Nostr notes by Cyber Security News (RSS Feed)

How Elite SOCs Cut Escalation Rates by Arming Tier 1 With Better ...

2026-04-02T16:58:08Z

How Elite SOCs Cut Escalation Rates by Arming Tier 1 With Better Threat Intelligence

In a mature Security Operations Center, escalation is supposed to work like a scalpel, precise, intentional, and reserved for alerts that genuinely demand deeper expertise. But across many teams today, it has become something far less disciplined: a reflex, a pressure valve, a way to pass uncertainty up the chain. The consequences are predictable. Tier […]

The post https://cybersecuritynews.com/reduce-soc-escalation-rates-tier-1-alert-triage/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/reduce-soc-escalation-rates-tier-1-alert-triage/

Hackers Clone CERT-UA Site to Trick Victims Into Installing ...

2026-04-02T16:15:03Z

Hackers Clone CERT-UA Site to Trick Victims Into Installing Go-Based RAT

A threat group recently set up a convincing fake version of Ukraine’s official cybersecurity authority website to trick targets into downloading a dangerous remote access tool. The campaign, now tracked under the identifier UAC-0255, relied on a mix of phishing emails and a cloned government website to push malware onto the computers of government workers, […]

The post https://cybersecuritynews.com/hackers-clone-cert-ua-site/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-clone-cert-ua-site/

New Akira Lookalike Ransomware Campaign Targeting Windows Users ...

2026-04-02T16:12:28Z

New Akira Lookalike Ransomware Campaign Targeting Windows Users in South America

A new and dangerous ransomware campaign has surfaced across South America, targeting Windows users with a carefully crafted strain that closely imitates the well-known Akira ransomware. While the two may appear nearly identical on the surface, this new threat is built on an entirely different foundation — one that quietly borrows from another notorious ransomware […]

The post https://cybersecuritynews.com/new-akira-lookalike-ransomware-campaign/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/new-akira-lookalike-ransomware-campaign/

Qilin Ransomware Uses Malicious DLL to Kill Almost Every ...

2026-04-02T15:42:35Z

Qilin Ransomware Uses Malicious DLL to Kill Almost Every Vendor’s EDR Solutions

Qilin ransomware group is deploying a sophisticated, multi-stage infection chain via a malicious msimg32.dll that can disable over 300 endpoint detection and response (EDR) drivers from virtually every major security vendor. As organizations increasingly rely on EDR solutions, which offer far greater behavioral visibility than legacy antivirus, threat actors have adapted by weaponizing EDR killers […]

The post https://cybersecuritynews.com/qilin-ransomware-kill-edr/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/qilin-ransomware-kill-edr/

OpenSSH 10.3 Fixes Shell Injection and Multiple SSH Security ...

2026-04-02T14:54:30Z

OpenSSH 10.3 Fixes Shell Injection and Multiple SSH Security Issues

The OpenSSH project released version 10.3 and 10.3p1 on April 2, 2026, addressing a shell injection vulnerability and introducing several security-hardening changes that administrators should review before upgrading. The most notable security fix targets a shell injection vulnerability in the -J (ProxyJump) command-line option. Prior to this release, user and host names passed via -J […]

The post https://cybersecuritynews.com/openssh-10-3-release/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/openssh-10-3-release/

Hackers Abuse DOCX, RTF, JS, and Python in Stealthy Boeing RFQ ...

2026-04-02T14:53:54Z

Hackers Abuse DOCX, RTF, JS, and Python in Stealthy Boeing RFQ Malware Campaign

A seemingly routine procurement email has become the entry point for a sophisticated six-stage malware attack targeting industrial suppliers and procurement teams. The campaign, tracked as NKFZ5966PURCHASE, disguises itself as a Boeing Request for Quotation (RFQ) from a person named “Joyce Malave,” luring victims into opening a malicious Word document. Once opened, the file silently […]

The post https://cybersecuritynews.com/hackers-abuse-docx-rtf-js-and-python-in-boeing-rfq/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-abuse-docx-rtf-js-and-python-in-boeing-rfq/

CISA Warns of Chrome 0-Day Vulnerability Actively Exploited in ...

2026-04-02T14:31:00Z

CISA Warns of Chrome 0-Day Vulnerability Actively Exploited in Attacks

A critical warning has been issued over a newly discovered zero-day vulnerability in Google Chrome, raising serious concerns for users worldwide. This flaw is actively exploited in the wild, allowing attackers to bypass security protections and execute malicious code, and was added to the Known Exploited Vulnerabilities (KEV) catalog on April 1, 2026. The discovery […]

The post https://cybersecuritynews.com/chrome-0-day-flaw-exploited/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/chrome-0-day-flaw-exploited/

NoVoice on Google Play with 22 Exploits Attacks Millions of ...

