access ai android api apple attack authentication backdoor breach business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Pentagon Piloting Skills-Based Assessments for Cyber Workers
Proponents Favor Performance Tests Over Certs. The U.S. Department of Defense is for the first time piloting new skills-based assessments for its cyber hiring as an alternative to checking paper qualifications. Many certificates, officials say, don’t reflect the skills their cyber teams need in the real world. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/pentagon-piloting-skills-based-assessments-for-cyber-workers-a-31222…
-
Top product launches at RSAC 2026
RSAC 2026 showcased a wave of innovation, with vendors unveiling technologies poised to redefine cybersecurity. From AI-powered defense to breakthroughs in identity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/rsac-2026-top-product-launches/ also interesting: 9 VPN alternatives for securing remote network access Chase CISO condemns the security of the industry’s SaaS offerings SpyCloud Report: 2/3 Orgs…
-
Make OpenAI’s models misbehave and earn a reward
OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce the risk of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/openai-safety-bug-bounty-program/ also interesting: 9 top bug bounty programs launched in 2025 9 top bug bounty programs launched…
-
New Ghost Campaign Uses Fake npm Progress Bars to Phish Sudo Passwords
ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers. First seen on hackread.com Jump to article: hackread.com/ghost-campaign-npm-progress-bars-phish-sudo-passwords/ also interesting: Privacy Roundup: Week 12 of Year 2025 PoisonSeed überlistet FIDO-Schlüssel Dull but dangerous: A guide to 15 overlooked cybersecurity…
-
Umfrage: 70 Prozent der deutschen Unternehmen genehmigen KI-Projekte trotz Sicherheitsbedenken
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/genehmigung-ki-projekte-sicherheitsbedenken also interesting: Swalwell for Congress Campaign Partners with Wolfsbane.ai to Protect Against AI-Generated Cloning ChuanhuChatGPT, Lunary und LocalAI – Schwere Sicherheitslücken in KI-Sprachmodellen Severe Vulnerability in AI Vibe Lets Attackers Access Private User Applications Salesloft Drift Attacks Exposed Zscaler Customer Data
-
Tails 7.6 ships automatic Tor bridge retrieval and a new password manager
Tails 7.6 is out, and for users operating on networks that block Tor, the most consequential addition is built-in bridge retrieval. The Tor Connection assistant can now detect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/tails-7-6-released/ also interesting: New Mirai botnet targets industrial routers Cisco Data Breach Ransomware Group Allegedly Breached Internal Network Getting…
-
Tails 7.6 ships automatic Tor bridge retrieval and a new password manager
Tails 7.6 is out, and for users operating on networks that block Tor, the most consequential addition is built-in bridge retrieval. The Tor Connection assistant can now detect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/tails-7-6-released/ also interesting: New Mirai botnet targets industrial routers Diese Security-Technologien haben ausgedient How hackers target your Active Directory…
-
ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review
It’s the first significant cybersecurity-related announcement under Director of National Intelligence Tulsi Gabbard. First seen on cyberscoop.com Jump to article: cyberscoop.com/odni-tackles-ai-threat-hunting-app-cybersecurity-in-year-one-tech-review/ also interesting: AI SPERA and Hackers Central Partner to Expand Mexico’s Security Market with ‘Criminal IP ASM’ Top security solutions being piloted today, and how to do it right Cybersecurity Snapshot: What Looms on…
-
How Trump’s Plot to Grab Iran’s Nuclear Fuel Would Actually Work
Tags: iranExperts say that an American ground operation targeting nuclear sites in Iran would be incredibly complicated, put troops’ lives at great risk”, and might still fail. First seen on wired.com Jump to article: www.wired.com/story/us-iran-war-nuclear-extraction-ground-operation/ also interesting: U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign Iranian Hackers Use SpearSpecter to Target…
-
LiteLLM Hit in Cascading Supply-Chain Attack
Stolen Credentials From Trivy Breach Let Hackers Push Malware to PyPI. Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, persistent backdoors and lateral movement tools within hours of publication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/litellm-hit-in-cascading-supply-chain-attack-a-31210 also interesting: Top…
-
Breach Roundup: Tycoon2FA Phishing Platform Rebounds
Tags: 2fa, attack, breach, data, data-breach, healthcare, iran, malware, north-korea, oracle, phishing, ransomware, russiaAlso, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and France. This week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim…
-
U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2026-33017 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows. CVE-2026-33017 is a…
-
How do NHIs deliver value in cloud environments?
