate
News Preview
Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress.
Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their weight. The result? Bloated stacks, missed signals, a...
© HackerNews 2026
© Sector News
03.02.2026
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
News Preview
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package.
Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote ...
© HackerNews 2026
© Sector News
03.02.2026
Hackers exploit critical React Native Metro bug to breach dev systems
News Preview
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
French prosecutors raid X offices, summon Musk over Grok deepfakes
News Preview
French prosecutors have raided X's offices in Paris on Tuesday as part of a criminal investigation into the platform's Grok AI tool, widely used to generate sexually explicit images. [...]
© BleepingComputer 2026
© Sector News
03.02.2026
CVE-2025-69662
News Preview
Currently trending CVE - Hype Score: 2 - SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2025-14554
News Preview
Currently trending CVE - Hype Score: 1 - The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible ...
© CVE Monitor 2026
© Sector News
03.02.2026
CVE-2024-28397
News Preview
Currently trending CVE - Hype Score: 1 - An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
© CVE Monitor 2026
© Sector News
03.02.2026
When Cloud Outages Ripple Across the Internet
News Preview
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted applications and workflows that many organizations rely on ...
© HackerNews 2026
© Sector News
03.02.2026
CVE-2025-71180
News Preview
Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved:
counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as
CONFIG_PROVE_RAW_LOCK_NESTING warns:
=============================
[ BUG: Invalid wait ...
© CVE Monitor 2026
© Sector News
03.02.2026
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
News Preview
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.
Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting us...
© HackerNews 2026
© Sector News
03.02.2026
Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox
News Preview
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features.
"It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said. "You can also review and manage indivi...
© HackerNews 2026
© Sector News
03.02.2026
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
News Preview
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.
The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findi...
© HackerNews 2026
© Sector News
02.02.2026
Attackers Harvest Dropbox Logins Via Fake PDF Lures
News Preview
A malware-free phishing campaign targets corporate inboxes and asks employees to view "request orders," ultimately leading to Dropbox credential theft.
© Dark Reading 2026
© Sector News
02.02.2026
New GlassWorm attack targets macOS via compromised OpenVSX extensions
News Preview
A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. [...]
© BleepingComputer 2026
© Sector News
02.02.2026
County Pays $600K to Wrongfully Jailed Pen Testers
News Preview
Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises.
© Dark Reading 2026
© Sector News
02.02.2026
Russian hackers exploit recently patched Microsoft Office bug in attacks
News Preview
Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. [...]
© BleepingComputer 2026
© Sector News
02.02.2026
CVE-2025-40536
News Preview
Currently trending CVE - Hype Score: 1 - SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.
© CVE Monitor 2026
© Sector News
02.02.2026
Chinese Hackers Hijack Notepad++ Updates for 6 Months
News Preview
State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.
© Dark Reading 2026