2026-04-02T13:50:07Z

NoVoice on Google Play with 22 Exploits Attacks Millions of Android Users

A dangerous Android rootkit named NoVoice has been hiding inside over 50 apps on Google Play, compromising more than 2.3 million devices worldwide. Tracked as Operation NoVoice, the malware uses 22 exploits to take full control of a device without raising any alerts, making it one of the most destructive Android threats uncovered in recent […]

The post https://cybersecuritynews.com/novoice-on-google-play/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/novoice-on-google-play/

Microsoft Details Steps to Mitigate the Axios npm Supply Chain ...

2026-04-02T12:37:28Z

Microsoft Details Steps to Mitigate the Axios npm Supply Chain Compromise

A widely used JavaScript library called Axios was at the center of a serious supply chain attack that came to light on March 31, 2026. Two updated versions of the Axios npm package — version 1.14.1 and version 0.30.4 — were found to contain malicious code built to silently install harmful software on developer machines, […]

The post https://cybersecuritynews.com/microsoft-details-steps-to-mitigate-the-axios/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/microsoft-details-steps-to-mitigate-the-axios/

Apple Expands iOS 18.7.7 Update to More Devices to Shield Users ...

2026-04-02T11:54:43Z

Apple Expands iOS 18.7.7 Update to More Devices to Shield Users from DarkSword Exploit

Apple has taken the rare step of expanding the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader set of devices on April 1, 2026, pushing critical backported security patches to millions of users still running iOS 18 who remain exposed to DarkSword, a sophisticated, web-delivered exploit chain capable of silently stealing vast amounts […]

The post https://cybersecuritynews.com/apple-expands-ios-18-7-7-update/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/apple-expands-ios-18-7-7-update/

New ZAP PTK Add-On Maps Browser-Based Security Findings as Native ...

2026-04-02T11:27:45Z

New ZAP PTK Add-On Maps Browser-Based Security Findings as Native Alert Into ZAP

The OWASP Zed Attack Proxy (ZAP) team has rolled out version 0.3.0 of the OWASP PenTest Kit (PTK) add-on, introducing a transformative workflow upgrade for application security testing. This new release bridges the critical gap between traditional proxy-level scanning and modern client-side execution by mapping in-browser security findings directly into native ZAP alerts. ZAP has […]

The post https://cybersecuritynews.com/zap-ptk-add-on/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/zap-ptk-add-on/

Cisco Smart Software Manager Vulnerability Let Attackers Execute ...

2026-04-02T10:13:06Z

Cisco Smart Software Manager Vulnerability Let Attackers Execute Arbitrary Commands

Cisco has issued an urgent security warning regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. Enterprise organizations widely use this tool to manage their Cisco software licenses locally. Tracked as CVE-2026-20160, the flaw carries a near-perfect CVSS severity score of 9.8 out of 10. If exploited, it allows an unauthenticated, […]

The post https://cybersecuritynews.com/cisco-smart-software-manager-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/cisco-smart-software-manager-vulnerability/

Oracle Lays Off 30,000 Employees to Ramp Up Investment in AI ...

2026-04-02T10:06:55Z

Oracle Lays Off 30,000 Employees to Ramp Up Investment in AI Technologies

Oracle has executed a massive workforce reduction, eliminating between 20,000 and 30,000 employees globally to free up cash flow for its aggressive artificial intelligence infrastructure investments. The layoffs, representing roughly 18% of its workforce, were communicated abruptly via email, highlighting the company’s urgent shift in financial strategy amid mounting debt. On Tuesday morning, up to […]

The post https://cybersecuritynews.com/oracle-lays-off-30000-employees/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/oracle-lays-off-30000-employees/

FBI Warns of Chinese Mobile Apps May Expose User Data to ...

2026-04-02T09:35:10Z

FBI Warns of Chinese Mobile Apps May Expose User Data to Cyberattacks

Millions of Americans use mobile apps daily without thinking much about where their data actually goes. The Federal Bureau of Investigation has stepped forward to address that. On March 31, 2026, the FBI released a Public Service Announcement outlining serious data security risks connected to mobile applications developed by foreign companies — particularly those based […]

The post https://cybersecuritynews.com/fbi-warns-of-chinese-mobile-apps/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/fbi-warns-of-chinese-mobile-apps/

TA416 Expands Espionage Operations Across Europe With Web Bug ...

2026-04-02T09:16:31Z

TA416 Expands Espionage Operations Across Europe With Web Bug Recon and Malware Delivery

TA416 has returned to Europe with a fresh wave of espionage emails aimed at government and diplomatic staff. The campaign mixes quiet reconnaissance with malware delivery, showing how a patient threat actor can test who opens a message before sending a more dangerous follow-up. From mid-2025 into early 2026, the China-aligned group targeted diplomatic missions […]

The post https://cybersecuritynews.com/ta416-expands-espionage-operations-across-europe/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/ta416-expands-espionage-operations-across-europe/

Microsoft Copilot Terms of Service Label Copilot is for ...

