Student hacked Taiwan high-speed rail to trigger emergency brakes
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). [...]
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). [...]
A former Maryland hospital pharmacist who is alleged to have engaged in a multi-year cyber spying campaign is facing up […] The post Former Maryland Pharmacist Indicted Over 8-Year Cyber Spying Campaign appeared first on The HIPAA Journal.
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score…
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital cert…
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the…
Urgent Action Required by MOVEit Automation Users The HIPAA Journal
Progress Software has issued a warning to customers about a critical authentication bypass vulnerability within the MOVEit Automation application. MOVEit […] The post Urgent Action Required by MOVEit Automation Users appeared first on The HIPAA Journal.
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls…
Two decades ago Dark Reading posted its first blockbuster — a story from a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making column with its author Steve Stasiukonis,…
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could …
A CISA incluiu uma vulnerabilidade zero day do kernel Linux em seu catálogo de falhas exploradas, após confirmar uso ativo da brecha em ataques. A falha é rastreada como CVE-2026-31431 e recebeu o apelido de “Copy Fail”. O problema tem pontuação CVSS 7.8, classificada como alta, …
A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…
A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his "cold case" negotiator role in the Russian Karakurt ransomware group. [...]
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. [...]
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of …
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. [...]
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code exe…
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, obse…
A desenvolvedora Progress publicou ontem um aviso sobre uma vulnerabilidade crítica no MOVEit Automation, que permite que um atacante ignore a autenticação e obtenha acesso não autorizado ao sistema. A falha, registrada como CVE-2026-4670 (detalhes de gravidade CVSS não informado…