Are You Leveraging the Full Potential of Non-Human Identities? Non-Human Identities (NHIs) are rapidly gaining importance in digital security, and their role is particularly critical in managing cloud environments. Just as machine identities have become an integral part of cybersecurity, so too have NHIs, which are essentially machine identities that hold the key to accessing……
-
Are you proactive in managing AI risks?
Are Your Non-Human Identities Adequately Secured? How secure is your organization’s management of non-human identities? Non-human identities (NHIs) are integral components of cybersecurity frameworks. They are not mere accessories but foundational elements that require diligent oversight and sophisticated security solutions. To ensure robust security measures, professionals across industries must address the vulnerabilities presented by NHIs….…
-
How are NHIs supported in regulatory compliance?
Can Effective Non-Human Identity Management Elevate Your Compliance Strategy? The management of Non-Human Identities (NHIs) has become a crucial aspect of regulatory compliance. NHIs, often referred to as machine identities, play an integral role in securing digital infrastructures. They are composed of an encrypted password, token, or key (the “Secret”) and the permissions granted by……
-
Ajax football club hack exposed fan data, enabled ticket hijack
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ajax-football-club-hack-exposed-fan-data-enabled-ticket-hijack/ also interesting: AWS customers face massive breach amid alleged ShinyHunters regroup SAP systems increasingly targeted by cyber attackers Top 12…
-
Oracle Cloud Infrastructure: The bare metal facts
The Oracle Cloud Infrastructure appears to have more in common with datacentre hosting than with public infrastructure-as-a-service providers First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366640817/Oracle-Cloud-Infrastructure-The-bare-metal-facts also interesting: Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework Tenable Cloud Vulnerability Management: Reducing Vulnerability Risk in the…
-
Why Healthcare Faces Rising Risks From Shadow AI
Zscaler’s Ravi Monga on Managing AI Risks in Clinical Environments. Healthcare organizations are increasingly adopting AI for efficiency and patient care, but governance is lagging behind. Zscaler’s Healthcare CISO Ravi Monga explains why visibility into AI usage, including shadow AI, has become the sector’s most urgent cybersecurity challenge. First seen on govinfosecurity.com Jump to article:…
-
NYC Health Notifying Patients of 2 Third-Party Hacks
Incidents Are Unrelated, Says NYC Health + Hospitals. Hackers had access to New York City’s municipal healthcare system for nearly three months before being detected, stealing data of an undisclosed number of patients. The incident is the second hacking-related data breach within weeks involving a third-party firm hired by NYC Health + Hospitals. First seen…
-
Internet Yiff Machine: We hacked 93GB of anonymous crime tips
Ultra-sensitive data may have been hacked. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/03/internet-yiff-machine-we-hacked-93gb-of-anonymous-crime-tips/ also interesting: International effort erases PlugX malware from thousands of Windows computers Apple issues emergency patches to contain an ‘extremely sophisticated attack’ on targeted individuals FBI Warns: Threat Actors Impersonating BianLian Group to Target Corporate Executives Ghanaian fraudsters arrested for BEC/Sakawa
-
Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka
A new macOS infostealer, NukeChain (now Infiniti Stealer), uses fake CAPTCHA pages to trick users into running malicious commands. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka/ also interesting: 6 rising malware trends every security pro should know 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux 10 npm Packages Caught Stealing…
-
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles
More than a decade since the 2015 Jeep hack, the cybersecurity of vehicles remains of the utmost importance. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/automotive-cybersecurity-threats-grow-connected-autonomous-vehicles also interesting: Privacy Roundup: Week 7 of Year 2025 Cybersecurity Trends 2025: What’s Really Coming for Your Digital Defenses Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain…
-
Is the FCC’s Router Ban the Wrong Fix?