2026-04-02T08:45:20Z

Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only

Microsoft’s terms of service for its Copilot AI assistant include a notable disclaimer that has sparked renewed scrutiny from security and enterprise communities: the product is intended solely for entertainment purposes. According to the official Copilot terms of use, Microsoft explicitly states that Copilot can make mistakes, may not function as intended, and should not […]

The post https://cybersecuritynews.com/microsoft-copilot-terms-of-service/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/microsoft-copilot-terms-of-service/

New WhatsApp Attack Chain Uses VBS Scripts, Cloud Downloads, and ...

2026-04-02T08:24:48Z

New WhatsApp Attack Chain Uses VBS Scripts, Cloud Downloads, and MSI Backdoors

A new malware campaign is actively using WhatsApp to deliver harmful files directly to Windows users, exploiting the widespread trust placed in everyday messaging apps. The threat actors send malicious Visual Basic Script (VBS) files through WhatsApp messages, knowing that users rarely question attachments from familiar platforms. Once a recipient runs one of these files, […]

The post https://cybersecuritynews.com/new-whatsapp-attack-chain-uses-vbs-scripts/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/new-whatsapp-attack-chain-uses-vbs-scripts/

Critical Cisco IMC Vulnerability Let Attackers Bypass ...

2026-04-02T07:26:41Z

Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication

Cisco has recently disclosed a critical security flaw affecting its Integrated Management Controller (IMC), prompting the release of urgent software updates. The vulnerability, officially tracked as CVE-2026-20093, has been assigned a critical Base CVSS score of 9.8, indicating the highest level of severity. This security weakness is located in the password change functionality of the […]

The post https://cybersecuritynews.com/cisco-imc-vulnerability-2/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/cisco-imc-vulnerability-2/

Remcos RAT Infection Chain Hides Behind Obfuscated Scripts and ...

2026-04-02T07:06:06Z

Remcos RAT Infection Chain Hides Behind Obfuscated Scripts and Trusted Windows Binaries

Cybercriminals are getting better at hiding their tracks, and a recently uncovered Remcos RAT campaign is proof of that. This attack does not rely on a single malicious file dropped onto a system. Instead, it uses a carefully built, multi-stage chain that starts with a simple phishing email and ends with a full, in-memory system […]

The post https://cybersecuritynews.com/remcos-rat-infection-chain-hides-behind-obfuscated/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/remcos-rat-infection-chain-hides-behind-obfuscated/

Symantec DLP Agent Vulnerability Let Attackers Escalate ...

2026-04-02T06:46:14Z

Symantec DLP Agent Vulnerability Let Attackers Escalate Privileges

A high-severity security flaw has been identified in the Symantec Data Loss Prevention (DLP) Agent for Windows. Tracked as CVE-2026-3991, this vulnerability allows a low-privileged local attacker to escalate their system privileges to the highest level. Security researcher Manuel Feifel discovered the flaw, and Broadcom has recently released patches to address the issue. The vulnerability […]

The post https://cybersecuritynews.com/symantec-dlp-agent-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/symantec-dlp-agent-vulnerability/

Starbucks Breach – Attacks Allegedly Claim 10GB of Stolen ...

2026-04-02T06:28:12Z

Starbucks Breach – Attacks Allegedly Claim 10GB of Stolen Source Code

The threat group ShadowByt3s has claimed responsibility for a new cyberattack on Starbucks, allegedly stealing 10GB of proprietary source code and operational firmware. The data was reportedly scraped from a misconfigured Amazon S3 bucket named “sbux-assets” as part of a broader campaign targeting cloud vulnerabilities. A threat actor operating under the moniker “BlackVortex1” posted on […]

The post https://cybersecuritynews.com/starbucks-breach/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/starbucks-breach/

10 Best VPN For Privacy In 2026 When it comes to privacy-focused ...

2026-04-02T05:39:50Z

10 Best VPN For Privacy In 2026

When it comes to privacy-focused VPNs, several providers stand out in 2026. NordVPN, based in Panama, offers robust security features including Double VPN, Onion over VPN, and an independently audited no-logs policy. Proton VPN, founded by CERN scientists and based in Switzerland, is known for its strong commitment to privacy and its Secure Core servers […]

The post https://cybersecuritynews.com/best-vpn-for-privacy/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/best-vpn-for-privacy/

Top 20 Best Digital Forensic Tools in 2026 Digital forensic tools ...

2026-04-02T05:30:02Z

Top 20 Best Digital Forensic Tools in 2026

Digital forensic tools are specialized software designed to analyze, recover, and investigate data from digital devices. They help uncover crucial evidence in cybercrime investigations and legal proceedings. These tools can extract data from various sources, including computers, smartphones, and storage devices, ensuring comprehensive digital footprints and activities analysis. They offer features like data carving, metadata […]

The post https://cybersecuritynews.com/best-digital-forensic-tools/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/best-digital-forensic-tools/

Vim Modeline Bypass Vulnerability Let Attackers Execute Arbitrary ...

