Fraud Tracker

Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party …

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this …

After some delay, Apple has patched the vulnerabilities associated with the DarkSword exploit chain for all affected customers, even those who aren’t …

Dark Reading’s Becky Bracken: Hello everybody and welcome back to Dark Reading Confidential. It’s a podcast from the editors of Dark Reading, …

QUESTION: Are we training AI too late? Nishawn Smagh, Director of Intelligence at GreyNoise: Artificial intelligence anchors modern security operations. Detection models …

AI is forcing organizations to rethink how trust is established and managed. Speaking with Dark Reading News Desk, Amit Sinha explains that …

Two disparate industries, manufacturing and healthcare, share several weaknesses that lead to significant security gaps, especially in password hygiene. To address in …

Attackers are now actively exploiting a critical vulnerability in Fortinet’s FortiClient EMS platform, according to threat intelligence company Defused. Tracked as CVE-2026-21643, …

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section …

Coruna, a high-grade mobile exploit kit armed with zero-day vulnerabilities for high-level espionage efforts, turns out to have links to 2023’s Operation …

The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn’t …

Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. TikTok Business …

Citrix has patched two vulnerabilities affecting NetScaler ADC networking appliances and NetScaler Gateway secure remote access solutions, one of which is very similar …

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads …

A threat actor is systematically targeting cloud credentials, SSH keys, authentication tokens, and other sensitive secrets stored in automated enterprise software build …

The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps …

Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized …

Google has announced a new mechanism in Android called Advanced Flow, which will allow sideloading APKs from unverified developers for power users …

A United Nations-sponsored plan has drawn a collection of major businesses into cooperating to boost efforts to combat rampant online fraud, and …

Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. …

Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. …

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on …

Broadcom’s acquisition of VMware in 2023 set off a wave of migrations that shows no signs of subsiding. But moving from VMware …

The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious …

Nonprofits work to provide free or reduced cost aid, education, and essential resources throughout communities worldwide, but they often struggle to meet …

Loblaw Companies Limited (Loblaw), the largest food and pharmacy retailer in Canada, announced that hackers breached a portion of its IT network …

WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups …

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named …

Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. The feature is …

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks …