Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology

via SecurityWeek·7h ago

White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology

via SecurityWeek·10h ago

Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.

via Dark Reading·10h ago

How NIST's Cutback of CVE Handling Impacts Cyber Teams

Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.

via Dark Reading·10h ago

Payouts King ransomware uses QEMU VMs to bypass endpoint security

The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]

via BleepingComputer·10h ago

Payouts King ransomware uses QEMU VMs to bypass endpoint security

via BleepingComputer·10h ago

CoChat Launches AI Collaboration Platform to Combat Shadow AI

CoChat is fundamentally an AI collaboration platform designed for teamwork and to bring visibility and governance into enterprise AI shadows. The post CoChat Launches AI Collaboration Platform to Combat Shadow AI appeared first on SecurityWeek.

via SecurityWeek·13h ago

Every Old Vulnerability Is Now an AI Vulnerability

AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.

via Dark Reading·13h ago

Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops

In cybercrime markets, trust isn't assumed, it's verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. [...]

via BleepingComputer·16h ago

Grinex exchange blames "Western intelligence" for $13.7M crypto hack

Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. [...]

via BleepingComputer·16h ago

Sometimes changing the password on your email mailbox isnt enough

Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. Read more in my article on the Fortra blog.

via Graham Cluley·18h ago

Singer loses life savings to fake wallet downloaded from the Apple App Store

If you hold cryptocurrency, there's a very simple golden rule that you should always follow. Never hand over your seed phrase. Garrett Dutton, better known as G. Love - the front man of blues-hip-hop outfit G. Love & Special Sauce - has learnt that lesson the hard way. Read more in my article o

via Graham Cluley·18h ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun

via The Hacker News·18h ago

Webinar: From phishing to fallout Why MSPs must rethink both security and recovery

Cyberattacks are evolving faster than many MSP and corporate defenses can keep up, with phishing driving much of today's cybercrime. Join our upcoming webinar to learn how to combine security and recovery strategies to reduce risk and maintain business continuity. [...]

via BleepingComputer·18h ago

Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of Destruction Followed

Thursday’s discussion comes as leaders on Capitol Hill grapple with the dizzying pace of global developments in which technology plays a central role. The post Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed appeared first on SecurityWeek.

via SecurityWeek·19h ago

Another DraftKings Hacker Sentenced to Prison

Kamerin Stokes sold stolen credentials through an online marketplace even after pleading guilty to his role in the DraftKings attack. The post Another DraftKings Hacker Sentenced to Prison appeared first on SecurityWeek.

via SecurityWeek·19h ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Other noteworthy stories that might have slipped under the radar: ShinyHunters targets Rockstar Games, ShowDoc vulnerability exploited in the wild, and EPA to boost cybersecurity budget to $19 million. The post In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested appear

via SecurityWeek·19h ago

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to contact and location perm

via The Hacker News·19h ago

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. [...]

via BleepingComputer·19h ago

Two North Korean IT Worker Scheme Facilitators Jailed in the US

Kejia Wang and Zhenxing Wang compromised the identities of dozens of US persons to help land jobs at over 100 companies. The post Two North Korean IT Worker Scheme Facilitators Jailed in the US appeared first on SecurityWeek.

NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE

via The Hacker News·1d ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CVE-2026-34197 (CVSS s

via The Hacker News·1d ago

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains

via BleepingComputer·1d ago

ZionSiphon malware designed to sabotage water treatment systems

A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. [...]

via BleepingComputer·1d ago

OpenAI Widens Access to Cybersecurity Model After Anthropics Mythos Reveal

OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal

via SecurityWeek·1d ago

New Microsoft Defender RedSun zero-day PoC grants SYSTEM privileges

A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers. [...]

via BleepingComputer·1d ago

North Korea Uses ClickFix to Target macOS Users' Data

via Dark Reading·1d ago

via SecurityWeek·1d ago

Google expands Gemini AI use to fight malicious ads on its platform

Google says it is increasingly using its Gemini AI models to detect and block harmful ads on its advertising platforms, as scammers and threat actors continue to evolve their tactics to evade detection. [...]

Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle.

via Dark Reading·2d ago

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.

via Dark Reading·2d ago

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. [...]

WordPress plugin suite hacked to push malware to thousands of sites

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]

Navigating the Unique Security Risks of Asia's Digital Supply Chain

via Dark Reading·2d ago

Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure

via SecurityWeek·2d ago

Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now

via Dark Reading·2d ago

Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructur

via The Hacker News·2d ago

Signed software abused to deploy antivirus-killing scripts

A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. [...]

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

via The Hacker News·2d ago

Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests

Google, Meta, and Microsoft about half the time don't comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds.

via Dark Reading·2d ago

Rolling Networks: Securing the Transportation Sector

Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA's Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation. [...]

CISA flags Windows Task Host vulnerability as exploited in attacks

CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. [...]