2026-04-02T02:31:41Z

Vim Modeline Bypass Vulnerability Let Attackers Execute Arbitrary OS Commands

A newly discovered high-severity vulnerability in the popular Vim text editor exposes users to arbitrary command execution on the operating system. Tracked as CVE-2026-34982, the flaw relies on a modeline sandbox bypass that triggers when a victim opens a specially crafted file. Security researchers “dfwjj x” and Avishay Matayev identified a vulnerability chain that affects […]

The post https://cybersecuritynews.com/vim-modeline-bypass-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/vim-modeline-bypass-vulnerability/

Public PoC Exploit Released for Nginx-UI Backup Restore ...

2026-04-02T02:29:40Z

Public PoC Exploit Released for Nginx-UI Backup Restore Vulnerability

A critical security flaw has been disclosed in the Nginx-UI backup restore mechanism, tracked as CVE-2026-33026. This vulnerability allows threat actors to tamper with encrypted backup archives and inject malicious configurations during the restoration process. With a public Proof-of-Concept (PoC) exploit now available, unpatched deployments are at immediate risk of full system compromise. Cryptographic Flaw […]

The post https://cybersecuritynews.com/nginx-ui-backup-restore-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/nginx-ui-backup-restore-vulnerability/

Microsoft to Remove EXIF Data for Images Shared on Teams In a ...

2026-04-02T02:05:20Z

Microsoft to Remove EXIF Data for Images Shared on Teams

In a significant move to enhance corporate privacy and operational security, Microsoft has announced an important update for its Teams platform. As part of the March 2026 feature rollout, Microsoft Teams will now automatically remove EXIF metadata from all images shared across chats and channels. This privacy-by-default measure aims to protect users from unintentionally leaking […]

The post https://cybersecuritynews.com/microsoft-remove-exif-data-teams/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/microsoft-remove-exif-data-teams/

Magecart Hackers Uses 100+ Domains to Hijack eStores Checkouts ...

2026-04-01T17:13:13Z

Magecart Hackers Uses 100+ Domains to Hijack eStores Checkouts and Steal Card Data

A sophisticated and long-running Magecart campaign has been quietly operating for over 24 months, infecting e-commerce websites across at least 12 countries using more than 100 malicious domains to steal payment card data in real time and banks, not merchants, are bearing the heaviest financial blow. Security researchers at ANY.RUN has uncovered a large-scale Magecart […]

The post https://cybersecuritynews.com/magecart-hijack-estore-checkouts/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/magecart-hijack-estore-checkouts/

Google Cloud’s Vertex AI platform Vulnerability Allow Attackers ...

2026-04-01T13:06:14Z

Google Cloud’s Vertex AI platform Vulnerability Allow Attackers to Access Sensitive Data

Artificial intelligence agents are rapidly becoming integral to enterprise workflows, but they also introduce new attack surfaces. Security researchers recently uncovered a significant vulnerability within Google Cloud Platform’s Vertex AI Agent Engine. By exploiting default permission scoping, attackers could weaponize deployed AI agents into “double agents” that secretly exfiltrate data and compromise cloud infrastructure. Exploiting […]

The post https://cybersecuritynews.com/google-clouds-vertex-ai-platform-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/google-clouds-vertex-ai-platform-vulnerability/

Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities ...

2026-04-01T13:01:53Z

Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks

A recent cybersecurity study reveals that threat actors are moving faster than ever to weaponize new software flaws. According to data collected from a high-interaction honeypot, hackers are actively exploiting a newly disclosed, maximum-severity vulnerability in Oracle WebLogic Server. The critical flaw, tracked as CVE-2026-21962, carries a CVSS score of 10.0. It allows unauthenticated attackers […]

The post https://cybersecuritynews.com/hackers-exploiting-weblogic-rce-vulnerabilities/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-exploiting-weblogic-rce-vulnerabilities/

Russian Hackers Using Remote Access Toolkit “CTRL” for RDP ...

2026-04-01T12:58:01Z

Russian Hackers Using Remote Access Toolkit “CTRL” for RDP Hijacking

A newly disclosed Russian-linked remote access toolkit called “CTRL” is being used to hijack Remote Desktop Protocol sessions and steal credentials from Windows systems. According to Censys ARC, the malware is a custom .NET framework that combines phishing, keylogging, reverse tunneling, and persistence into one attack chain. Censys ARC said the toolkit was discovered during […]

The post https://cybersecuritynews.com/ctrl-for-rdp-hijacking/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/ctrl-for-rdp-hijacking/

New Chrome Zero-Day Vulnerability Actively Exploited in Attacks ...

2026-04-01T12:53:43Z

New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now

Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to version 146.0.7680.177/178 for Windows and Mac, and 146.0.7680.177 for Linux, with the rollout expected to reach all users over the coming days and weeks. […]

The post https://cybersecuritynews.com/chrome-zero-day-vulnerability-exploited/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/chrome-zero-day-vulnerability-exploited/

HSBC India Asks Customers to use All-Uppercase Passwords ...

