Security Bulletin

The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.25.1.

The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.

The Oncology Institute disclosed on May 20, 2026, that Kroll, a third-party administrator for an unnamed vendor, detected unauthorized access to systems that may have affected patient data.

The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 within the ImageIO framework and potentially CVE-2025-55177, to gain unauthorized access to WhatsApp sessions.

RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader.

A user on a cybercrime forum is selling a database of 340 million records allegedly linked to OnlyFans users for approximately $76,000.

The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.0 through 6.19.0, allowing unauthenticated attackers to steal admin API keys.

Quantum threats are driving the need for post-quantum cryptography across the network stack, as attackers can capture encrypted data today and decrypt it in the future. Discover how Cisco full-stack PQC helps protect both devices and data.

Cisco's 2026 Segmentation Report analyzes 400 failed segmentation projects and identifies four distinct patterns of failure — and what teams can do about them

The co-founder and former editor-in-chief passed away five years ago in November. As Dark Reading enters is third decade, we pause to celebrate and honor Wilson's instrumental role in building and elevating the media site.