100 Chrome Extensions Steal User Data, Create Backdoor

via SecurityWeek·2d ago

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three ar

via The Hacker News·2d ago

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaSc

via The Hacker News·3d ago

The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution. The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek.

via SecurityWeek·5d ago

via Graham Cluley·6d ago

ChatGPT rolls out new $100 Pro subscription to challenge Claude

OpenAI has rolled out a new Pro subscription that costs $100 and is in line with Claude's pricing, which also has a $100 subscription, in addition to the $200 Max monthly plan. [...]

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

Microsoft: Canadian employees targeted in payroll pirate attacks

via BleepingComputer·Apr 10, 2026

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenti

via The Hacker News·Apr 10, 2026

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

New VENOM phishing attacks steal senior executives' Microsoft logins

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]

via BleepingComputer·Apr 10, 2026

New LucidRook malware used in targeted attacks on NGOs, universities

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]

via BleepingComputer·Apr 10, 2026

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a L

via The Hacker News·Apr 9, 2026

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]

via BleepingComputer·Apr 9, 2026

When attackers already have the keys, MFA is just another door to open

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]

via BleepingComputer·Apr 9, 2026

Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities

via SecurityWeek·Apr 9, 2026

Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access

via SecurityWeek·Apr 9, 2026

Apple Intelligence AI Guardrails Bypassed in New Attack

via SecurityWeek·Apr 9, 2026

Can we Trust AI? No But Eventually We Must

From hallucinations and bias to model collapse and adversarial abuse, today’s AI is built on probability rather than truth, yet enterprises are deploying it at speed without fully understanding the risks. The post Can we Trust AI? No – But Eventually We Must appeared first on SecurityWeek.

via SecurityWeek·Apr 9, 2026

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX

via The Hacker News·Apr 9, 2026

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinki

via The Hacker News·Apr 9, 2026

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact ("In

via The Hacker News·Apr 9, 2026

The Hidden Security Risks of Shadow AI in Enterprises

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls a

via The Hacker News·Apr 9, 2026

Eurail says December data breach impacts 300,000 individuals

Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. [...]

via BleepingComputer·Apr 9, 2026

Webinar: From noise to signal - What threat actors are targeting next

Threat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming webinar with Flare Systems to learn how to turn those early warning signs into proactive defensive action before an intrusion begins. [...]

via BleepingComputer·Apr 9, 2026

$3.6 Million Stolen in Bitcoin Depot Hack

via SecurityWeek·Apr 9, 2026

300,000 People Impacted by Eurail Data Breach

In December 2025, hackers stole names and passport numbers from the European travel company’s network. The post 300,000 People Impacted by Eurail Data Breach appeared first on SecurityWeek.

via SecurityWeek·Apr 9, 2026

Adobe Reader Zero-Day Exploited for Months: Researcher

Reputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability. The post Adobe Reader Zero-Day Exploited for Months: Researcher appeared first on SecurityWeek.

via SecurityWeek·Apr 9, 2026

Hackers exploiting Acrobat Reader zero-day flaw since December

Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]

via BleepingComputer·Apr 9, 2026

Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot

via BleepingComputer·Apr 9, 2026

Microsoft suspends dev accounts for high-profile open source projects

Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. [...]

via BleepingComputer·Apr 9, 2026

Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long

Hackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict. The post Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long appeared first on SecurityWeek.

via SecurityWeek·Apr 9, 2026

Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers

Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.

via Dark Reading·Apr 9, 2026

Google: New UNC6783 hackers steal corporate Zendesk support tickets

via BleepingComputer·Apr 9, 2026

Smashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothing

LinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you're job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, California's crypto m

via Graham Cluley·Apr 9, 2026

Threat Actors Get Crafty With Emojis to Escape Detection

When 🤖 means "bot available," 🧰 signifies "toolkit," or 💰💰💰 translates to "big ransom," bad actors can evade filters and keep it all on the down-low.

via Dark Reading·Apr 9, 2026

Hackers use pixel-large SVG trick to hide credit card stealer

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]

Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyon

via The Hacker News·Apr 8, 2026

Fraud Rockets Higher in Mobile-First Latin America

Cyber-fraudsters move quickly from compromised devices to account takeover to funds transfer, shifting money before many financial institutions can react.

via Dark Reading·Apr 8, 2026

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object m

via The Hacker News·Apr 8, 2026

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of targeting a wide range

via The Hacker News·Apr 8, 2026

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. [...]

via BleepingComputer·Apr 8, 2026

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. [...]

via BleepingComputer·Apr 8, 2026

Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams

via Dark Reading·Apr 8, 2026

via SecurityWeek·Apr 7, 2026

Lies, Damned Lies, and Cybersecurity Metrics

via Dark Reading·Apr 7, 2026

Dark Reading's Kelly Jackson Higgins shares insights on the past, present, and future of cybersecurity after attending RSAC 2026 Conference.

via Dark Reading·Apr 7, 2026

Webinar Today: Why Automated Pentesting Alone Is Not Enough

via SecurityWeek·Apr 7, 2026

GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

via SecurityWeek·Apr 7, 2026

via Dark Reading·Apr 7, 2026

Fortinet Issues Emergency Patch for FortiClient Zero-Day

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.

via Dark Reading·Apr 7, 2026

Axios Attack Shows Social Complex Engineering Is Industrialized

The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns.

via Dark Reading·Apr 7, 2026

New GPUBreach attack enables system takeover via GPU rowhammer

A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]

via BleepingComputer·Apr 7, 2026

German authorities identify REvil and GangCrab ransomware bosses

The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]

OWASP GenAI Security Project Gets Update, New Tools Matrix

via Dark Reading·Apr 6, 2026

How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers

The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat act

via The Hacker News·Apr 6, 2026

Why Simple Breach Monitoring is No Longer Enough

Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]

via BleepingComputer·Apr 6, 2026

via BleepingComputer·Apr 4, 2026

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

via SecurityWeek·Apr 4, 2026

Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication

via Dark Reading·Apr 3, 2026

Evolution of Ransomware: Multi-Extortion Ransomware Attacks

Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. [...]

via BleepingComputer·Apr 3, 2026

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

via Dark Reading·Apr 3, 2026

via BleepingComputer·Apr 2, 2026

Bank Trojan 'Casbaneiro' Worms Through Latin America

via Dark Reading·Apr 2, 2026

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast. The list incl

via The Hacker News·Apr 2, 2026

Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime

Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...]

via BleepingComputer·Apr 2, 2026

Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense

A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short or long-term outages.

via Dark Reading·Apr 2, 2026

WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the targets are l

via The Hacker News·Apr 2, 2026

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fr

via The Hacker News·Apr 2, 2026

Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for more devices on April 1

via The Hacker News·Apr 2, 2026

Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished

A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 - and now sits on a fortune worth $400 million. There's just one small problem: the access codes were tucked inside his fishing rod case, which has mysteriously vanished. Or has it? Because thi

via Graham Cluley·Apr 2, 2026

Cyberattacks Intensify Pressure on Latin American Governments

Cyber threats across Latin America are increasingly targeting government systems, from disruptive attacks in Puerto Rico to a surge of probes against Colombia’s health sector.

via Dark Reading·Apr 1, 2026

🟣MalwareCRITICAL

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors, tracked as UAC-0255, sent ema

via The Hacker News·Apr 1, 2026

New DeepLoad Malware Dropped in ClickFix Attacks

The malware steals credentials, installs a malicious browser extension, and can spread via USB drives. The post New DeepLoad Malware Dropped in ClickFix Attacks appeared first on SecurityWeek.

via SecurityWeek·Apr 1, 2026

Venom Stealer MaaS Platform Commoditizes ClickFix Attacks

A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks.

via Dark Reading·Apr 1, 2026

Routine Access Is Powering Modern Intrusions, a New Threat Report Finds

Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. [...]

via BleepingComputer·Apr 1, 2026

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation Patch Released

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cr

via The Hacker News·Apr 1, 2026

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling re

via The Hacker News·Apr 1, 2026

Block the Prompt, Not the Work: The End of "Doctor No"

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years

via The Hacker News·Apr 1, 2026

Are We Training AI Too Late?

Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors.

via Dark Reading·Apr 1, 2026

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultquist, chief analyst

via The Hacker News·Apr 1, 2026

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Dont See It Coming)

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admi

via The Hacker News·Apr 1, 2026

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

via Dark Reading·Apr 1, 2026

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

via Dark Reading·Mar 31, 2026

Google's Vertex AI Has an Over-Privileged Problem

Palo Alto researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure.

via Dark Reading·Mar 31, 2026

PX4 Autopilot

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. The following versions of PX4 Autopilot are affected: Autopilot v1.16.0_SITL_latest_stable (CVE-2026-

via CISA Alerts·Mar 31, 2026

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia,

via The Hacker News·Mar 31, 2026

Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations

Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations.

via Dark Reading·Mar 31, 2026

Rethinking Vulnerability Management Strategies for Mid-Market Security

Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management.

via Dark Reading·Mar 31, 2026

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity

via The Hacker News·Mar 31, 2026

🔴BreachesCRITICAL

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access. The post Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks appeared first

via SecurityWeek·Mar 31, 2026

AI-Driven Code Surge Is Forcing a Rethink of AppSec

In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace.

via Dark Reading·Mar 31, 2026

Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains

Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocu

via The Hacker News·Mar 31, 2026

The AI Arms Race Why Unified Exposure Management Is Becoming a Boardroom Priority

The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challe

via The Hacker News·Mar 31, 2026

Lloyds Data Security Incident Impacts 450,000 Individuals

A faulty software update led to the exposure of mobile banking users’ transactions to other users of the application. The post Lloyds Data Security Incident Impacts 450,000 Individuals appeared first on SecurityWeek.

via SecurityWeek·Mar 31, 2026

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption

Google researchers have shown that breaking the encryption of Bitcoin and Ethereum requires 20x fewer qubits. The post Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption appeared first on SecurityWeek.