2026-04-01T12:32:24Z

HSBC India Asks Customers to use All-Uppercase Passwords

Beginning April 6, 2026, HSBC India will require its internet banking customers to enter their passwords in uppercase letters only. The mandate, communicated via official customer emails, has sparked widespread concern among technical experts regarding the bank’s credential storage practices and overall security posture. The Uppercase Migration According to the bank’s recent communications, customers must […]

The post https://cybersecuritynews.com/hsbc-india-uppercase-passwords/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hsbc-india-uppercase-passwords/

Hackers Use EtherRAT and EtherHiding to Hide Malware ...

2026-04-01T12:21:06Z

Hackers Use EtherRAT and EtherHiding to Hide Malware Infrastructure on Ethereum

A sophisticated backdoor called EtherRAT is actively targeting organizations across multiple sectors by hiding its command infrastructure inside the Ethereum blockchain — a move that makes it uniquely hard to track and shut down. The malware runs on Node.js and gives attackers full remote control over compromised machines, enabling them to execute commands, steal cryptocurrency […]

The post https://cybersecuritynews.com/hackers-use-etherrat-and-etherhiding/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-use-etherrat-and-etherhiding/

Hackers Push CrystalX Malware-as-a-Service Through Telegram With ...

2026-04-01T11:36:07Z

Hackers Push CrystalX Malware-as-a-Service Through Telegram With Stealer and RAT Features

A new and dangerous piece of malware has surfaced and is being marketed openly to cybercriminals through private Telegram channels. Named CrystalX, this Malware-as-a-Service (MaaS) platform combines a remote access trojan (RAT), credential stealer, keylogger, clipboard hijacker, spyware, and an unusual set of prankware tools into one capable package. Discovered in March 2026, the malware […]

The post https://cybersecuritynews.com/hackers-push-crystalx-malware-as-a-service/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-push-crystalx-malware-as-a-service/

Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 ...

2026-04-01T10:36:43Z

Cybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSec

New York, New York, April 1st, 2026, CyberNewswire TAC Infosec, a global leader in cybersecurity (NSE: TAC), with presence across 100+ countries, announced a historic milestone by crossing 10,000 clients – 6,500+ of TAC Security and 3,500+ of CyberScope, since April 2024, delivering on its commitment to shareholders to achieve this by 2026. While building […]

The post https://cybersecuritynews.com/tac-security-10000-clients-top-5/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/tac-security-10000-clients-top-5/

Windows 11 Emergency Update to Fix Installation Loop Issues ...

2026-04-01T09:59:48Z

Windows 11 Emergency Update to Fix Installation Loop Issues

Microsoft just released an emergency out-of-band update to resolve a persistent installation failure affecting Windows 11 users. Released on March 31, 2026, update KB5086672 specifically targets systems running Windows 11 versions 25H2 and 24H2. This patch addresses a critical setup bug introduced in late March that prevented users from successfully applying recent system improvements and […]

The post https://cybersecuritynews.com/windows-11-emergency-update/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/windows-11-emergency-update/

North Korean Hackers Compromise Widely Used Axios Package to ...

2026-04-01T09:00:01Z

North Korean Hackers Compromise Widely Used Axios Package to Infect Windows, macOS, and Linux Systems

A major software supply chain attack has struck the JavaScript ecosystem after threat actors slipped a malicious dependency into the widely used axios NPM package. The poisoned releases, axios 1.14.1 and 0.30.4, pulled in plain-crypto-js and quietly delivered the WAVESHAPER.V2 backdoor to Windows, macOS, and Linux systems during installation. The incident is serious because axios […]

The post https://cybersecuritynews.com/north-korean-hackers-compromise-widely-used-axios-package/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/north-korean-hackers-compromise-widely-used-axios-package/

Hackers Backdoor Telnyx Python SDK on PyPI to Steal Credentials ...

2026-04-01T08:48:26Z

Hackers Backdoor Telnyx Python SDK on PyPI to Steal Credentials Across Windows, macOS, and Linux

A threat actor group known as TeamPCP has been caught backdooring the Telnyx Python SDK on PyPI — a popular cloud communications library with over 700,000 downloads in February alone. On March 27, 2026, two malicious versions of the package, 4.87.1 and 4.87.2, were quietly published to the Python Package Index without any matching commits […]

The post https://cybersecuritynews.com/hackers-backdoor-telnyx-python-sdk-on-pypi/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-backdoor-telnyx-python-sdk-on-pypi/

New npm Supply Chain Attack Uses undicy-http to Deploy ...

2026-04-01T07:55:34Z

New npm Supply Chain Attack Uses undicy-http to Deploy Screen-Streaming RAT and Browser Injector

A malicious npm package named undicy-http has surfaced inside the Node.js developer ecosystem, quietly compromising machines of developers who mistakenly install it. The package impersonates undici, the official HTTP client library bundled with Node.js that handles millions of weekly downloads. Despite sharing a near-identical name, undicy-http contains zero HTTP client functionality. Instead, it launches a two-stage attack capable of stealing […]

The post https://cybersecuritynews.com/new-npm-supply-chain-attack-uses-undicy-http/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/new-npm-supply-chain-attack-uses-undicy-http/

PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, ...