The agency put foreign-made consumer routers on its list of prohibited communications devices, but the ban could create more problems down the road. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/fcc-router-ban-wrong-fix also interesting: More telecom firms were breached by Chinese hackers than previously reported TDL 007 – Cyber Warriors Digital Shadows: Insights from Canada’s Cybersecurity…
-
Why Vector Databases Put Enterprise AI Data at Risk
Cyborg’s Nicolas Dupont on Closing the Encrypted Vector Search Gap. Cyborg CEO Nicolas Dupont describes how vector databases concentrate sensitive enterprise data in a structurally unencrypted layer, and conventional encryption can’t address the risk without degrading performance. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/vector-databases-put-enterprise-ai-data-at-risk-a-31203 also interesting: DeepSeek hit by cyberattack and outage amid breakthrough…
-
Coruna exploit reveals evolution of Triangulation iOS exploitation framework
Kaspersky found Coruna iOS exploits reuse updated code from the 2023 Operation Triangulation attacks, suggesting a possible link. Kaspersky researchers discovered that the Coruna iOS exploit kit uses an updated version of the same kernel exploit seen in the 2023 Operation Triangulation campaign. While early evidence didn’t clearly link the two, the code similarities now…
-
Chain Reaction: How One Stolen Token Tore Through Five Ecosystems
Why Your Static Credentials Are a Ticking Time Bomb The TeamPCP campaign, one of the largest credential theft campaigns of 2026, began with a compromise in Trivy. A security tool trusted to scan for vulnerabilities and leaked secrets was weaponized against the very environments it was meant to protect. Instead of catching exposed credentials, it……
-
BSidesSLC 2025 Guerrilla GRC Helping Small Businesses Get Cyber Smart
Author, Creator & Presenter: Joshua Boyles – VP Of Cybersecurity At LHMCO) Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-guerrilla-grc-helping-small-businesses-get-cyber-smart/ also interesting: Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts…
-
TP-Link warnt vor Sicherheitslücken: Firmware zahlreicher Router manipulierbar
TP-Link warnt vor Sicherheitslücken in mehreren seiner Router. Angreifer können unter anderem die Firmware austauschen und Konfigurationen manipulieren. First seen on golem.de Jump to article: www.golem.de/news/tp-link-router-luecke-laesst-angreifer-andere-firmware-einschleusen-2603-206939.html also interesting: Check Point enttarnt bösartige Firmware für TPRouter Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely ASUS warns of critical remote authentication bypass on 7 routers…
-
IT vom Netz genommen: Cyberangriff mündet in Hafenbetrieb mit Stift und Papier
Tags: cyberattackSpaniens Puerto de Vigo gilt als wichtiger Hafen für den weltweiten Fischereiverkehr. Nach einem Cyberangriff muss der Hafenbetrieb ohne IT auskommen. First seen on golem.de Jump to article: www.golem.de/news/cyberangriff-hacker-legen-it-von-spaniens-groesstem-fischereihafen-lahm-2603-206943.html also interesting: UK-Based Digital Signing Platform SigningHub Denies Cyberattack by IntelBroker Elon Musk Says Cyberattack Crashed Site Ahead of Trump Livestream Interview Cyberangriff auf eine Naturschutzbehörde…
-
Critical Flaw in Langflow AI Platform Under Attack
Threats actors pounced on the code injection vulnerability within hours of its disclosure, demonstrating that organizations have little time to address critical bugs. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-flaw-langflow-ai-platform-under-attack also interesting: AI development pipeline attacks expand CISOs’ software supply chain risk Security researchers caution app developers about risks in using Google Antigravity 2025…
-
New Langflow flaw actively exploited to hijack AI workflows
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/ also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors Cybersecurity Snapshot: CISA’s Best Cyber Advice on Securing Cloud,…
-
Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries
A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting hundreds of organizations. The post Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-365-phishing-bypasses-security-codes/ also interesting: ADFS”Š”, “ŠLiving in the Legacy of DRS New Phishing…
-
Millions of UK iPhone Users Will Need to Verify Their Age, Here’s Why
Apple’s latest iOS update adds some new features and fixes several bugs, but it also introduces mandatory age verification for users in the United Kingdom. The post Millions of UK iPhone Users Will Need to Verify Their Age, Here’s Why appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-iphone-age-verification-uk/ also interesting: iOS:…
-
Why Misaligned Incentives Are the CISO’s Biggest Problem
Jim DuBois, Former Microsoft CIO and CISO, on Incentives, AI and Cyber’s Future. As AI reshapes cybersecurity, aligning security and innovation teams is more critical than ever. Former Microsoft CIO and CISO Jim DuBois says misaligned incentives create conflict, and fixing that is what lets organizations move fast without compromising security. First seen on govinfosecurity.com…
-
TP-Link, Canva, HikVision vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.For First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/tp-link-canva-hikvision-vulnerabilities/ also interesting:…
-
FCC pushes new rules to crack down on robocallers, foreign call centers