via SecurityWeek·Mar 31, 2026

Hacker charged with stealing $53 million from Uranium crypto exchange

U.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering the proceeds through a cryptocurrency mixer. [...]

via BleepingComputer·Mar 31, 2026

AI-Powered 'DeepLoad' Malware Steals Credentials, Evades Detection

The massive amount of junk code that hides the malware's logic from security scans was almost certainly generated by AI, researchers say.

via Dark Reading·Mar 31, 2026

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

LLMs can write complex Rego and Cedar code in seconds, but a single missing condition or hallucinated attribute can quietly dismantle your organization’s least-privilege security model. The post Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control appeared first on SecurityWeek.

via SecurityWeek·Mar 30, 2026

Storm Brews Over Critical, No-Click Telegram Flaw

The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists.

via Dark Reading·Mar 30, 2026

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures

via The Hacker News·Mar 30, 2026

3 SOC Process Fixes That Unlock Tier 1 Productivity

What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 m

via The Hacker News·Mar 30, 2026

How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking

AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype. [...]

via BleepingComputer·Mar 30, 2026

Apple adds macOS Terminal warning to block ClickFix attacks

Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. [...]

via BleepingComputer·Mar 30, 2026

Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare

Iran-linked hacking groups are turning to high-volume, low-impact cyberattacks, and AI is providing a boost. The post Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare appeared first on SecurityWeek.

via SecurityWeek·Mar 30, 2026

European Commission Reports Cyber Intrusion and Data Theft

The ShinyHunters hacker group claimed to have stolen over 350GB of information from European Commission cloud systems. The post European Commission Reports Cyber Intrusion and Data Theft appeared first on SecurityWeek.

via SecurityWeek·Mar 30, 2026

Huskeys Emerges From Stealth With $8 Million in Funding

The startup has built an edge security management (ESM) platform, an AI engine atop the entire edge security stack. The post Huskeys Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.

via SecurityWeek·Mar 30, 2026

Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

The state-sponsored group’s campaign has targeted government, higher education, financial, and legal entities, as well as think tanks. The post Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit appeared first on SecurityWeek.

via SecurityWeek·Mar 30, 2026

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilita

via The Hacker News·Mar 30, 2026

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and

via The Hacker News·Mar 30, 2026

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

The critical-severity flaw leaks application memory and can be exploited to obtain authenticated administrative session IDs. The post Exploitation of Fresh Citrix NetScaler Vulnerability Begins appeared first on SecurityWeek.

via SecurityWeek·Mar 30, 2026

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue. The post F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild appeared first on SecurityWeek.

via SecurityWeek·Mar 30, 2026

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK,

via The Hacker News·Mar 30, 2026

European Commission confirms data breach after Europa.eu hack

The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. [...]

via BleepingComputer·Mar 30, 2026

Critical Fortinet Forticlient EMS flaw now exploited in attacks

Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. [...]

via BleepingComputer·Mar 30, 2026

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website tha

via The Hacker News·Mar 28, 2026

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

The infection chain includes a fake CAPTCHA page, a Bash script, a Nuitka loader, and the Python-based infostealer. The post Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs appeared first on SecurityWeek.

via SecurityWeek·Mar 28, 2026

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to me

via The Hacker News·Mar 28, 2026

TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446

via The Hacker News·Mar 28, 2026

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVS

via The Hacker News·Mar 28, 2026

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

via The Hacker News·Mar 28, 2026

LeakNet ransomware: what you need to know

A ransomware gang that claims to be a group of "investigative journalists"? Meet LeakNet - the group using fake CAPTCHA pages to trick employees into hacking themselves. Read more in my article on the Fortra blog.

via Graham Cluley·Mar 28, 2026

Denver’s crosswalks hacked to broadcast anti-Trump messages

Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blog.

via Graham Cluley·Mar 28, 2026

How one man used 10,000 bots to steal $8,000,000 from music artists

A man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on the Hot for Security blog.

via Graham Cluley·Mar 28, 2026

Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie

A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot." Meanwhile, two people drive up to the entrance of the UK's nuclear submarin

via Graham Cluley·Mar 28, 2026

Critical CVSS 10.0 Flaw in WAGO Industrial Managed Switches Allows Full Device Takeover

CISA has issued an advisory for CVE-2026-3587, a maximum-severity hidden functionality vulnerability in WAGO industrial managed switches that lets unauthenticated remote attackers escape the CLI and fully compromise the device. Over 30 firmware/hardware combinations across critical infrastructure sectors are affected.

via CISA Alerts·Mar 28, 2026

PTC Windchill Product Lifecycle Management

## The Threat

via CISA Alerts·Mar 28, 2026

OpenCode Systems OC Messaging and USSD Gateway

## The Threat

via CISA Alerts·Mar 28, 2026

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets — named

via Krebs on Security·Mar 27, 2026

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language. Experts say the

via Krebs on Security·Mar 27, 2026

We Are At War

Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.  Introduction: One tech power to rule them all is a thing of the past  The relative safety, peace and pros

via The Hacker News·Mar 27, 2026

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software, includ

via The Hacker News·Mar 27, 2026

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors

via The Hacker News·Mar 27, 2026

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean

via The Hacker News·Mar 27, 2026

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March

via The Hacker News·Mar 27, 2026

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. [...]