2026-04-01T07:21:04Z

PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information

Two high-severity vulnerabilities have been discovered in libpng, the widely used reference library for reading and writing PNG images. These flaws allow attackers to trigger process crashes, leak sensitive information, and potentially execute arbitrary code by convincing a system to process a crafted PNG file. The vulnerabilities affect any software that parses malformed images, making […]

The post https://cybersecuritynews.com/png-vulnerabilities/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/png-vulnerabilities/

XLoader Malware Upgrades Obfuscation Tactics and Hides C2 Traffic ...

2026-04-01T06:46:51Z

XLoader Malware Upgrades Obfuscation Tactics and Hides C2 Traffic Behind Decoy Servers

A well-known information-stealing malware called XLoader has received significant upgrades in its latest versions, making it considerably harder to detect and analyze than before. Originally derived from a malware family known as FormBook, which first surfaced in 2016, XLoader was rebranded and relaunched in early 2020, and since then, its developers have consistently pushed new […]

The post https://cybersecuritynews.com/xloader-malware-upgrades-obfuscation-tactics/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/xloader-malware-upgrades-obfuscation-tactics/

Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB ...

2026-04-01T04:31:16Z

Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB Data Theft

Mercor AI has officially confirmed a severe data breach following claims by the notorious Lapsus$ hacking group that they stole 4 terabytes of sensitive company data. The incident, stemming from a recent supply chain attack on the open-source LiteLLM project, has exposed proprietary source code, internal databases, and massive amounts of user-verification data. The hacking […]

The post https://cybersecuritynews.com/mercor-ai-data-breach/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/mercor-ai-data-breach/

Google Now Allows You to Change your @gmail.com Address in few ...

2026-04-01T04:04:58Z

Google Now Allows You to Change your @gmail.com Address in few Simple Steps

For over two decades, the permanence of a Google Account username has been a strict rule of the digital landscape. Many users found it frustrating to create new accounts and transfer data after outgrowing their childhood email addresses or changing their names. However, Google has recently updated its support documentation to announce that it will […]

The post https://cybersecuritynews.com/google-change-gmail-address/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/google-change-gmail-address/

Hackers Weaponize Legitimate Windows Tools to Disable Antivirus ...

2026-03-31T13:02:27Z

Hackers Weaponize Legitimate Windows Tools to Disable Antivirus Before Ransomware Attacks

Ransomware attacks have gone far beyond simple malicious code. Today, attackers operate with the precision of a well-planned business, using trusted Windows tools to quietly tear down defenses before ransomware even enters the picture. This shift has made modern ransomware campaigns harder to detect and significantly more damaging. The tools at the center of this […]

The post https://cybersecuritynews.com/hackers-weaponize-legitimate-windows-tools/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-weaponize-legitimate-windows-tools/

Google Unveils Ransomware Detection and File Restoration for ...

2026-03-31T12:47:59Z

Google Unveils Ransomware Detection and File Restoration for Google Drive

Google has officially moved its ransomware detection and file restoration features for Google Drive into General Availability. Originally launched in beta in September 2025, the updated security controls offer organizations enhanced defenses against malware attacks targeting local machines and cloud synchronization. The updated artificial intelligence model driving this release features significant performance improvements. The system […]

The post https://cybersecuritynews.com/google-drive-ransomware-detection-2/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/google-drive-ransomware-detection-2/

A new remote access trojan known as ResokerRAT has come to light, ...

2026-03-31T12:39:05Z

A new remote access trojan known as ResokerRAT has come to light, using Telegram’s bot API as its core communication channel to silently monitor and control infected Windows machines. What makes this threat stand out is that it does not rely on a traditional command-and-control server. Instead, it misuses a widely trusted messaging platform to […]

The post https://cybersecuritynews.com/hackers-deploy-telegram-based-resokerrat/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-deploy-telegram-based-resokerrat/

Anthropic’s Claude Code Source Code Reportedly Leaked Via Their ...

2026-03-31T11:29:13Z

Anthropic’s Claude Code Source Code Reportedly Leaked Via Their npm Registry

Anthropic’s proprietary Claude Code CLI tool has had its full TypeScript source code inadvertently exposed through a misconfigured npm package, after a security researcher discovered a leaked .map file referencing the unobfuscated codebase stored on Anthropic’s own cloud infrastructure. On March 31, 2026, researcher Chaofan Shou made the disclosure public, posting: “Claude code source code […]

The post https://cybersecuritynews.com/claude-code-source-code-leaked/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/claude-code-source-code-leaked/

ChatGPT Vulnerability Let Attackers Silently Exfiltrate User ...

