Dark Reading

Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail Systems

A Taiwanese student experimenting with software-defined radio shut down three bullet trains for nearly an hour, leading to an ...
Cybernews

GitHub confirms breach after hackers put stolen source code up for sale

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Hackers bypass SonicWall VPN MFA due to incomplete patching

Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

Digi International Launches Digi Connect EZ TS Serial Device Servers, Enabling Secure Transition to Modern IP Networks

Digi International Launches Digi Connect EZ TS Serial Device Servers, Enabling Secure Transition to Modern IP Networks ...
The Hacker NewsOpinion

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Weekly ThreatsDay Bulletin: supply chain attacks, fake support lures, AI tampering, data leaks, ransomware, and exploited ...
Microsoft

How Storm-2949 turned a compromised identity into a cloud-wide breach

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...
The Hacker News

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive ...
cybernews

Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by millions

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...