via BleepingComputer·Mar 27, 2026

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending

via The Hacker News·Mar 17, 2026

CISA flags Wing FTP Server flaw as actively exploited in attacks

CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. [...]

via BleepingComputer·Mar 16, 2026

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses s

via CISA Alerts·Mar 16, 2026

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Storm-2561 is distributing fake VPN clients through SEO poisoning, deploying trojans, and stealing login information. The post Threat Actor Targeting VPN Users in New Credential Theft Campaign appeared first on SecurityWeek.

via SecurityWeek·Mar 16, 2026

China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation

The state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months. The post China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation appeared first on SecurityWeek.

via SecurityWeek·Mar 16, 2026

Security Firm Executive Targeted in Sophisticated Phishing Attack

The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages. The post Security Firm Executive Targeted in Sophisticated Phishing Attack appeared first on SecurityWeek.

via SecurityWeek·Mar 16, 2026

Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact

Broadcom, Bechtel, Estée Lauder, and Abbott Technologies are the only major companies that have yet to issue a public statement. The post Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact appeared first on SecurityWeek.

via SecurityWeek·Mar 16, 2026

Attackers Abuse LiveChat to Phish Credit Card, Personal Data

A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.

via Dark Reading·Mar 16, 2026

ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making

via The Hacker News·Mar 16, 2026

🟢ToolsHIGH

Why Security Validation Is Becoming Agentic

If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an automated pentesting product, in another. A vulnerability scanner feeding an attack surface management platform somewhere

via The Hacker News·Mar 16, 2026

Microsoft pulls Samsung app blocking Windows C: drive from Store

Microsoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and desktop models running Windows 11. [...]

via BleepingComputer·Mar 16, 2026

Shadow AI is everywhere. Here’s how to find and secure it.

Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern risky AI activity. [...]

via BleepingComputer·Mar 16, 2026

Microsoft Exchange Online outage blocks access to mailboxes

Microsoft is working to address an ongoing Exchange Online outage that is preventing customers from accessing their mailboxes and calendars. [...]

via BleepingComputer·Mar 16, 2026

UK’s Companies House confirms security flaw exposed business data

Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025. [...]

via BleepingComputer·Mar 16, 2026

Hacking Attempt Reported at Poland’s Nuclear Research Center

Initial evidence indicates Iran may be behind the attack, but officials admitted it could be a false flag.

via SecurityWeek·Mar 16, 2026

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign.

via SecurityWeek·Mar 16, 2026

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week. AAPM was introduced by Google i

via The Hacker News·Mar 16, 2026

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by L

via The Hacker News·Mar 16, 2026

Smashing Security podcast #457: How a cybersecurity boss framed his own employee

When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a

via Graham Cluley·Mar 16, 2026

OpenAI says ChatGPT ads are not rolling out globally for now

OpenAI told BleepingComputer that ChatGPT ads on Free and Go plans are not yet rolling out outside the United States, even though some users noticed references to ads in the updated privacy policy. [...]

via BleepingComputer·Mar 16, 2026

How hackers bypassed MFA with a $120 phishing kit – until a global takedown shut it down

In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA - one of the world's most prolific phishing-as-a-service platforms - has been dismantled.

via Graham Cluley·Mar 15, 2026

Twitter suspended 800 million accounts last year – so why does manipulation remain so rampant?

Elon Musk's social media site says it suspended 800 million accounts in a year for spam and manipulation - but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain.

via Graham Cluley·Mar 15, 2026

Smashing Security podcast #458: How not to steal $46 million from the US government

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital ass

via Graham Cluley·Mar 15, 2026

Your Signal account is safe – unless you fall for this trick

Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts - with government officials and journalists among those being targeted.

via Graham Cluley·Mar 15, 2026

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. [...]

via BleepingComputer·Mar 15, 2026

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

via Threatpost·Mar 15, 2026

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

via Threatpost·Mar 15, 2026

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

via Threatpost·Mar 15, 2026

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

via Threatpost·Mar 15, 2026

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

via Threatpost·Mar 15, 2026

Trane Tracer SC, Tracer SC+, and Tracer Concierge

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product. The following versions of Trane Tracer SC, Tracer SC+, and Tracer Concierge are affected: Tracer S

via CISA Alerts·Mar 15, 2026

Siemens SIMATIC

View CSAF Summary SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to

via CISA Alerts·Mar 15, 2026

Siemens RUGGEDCOM APE1808 Devices

View CSAF Summary Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. The following versions of Siemens RUGGEDCOM APE180

via CISA Alerts·Mar 15, 2026

Siemens SIDIS Prime

View CSAF Summary SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version. The following versions of Siemen

via CISA Alerts·Mar 15, 2026

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability These types of vulnerabilities are frequent

via CISA Alerts·Mar 15, 2026

Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War

Pro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war, raising the risk of American defense contractors, power stations and water plants. The post Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks Dur

via SecurityWeek·Mar 15, 2026

In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown

Other noteworthy stories that might have slipped under the radar: Telus Digital data breach, vulnerabilities in Linux AppArmor allow root privileges, US defense contractor behind Coruna exploits. The post In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown appeared firs

via SecurityWeek·Mar 15, 2026

Starbucks Data Breach Impacts Employees

Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds.