2026-03-31T10:48:43Z

ChatGPT Vulnerability Let Attackers Silently Exfiltrate User Prompts and Other Sensitive Data

Users routinely trust AI assistants with highly sensitive information, including medical records, financial documents, and proprietary business code. Check Point Research recently disclosed a critical vulnerability in ChatGPT’s architecture that allowed attackers to extract this exact type of user data silently. By abusing a covert outbound channel in ChatGPT’s isolated code execution environment, attackers could […]

The post https://cybersecuritynews.com/chatgpt-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/chatgpt-vulnerability/

CareCloud Data Breach – Hackers Accessed IT Infrastructure and ...

2026-03-31T10:40:56Z

CareCloud Data Breach – Hackers Accessed IT Infrastructure and Stole Patient Data

A prominent healthcare technology provider has formally disclosed a significant cybersecurity incident involving unauthorized access to its IT infrastructure. An unauthorized actor compromised one of the company’s electronic health record (EHR) systems, raising concerns over possible exposure of sensitive patient data. The security breach initially unfolded on March 16, 2026. The intrusion caused a temporary […]

The post https://cybersecuritynews.com/carecloud-data-breach/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/carecloud-data-breach/

Apple New macOS Tahoe Feature Warns Users on ClickFix Attacks ...

2026-03-31T09:03:54Z

Apple New macOS Tahoe Feature Warns Users on ClickFix Attacks

Apple has introduced a new security mechanism in the macOS Tahoe 26.4 release candidate to protect users against social engineering campaigns known as ClickFix attacks. Discovered by users testing the latest OS build and highlighted in a popular Reddit post on r/MacOSBeta, the undocumented feature actively blocks the execution of potentially malicious commands pasted into […]

The post https://cybersecuritynews.com/clickfix-protection-macos-tahoe-26-4/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/clickfix-protection-macos-tahoe-26-4/

CISA Warns of Citrix NetScaler Vulnerability Actively Exploited ...

2026-03-31T08:58:33Z

CISA Warns of Citrix NetScaler Vulnerability Actively Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability affecting Citrix NetScaler products. Identified as CVE-2026-3055, this security flaw has been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog following confirmed evidence of active exploitation in the wild. Network defenders and system administrators are urged to take […]

The post https://cybersecuritynews.com/citrix-netscaler-vulnerability-exploited/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/citrix-netscaler-vulnerability-exploited/

Cybercriminals Abuse IRS and Tax Filing Lures to Push Malware in ...

2026-03-31T08:37:40Z

Cybercriminals Abuse IRS and Tax Filing Lures to Push Malware in New Campaigns

Tax season brings a reliable wave of phishing attacks, but 2026 has already shown a bigger and more organized push than in previous years. Cybercriminals are actively impersonating the Internal Revenue Service (IRS), national tax authorities, and company HR departments to trick people into installing malware or handing over login credentials. Over a hundred campaigns […]

The post https://cybersecuritynews.com/cybercriminals-abuse-irs-and-tax-filing-lures/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/cybercriminals-abuse-irs-and-tax-filing-lures/

Hackers Deploy RoadK1ll Pivoting Malware to Turn Compromised ...

2026-03-31T07:41:27Z

Hackers Deploy RoadK1ll Pivoting Malware to Turn Compromised Hosts Into Network Relays

A new piece of malware called RoadK1ll has been found silently converting compromised machines into controllable network relay points. Unlike most malware that arrives loaded with commands and attack tools, RoadK1ll is deliberately lean, built around one goal: giving attackers a reliable and silent path deeper into a network after initial compromise. That narrow focus […]

The post https://cybersecuritynews.com/hackers-deploy-roadk1ll-pivoting-malware/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-deploy-roadk1ll-pivoting-malware/

GhostSocks Turns Victim Systems Into Residential Proxies for ...

2026-03-31T06:31:50Z

GhostSocks Turns Victim Systems Into Residential Proxies for Evasive Cyberattacks

A new malware called GhostSocks has been quietly spreading through compromised systems, turning home and office devices into residential proxies that threat actors use to conceal their malicious traffic. Unlike traditional malware that simply steals data or locks files, GhostSocks hijacks the victim’s internet connection to make attacker traffic appear as though it is coming […]

The post https://cybersecuritynews.com/ghostsocks-turns-victim-systems/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/ghostsocks-turns-victim-systems/

Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability ...

2026-03-31T04:09:17Z

Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability and Crash Issues

Notepad++ has officially released version 8.9.3, delivering critical security patches, structural performance enhancements, and resolutions for persistent crash issues. This update finalizes the text editor’s transition to a highly optimized XML parser, addressing multiple recent regressions while fortifying the application’s auto-update mechanism against documented vulnerabilities. Notepad++ v8.9.3 Release The most notable security implementation in version […]

The post https://cybersecuritynews.com/notepad-v8-9-3-released/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/notepad-v8-9-3-released/

Axios NPM Packages Compromised to Inject Malicious Codes in an ...

