Trellix discloses data breach after source code repository hack
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. According to an official statement updated on Monday, the company is now investigating the incident. READ MORE...
DigiCert breached via malicious screensaver file
A targeted social engineering attack against DigiCert's support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert's incident report, a threat actor contacted the support team via a customer chat channel and delivered a malicious ZIP file. READ MORE...
ShinyHunters claims dump puts 119K Vimeo emails in the wild
More than 119,000 Vimeo users's email addresses were extracted in a breach traced to a third-party analytics vendor, according to Have I Been Pwned. The incident first surfaced in April when the ShinyHunters crew added Vimeo to its growing "pay or leak" hit list, claiming it had pulled hundreds of gigabytes of data and threatening to dump the lot unless a deal was struck. That dump has since landed, and Have I Been Pwned now puts a number on at least part of the fallout. READ MORE...
Karakurt extortion gang 'cold case' negotiator gets 8.5 years in prison
A Latvian national extradited to the United States was sentenced to 8.5 years in prison for his "cold case" negotiator role in the Russian Karakurt ransomware group. 35-year-old Deniss Zolotarjovs (?????? ??????????) of Moscow, Russia, was arrested in Georgia, Eastern Europe, in December 2023, and pleaded guilty in July 2025 to conspiracy to commit wire fraud and money laundering charges filed against him in August 2024 after he was transferred to U.S. custody. READ MORE...
Update WhatsApp now: Two new flaws could expose you to malicious files
Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities. WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. These bugs don't automatically infect devices, but they lower the barrier for social engineering and could be chained with other vulnerabilities for more serious attacks. READ MORE...
Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
Apache on Monday released patches for over a dozen vulnerabilities in HTTP Server and MINA, including critical and high-severity issues that could be exploited for remote code execution (RCE). Apache HTTP Server 2.4.67 was released with fixes for 11 vulnerabilities, 10 of which affect all previous releases. The first is CVE-2026-23918, a double-free and possible RCE bug in the HTTP/2 protocol handling. READ MORE...
Critical Remote Code Execution Vulnerability Patched in Android
Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for remote code execution. The flaw, tracked as CVE-2026-0073, affects Android's System component, allowing an attacker to exploit it to execute code as the shell user without additional execution privileges. User interaction is not required for exploitation. The advisory reveals that the issue impacts 'adbd' (Android Debug Bridge daemon). READ MORE...
'Copy Fail' is a real Linux security crisis wrapped in AI slop
Attackers are actively exploiting a Linux vulnerability in the wild, and researchers warn that the fallout could be broad - anyone with authenticated local access can leverage it to gain total control of a system. But the story behind CVE-2026-31431 is almost as interesting as the bug itself. Theori, the company that discovered the bug, leaned heavily on AI to find and initially disclose it. READ MORE...
How the Story of a USB Penetration Test Went Viral
Two decades ago Dark Reading posted its first blockbuster - a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author Steve Stasiukonis, Dark Reading senior editor Becky Bracken, and Dark Reading's editor-in-chief Kelly Jackson Higgins. READ MORE...
New MOVEit vulnerabilities prompt urgent patch warning
Hackers could exploit vulnerabilities in Progress Software's MOVEit Automation tool to improperly access businesses' data, the software maker said in a recent advisory. Exploitation of the two flaws - an authentication-bypass vulnerability tracked as CVE-2026-4670 and a privilege-escalation vulnerability tracked as CVE-2026-5174 - could "lead to unauthorized access, administrative control, and data exposure," according to Progress Software's advisory. READ MORE...
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
A critical authentication bypass flaw in cPanel software products has come under heavy exploitation from a variety of threat actors shortly after public disclosure, putting millions of websites at risk via tens of thousands of compromised instances. On April 28, the software vendor, which specializes in Web hosting control-panel software, issued a security update to address a vulnerability affecting all supported versions of cPanel, WebHost Manager (WHM), and WP Squared products. READ MORE...
- ...in 1816, John Keats' first published poem, "O Solitude" , appears in The London Examiner.
- ...in 1904, Cy Young throws a perfect game against the Philadelphia Athletics in Boston, MA.
- ...in 1943, comedic actor Michael Palin from "Monty Python's Flying Circus" is born in Sheffield, England.
- ...in 1961, Alan Shepard becomes the first American in space when his Freedom 7 craft achieves Earth orbit.