via SecurityWeek·Mar 15, 2026

Critical HPE AOS-CX Vulnerability Allows Admin Password Resets

The vulnerability can be exploited remotely, without authentication, to circumvent existing authentication controls.

via SecurityWeek·Mar 15, 2026

Loblaw Data Breach Impacts Customer Information

Personal information such as names, email addresses, and phone numbers was accessed by hackers.

via SecurityWeek·Mar 15, 2026

Most Google Cloud Attacks Start With Bug Exploitation

Forget stolen credentials and misconfigurations; AI means vulnerability exploits that beat patching cycles are the top cause of compromises in the cloud.

via Dark Reading·Mar 15, 2026

Will AI Save Consumers From Smartphone-Based Phishing Attacks?

Sophisticated phishing attacks are bypassing on-device protections with troubling frequency, making it more critical than ever for users to protect themselves from potential threats, new research from Omdia shows.

via Dark Reading·Mar 15, 2026

Cyberattackers Don't Care About Good Causes

Sightline Security's founder and advisory board discuss how cybersecurity poses significant problems for nonprofits and suggest ways the industry can help.

via Dark Reading·Mar 15, 2026

The Data Gap: Why Nonprofit Cyber Incidents Go Underreported

Threat actors target nonprofits due to security gaps and highly coveted information, but a lack of sufficient data makes it difficult to grasp the entire picture.

via Dark Reading·Mar 15, 2026

Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw

Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. [...]

via BleepingComputer·Mar 15, 2026

Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos

The excitement around Cisco's latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked risks.

via Dark Reading·Mar 14, 2026

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses clever

via Krebs on Security·Mar 14, 2026

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensi

via The Hacker News·Mar 14, 2026

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source and self-hosted autonomous artificial intelligence (AI) agent. In a post shared on WeChat, CNCERT not

via The Hacker News·Mar 14, 2026

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. [...]

via BleepingComputer·Mar 14, 2026

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distrib

via Krebs on Security·Mar 14, 2026

Microsoft's March 2026 Patch Tuesday: 77 Vulnerabilities Addressed, Prioritization Still Paramount

Microsoft's March 2026 Patch Tuesday delivered a comprehensive set of security updates, patching at least 77 vulnerabilities across its Windows operating systems and various software components. While this month brings a welcome absence of actively exploited zero-day flaws, a stark contrast to February's five, cybersecurity teams must still prioritize rapid deployment of critical fixes to safeguard against significant potential risks.

via Krebs on Security·Mar 14, 2026

Investigating a New Click-Fix Variant

Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is

via The Hacker News·Mar 14, 2026

Enterprise Alert: Storm-2561 Deploys Trojan VPNs via SEO Poisoning to Harvest Credentials

Microsoft has uncovered a sophisticated credential theft campaign, dubbed Storm-2561, which leverages SEO poisoning to trick users into downloading malicious, digitally signed VPN clients. These deceptive applications, masquerading as legitimate enterprise software, are designed to pilfer sensitive user credentials, posing a significant threat to organizational security and data integrity.

via The Hacker News·Mar 14, 2026

INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime

INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effort i

via The Hacker News·Mar 14, 2026

Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026

Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said i

via The Hacker News·Mar 14, 2026

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA

via The Hacker News·Mar 14, 2026

FBI seeks victims of Steam games used to spread malware

The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. [...]

via BleepingComputer·Mar 14, 2026

Microsoft: Windows 11 users can't access C: drive on some Samsung PCs

Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. [...]

via BleepingComputer·Mar 14, 2026

Sophisticated Phishing Leverages Bogus VPN Clients to Steal Enterprise Credentials

A cunning new campaign by the threat actor Storm-2561 is distributing highly convincing fake enterprise VPN clients for major vendors like Ivanti, Cisco, and Fortinet. This insidious tactic aims to deceive unsuspecting corporate users into surrendering their legitimate login credentials, providing attackers with a critical foothold into organizational networks for subsequent malicious activities.

via BleepingComputer·Mar 13, 2026

Police sinkholes 45,000 IP addresses in cybercrime crackdown

An international law enforcement action codenamed "Operation Synergia III" has sinkholed tens of thousands of IP addresses and seized servers linked to cybercrime operations worldwide. [...]

via BleepingComputer·Mar 13, 2026

From VMware to what’s next: Protecting data during hypervisor migration

Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions. [...]

via BleepingComputer·Mar 13, 2026

Microsoft investigates classic Outlook sync and connection issues

Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. [...]

via BleepingComputer·Mar 13, 2026

Poland's nuclear research centre targeted by cyberattack

Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. [...]