Tags: phoneTwo measures aim to make it harder for robocallers to obtain valid U.S. phone numbers and pressure companies to onshore call center services. First seen on cyberscoop.com Jump to article: cyberscoop.com/fcc-votes-to-crack-down-on-robcallers-foreign-call-centers/ also interesting: 3CX Phone System Local Privilege Escalation Vulnerability Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN Cybercriminals Have…
-
Alleged RedLine malware developer extradited to US, faces up to 30 years
Hambardzum Minasyan appeared in an Austin federal court on Tuesday and was indicted on charges of conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and conspiracy to commit money laundering. First seen on therecord.media Jump to article: therecord.media/redline-malware-developer-extradited-to-us-faces-30-years also interesting: Cybersecurity Snapshot: NIST Offers Zero Trust Implementation Advice,…
-
Channel Has ‘Huge’ Role In Securing AI Agent Revolution: Top Execs At RSAC 2026
The widespread adoption of AI agents may be an unprecedented opportunity for channel partners to tap into their unique skills and expertise to create a fast-growth business, top executives from cybersecurity vendors including CrowdStrike, SentinelOne, Palo Alto Networks told CRN at RSAC 2026. First seen on crn.com Jump to article: www.crn.com/news/security/2026/channel-has-huge-role-in-securing-ai-agent-revolution-top-execs-at-rsac-2026 also interesting: 2025 Cybersecurity…
-
The CISO’s guide to responding to shadow AI
Tags: ai, breach, business, ciso, cybersecurity, data, governance, guide, mitigation, privacy, risk, strategy, technology, tool, training, updateUnderstand why AI is being used: If CISOs want to manage shadow AI effectively, they need to understand why it keeps popping up. The immediate reaction may be to shut down the use of shadow AI, but there must be more to the response than that.”Our focus is understanding why they’re using it, educating them…
-
What is DCiE? A Guide to Data Center Efficiency
Discover the importance of DCiE (Data Center Infrastructure Efficiency), how to calculate it, and why it’s essential for driving energy savings and operational excellence in your data center. Learn practical steps to benchmark and improve your facility’s efficiency for a more sustainable future. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/what-is-dcie-a-guide-to-data-center-efficiency/ also interesting: US military…
-
How redaction software can help government agencies comply with FOIA
Government agencies face growing pressure to respond to FOIA requests quickly while protecting classified data. Modern redaction software streamlines FOIA workflows while ensuring compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/how-redaction-software-can-help-government-agencies-comply-with-foia/ also interesting: SEC rule confusion continues to put CISOs in a bind a year after a major revision New Trump Cybersecurity Order Reverses…
-
BPFdoor in Telecom Networks: The FCC Is Securing the Edge, but China’s Hackers Are Already Past It
<div cla Rapid7’s research reveals China-linked kernel implants deep inside telecom signaling infrastructure. Here’s what BPFdoor is, how it evolved, and what defenders need to do now. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bpfdoor-in-telecom-networks-the-fcc-is-securing-the-edge-but-chinas-hackers-are-already-past-it/ also interesting: Chinese Group Hacked US Court Wiretap Systems ATT and Verizon Hacked Salt Typhoon Compromised The Network For High…
-
What is PUE? A Guide to Data Center Efficiency
In the world of data centers, energy efficiency isn’t just a buzzword”, it’s a vital part of running a cost-effective and sustainable operation. As technology demands grow, so does the need to monitor exactly how much energy is being used and where it’s going. This is where metrics like Power Usage Effectiveness (PUE) become essential…
-
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks
The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky.”When Coruna was first reported, the public evidence wasn’t sufficient to link…
-
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks.The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that’s also tracked as Earth Bluecrow, First seen on…
-
MIWIC26: Kerlyn Manyi, Cybersecurity Practitioner, Nucleus Systems Founder of CyberFoundHer Initiative
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are…
-
MIWIC26: Kerlyn Manyi, Cybersecurity Practitioner, Nucleus Systems Founder of CyberFoundHer Initiative
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are…
-
A puppet made me cry and all I got was this t-shirt
Tags: unclassifiedIn this week’s newsletter, Amy draws parallels between the collaborative themes of “Project Hail Mary” and the massive team effort behind the newly released Talos Year in Review report. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/a-puppet-made-me-cry-and-all-i-got-was-this-t-shirt/ also interesting: Jetzt updaten: Kritische Admin-Sicherheitslücken bedrohen TeamCity Reaktion auf Massenpanik: Indien schränkt SMS-Versand ein… Leitfaden für Incident-Reponse-Plan…
-
US official accuses China of supporting, exploiting cyber scam crisis in Southeast Asia
A senior U.S. official accused China’s government of implicitly backing Chinese criminal syndicates running cyber scam compounds across Southeast Asia and of exploiting a crisis that has resulted in billions being stolen from Americans each year. First seen on therecord.media Jump to article: therecord.media/china-scam-compounds-southeast-asia also interesting: Cybersecurity Snapshot: Study Raises Open Source Security Red Flags,…