Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
Dark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn…
Cyber Security
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340…
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
Drupal has issued an alert stating that it intends to release a “core security release” for all supported branches on…
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited…
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio…
Why Your Clients’ Routers Are Now a National Security Conversation
You now have five important reasons to start a router security conversation with your small business clients this week, especially…
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious…
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the…
Is 2026 the Year AI Bills of Materials Get Real?
Understanding AI BOMs and where they fit into risk management for artificial intelligence.
Microsoft Exchange Zero-Day Under Attack, No Patch Available
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.