via BleepingComputer·Mar 13, 2026

Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries

A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud. "SocksEscort infected home and small business internet routers with malware,"

via The Hacker News·Mar 13, 2026

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees. The nine confused deputy vulnerabilitie

via The Hacker News·Mar 13, 2026

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphi

via The Hacker News·Mar 13, 2026

Google fixes two new Chrome zero-days exploited in attacks

Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. [...]

via BleepingComputer·Mar 13, 2026

Starbucks discloses data breach affecting hundreds of employees

Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. [...]

via BleepingComputer·Mar 13, 2026

ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feel

via The Hacker News·Mar 13, 2026

How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs

Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detec

via The Hacker News·Mar 13, 2026

AI-generated Slopoly malware used in Interlock ransomware attack

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. [...]

via BleepingComputer·Mar 13, 2026

AiLock Ransomware Claims England Hockey Data Breach, Investigation Launched

England Hockey, the national governing body for field hockey, is currently investigating a significant data breach claim made by the AiLock ransomware gang, which has listed the organization as a victim on its dark web leak site. This incident underscores the escalating threat ransomware poses to diverse sectors, compelling security teams to re-evaluate their defenses against sophisticated data exfiltration and extortion tactics.

via BleepingComputer·Mar 13, 2026

Canadian Retail Giant Loblaw Forces Mass Logout Following Data Breach Notification

Loblaw, one of Canada's largest retail and food service companies, has confirmed a data breach, prompting the company to automatically log out all customer accounts as a precautionary measure. This incident underscores the persistent cybersecurity challenges faced by major corporations holding vast amounts of customer data, necessitating immediate user action to re-authenticate and maintain account security.

via BleepingComputer·Mar 13, 2026

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat a

via The Hacker News·Mar 12, 2026

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to infect

via The Hacker News·Mar 12, 2026

Going the Extra Mile: Travel Rewards Turn into Underground Currency.

Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency. [...]

via BleepingComputer·Mar 12, 2026

Telus Digital confirms breach after hacker claims 1 petabyte data theft

Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. [...]

via BleepingComputer·Mar 12, 2026

Google paid $17.1 million for vulnerability reports in 2025

Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025. [...]

via BleepingComputer·Mar 12, 2026

US disrupts SocksEscort proxy network powered by Linux malware

Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. [...]

via BleepingComputer·Mar 12, 2026

Veeam warns of critical flaws exposing backup servers to RCE attacks

Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. [...]

via BleepingComputer·Mar 12, 2026

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case o

via The Hacker News·Mar 12, 2026

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Obliv

via The Hacker News·Mar 12, 2026

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit. The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corr

via The Hacker News·Mar 12, 2026

Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity

via The Hacker News·Mar 12, 2026

US charges another ransomware negotiator linked to BlackCat attacks

The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation. [...]

via BleepingComputer·Mar 12, 2026

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more t

via Krebs on Security·Mar 12, 2026

What Boards Must Demand in the Age of AI-Automated Exploitation

“You knew, and you could have acted. Why didn’t you?”  This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident. For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable

via The Hacker News·Mar 12, 2026

CISA orders feds to patch n8n RCE flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. [...]

via BleepingComputer·Mar 12, 2026

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication. [...]

via BleepingComputer·Mar 12, 2026

WhatsApp introduces parent-managed accounts for pre-teens

WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join. [...]

via BleepingComputer·Mar 12, 2026

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insu

via The Hacker News·Mar 11, 2026

Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown

Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The effo

via The Hacker News·Mar 11, 2026

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to re

via The Hacker News·Mar 11, 2026

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. [...]

via BleepingComputer·Mar 11, 2026

Medtech giant Stryker offline after Iran-linked wiper malware attack

Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. [...]

via BleepingComputer·Mar 11, 2026

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox esca

via The Hacker News·Mar 11, 2026

Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools

Meta is introducing new anti-scam protections across its platforms, deploying systems and user-facing warnings to protect users against scammers. [...]

via BleepingComputer·Mar 11, 2026

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crate

via The Hacker News·Mar 11, 2026

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used t

via The Hacker News·Mar 11, 2026

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate

via The Hacker News·Mar 11, 2026

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities. [...]

via BleepingComputer·Mar 11, 2026

Microsoft releases Windows 10 KB5078885 extended security update

Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting down. [...]

via BleepingComputer·Mar 11, 2026

New 'Zombie ZIP' technique lets malware slip past security tools

A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. [...]

via BleepingComputer·Mar 11, 2026

New BeatBanker Android malware poses as Starlink app to hijack devices

A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. [...]

via BleepingComputer·Mar 11, 2026

New ‘BlackSanta’ EDR killer spotted targeting HR departments

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. [...]

via BleepingComputer·Mar 11, 2026

🔴BreachesCRITICAL

MediSecure Health Network Exposes 14 Million Patient Records in Catastrophic Data Breach

A ransomware-linked breach at MediSecure Health Network has exposed the personal health information of over 14 million patients across 38 US states. The attack, attributed to the BlackSuit ransomware group, compromised EHR databases containing Social Security numbers, diagnoses, and insurance data.

via BleepingComputer·Jan 14, 2025

⚫RansomwareCRITICAL

VoltZite Ransomware Targets Power Grid Operators Across North America in Coordinated Campaign

A sophisticated ransomware campaign dubbed VoltZite is actively targeting electric utility operators across the US and Canada, exploiting unpatched OT/SCADA vulnerabilities. Three utilities have confirmed operational disruptions, and CISA has issued an emergency advisory urging immediate action.

via Dragos·Jan 13, 2025

Google Patches Actively Exploited Chrome Zero-Day in V8 Engine — Update Now

Google has released an emergency Chrome update addressing CVE-2025-0971, a type confusion vulnerability in the V8 JavaScript engine being actively exploited in the wild. The flaw allows remote code execution with no user interaction beyond visiting a malicious web page.

via Google Security Blog·Jan 12, 2025

🔵PolicyCRITICAL

CISA Issues Emergency Directive ED-25-02: Ivanti Connect Secure Exploitation Ongoing

The Cybersecurity and Infrastructure Security Agency has issued Emergency Directive ED-25-02, ordering all federal civilian agencies to immediately disconnect or apply mitigations to Ivanti Connect Secure and Policy Secure appliances amid confirmed exploitation by multiple threat actors.

via CISA·Jan 11, 2025

AI-Generated Phishing Campaigns Achieve 60% Higher Click Rates Than Human-Written Lures

New research from Proofpoint and Hoxhunt reveals that AI-generated spear-phishing emails now outperform human-crafted attacks by 60% in click-through rates. The campaigns leverage real-time OSINT data to generate hyper-personalized lures at industrial scale.

via Proofpoint·Jan 10, 2025

2.1 Billion Records Exposed in AWS S3 Misconfiguration Sweep Conducted by Security Researcher

Security researcher Jeremiah Fowler has discovered and responsibly disclosed a series of misconfigured AWS S3 buckets exposing over 2.1 billion records across hundreds of companies. The data includes customer PII, API keys, internal source code, and HR records.

via VPNMentor·Jan 9, 2025

🟢Tools

Nuclei v3.4 Released: Community Adds 2,400 New Templates Including Cloud and AI Attack Surface Coverage

ProjectDiscovery has released Nuclei v3.4, a major update to the open-source vulnerability scanner featuring 2,400 new community-contributed templates, a cloud asset discovery engine, and the first purpose-built templates targeting AI/LLM application security misconfigurations.

via ProjectDiscovery·Jan 8, 2025

APT41 Resurfaces With Novel Malware Framework Targeting Defense Contractors in 12 Countries

Mandiant has published a detailed report on a new APT41 campaign deploying a previously undocumented modular malware framework called DUSTPAN across defense industrial base targets. The campaign focuses on intellectual property theft related to advanced propulsion and hypersonic technology.

via Mandiant·Jan 7, 2025

Bybit Cryptocurrency Exchange Loses $47M in Sophisticated Hot Wallet Compromise

Dubai-based Bybit confirmed that attackers drained $47 million in ETH, BTC, and stablecoins from its hot wallet infrastructure. The attack, one of the most technically sophisticated exchange hacks of 2025, exploited a multi-signature wallet vulnerability via a supply chain compromise.

via Chainalysis·Jan 6, 2025

Critical Memory Corruption Bugs in ThreadX RTOS Affect Billions of Embedded Devices

Researchers at Forescout have discovered seven critical memory corruption vulnerabilities in ThreadX, the most widely-deployed real-time operating system for embedded and IoT devices. The flaws affect an estimated 6.2 billion devices including medical equipment, industrial controllers, and consumer electronics.

via Forescout·Jan 5, 2025

🔵Policy

EU Cyber Resilience Act Enters Enforcement Phase: Manufacturers Face Fines Up to 15 Million Euros

The European Union's Cyber Resilience Act (CRA) has entered its first enforcement phase, requiring all connected device manufacturers selling in the EU to demonstrate baseline cybersecurity properties. Non-compliant products face market withdrawal orders and fines up to 15 million euros or 2.5% of global turnover.

via EU Agency for Cybersecurity (ENISA)·Jan 4, 2025

Researchers Uncover 287 Malicious npm Packages Stealing Developer Credentials in Ongoing Supply Chain Attack

Socket Security has identified 287 malicious packages on the npm registry that impersonate popular libraries to steal developer credentials, environment variables, and AWS/cloud tokens. The packages have accumulated over 4 million combined downloads before detection.

via Socket Security·Jan 3, 2025

🟢ToolsHIGH

Independent Security Audit of Top 8 Password Managers Reveals Alarming Memory Handling Flaws

A comprehensive independent audit commissioned by the Open Source Security Foundation found that 6 of 8 major password managers—including two market leaders—retain decrypted password vault contents in process memory for longer than necessary, exposing credentials to memory scraping attacks.

via OpenSSF·Jan 2, 2025