2026-03-31T03:39:45Z

Axios NPM Packages Compromised to Inject Malicious Codes in an Active Supply Chain Attack

A sophisticated supply chain attack has targeted Axios, one of the most heavily adopted HTTP clients within the JavaScript ecosystem, by introducing a malicious transitive dependency into the official npm registry. Serving as a critical component across frontend frameworks, backend microservices, and enterprise applications, Axios records approximately 83 million weekly downloads on npm. The compromise […]

The post https://cybersecuritynews.com/axios-npm-packages-compromised/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/axios-npm-packages-compromised/

Claude AI Discovers Zero-Day RCE Vulnerabilities in Vim and Emacs ...

2026-03-31T03:24:06Z

Claude AI Discovers Zero-Day RCE Vulnerabilities in Vim and Emacs

Anthropic’s Claude AI successfully discovered zero-day Remote Code Execution (RCE) flaws in both Vim and GNU Emacs. The discoveries highlight a massive paradigm shift in bug hunting, demonstrating that AI models can uncover critical vulnerabilities in legacy software with simple natural-language prompts. The Vim RCE: Compromise Upon File Open The research initiative began with a […]

The post https://cybersecuritynews.com/claude-ai-0-day-rce-vim/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/claude-ai-0-day-rce-vim/

12 Best AWS Monitoring Tools in 2026 Amazon Web Services (AWS) is ...

2026-03-30T18:08:15Z

12 Best AWS Monitoring Tools in 2026

Amazon Web Services (AWS) is a cloud computing platform for businesses of all sizes and types. AWS’s architecture is robust and scalable, but dependability, performance, and security must be monitored. These aims guide AWS’s monitoring tools and services, which help you understand your cloud infrastructure and applications, analyze data, identify outliers, and maintain smooth operations. […]

The post https://cybersecuritynews.com/best-aws-monitoring-tools/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/best-aws-monitoring-tools/

Exposed Server Reveals TheGentlemen Ransomware Toolkit, Victim ...

2026-03-30T17:30:34Z

Exposed Server Reveals TheGentlemen Ransomware Toolkit, Victim Credentials, and Ngrok Tokens

A misconfigured server hosted on a Russian bulletproof hosting provider has exposed the complete operational toolkit of a TheGentlemen ransomware affiliate, including harvested victim credentials and plaintext authentication tokens used to establish hidden remote access tunnels. TheGentlemen ransomware group operates as a Ransomware-as-a-Service, or RaaS, operation where affiliates carry out attacks using shared tools and […]

The post https://cybersecuritynews.com/exposed-server-reveals-thegentlemen-ransomware-toolkit/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/exposed-server-reveals-thegentlemen-ransomware-toolkit/

North Korean IT Worker Allegedly Used Stolen Identity and AI ...

2026-03-30T16:52:39Z

North Korean IT Worker Allegedly Used Stolen Identity and AI Resume in Job Application Scam

A suspected North Korean operative tried to sneak into a remote job at a cybersecurity firm by using a stolen identity, a fake AI-generated resume, and a VoIP phone number. The case, uncovered in June 2025, shows how North Korea’s state-sponsored IT worker scheme has grown more sophisticated and harder to spot without proper screening. […]

The post https://cybersecuritynews.com/north-korean-it-worker-allegedly-used-stolen-identity/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/north-korean-it-worker-allegedly-used-stolen-identity/

CrySome RAT Emerges as Advanced .NET Malware With AV Killer and ...

2026-03-30T16:30:44Z

CrySome RAT Emerges as Advanced .NET Malware With AV Killer and HVNC Capabilities

A new and dangerous piece of malware has surfaced in the threat landscape, and it is built to stay hidden, stay running, and stay in control of any system it infects. CrySome RAT is written in C# and targets the .NET ecosystem, giving attackers complete remote control over compromised Windows machines. From stealing passwords and […]

The post https://cybersecuritynews.com/crysome-rat-emerges-as-advanced-net-malware/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/crysome-rat-emerges-as-advanced-net-malware/

New ClickFix Variant Uses Rundll32 and WebDAV to Evade PowerShell ...

2026-03-30T16:01:26Z

New ClickFix Variant Uses Rundll32 and WebDAV to Evade PowerShell Detection

A new and more dangerous version of the ClickFix attack technique has been found actively targeting Windows users. Unlike older versions that used PowerShell or mshta to run malicious commands, this new variant takes a different path. It uses rundll32.exe and WebDAV, two built-in Windows components, to quietly deliver and execute harmful payloads without triggering […]

The post https://cybersecuritynews.com/new-clickfix-variant-uses-rundll32/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/new-clickfix-variant-uses-rundll32/

TA446 Hackers Deploying DarkSword Exploit Kit to Attack iOS Users ...

2026-03-30T15:43:07Z

TA446 Hackers Deploying DarkSword Exploit Kit to Attack iOS Users

A known threat group called TA446 has been caught using a newly discovered exploit kit called DarkSword to target iOS users. This development marks a significant shift in the group’s tactics, as previous activity from TA446 showed no signs of exploit kit use at all. The campaign came to light around March 26, 2026, when […]

The post https://cybersecuritynews.com/ta446-hackers-deploying-darksword-exploit-kit/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/ta446-hackers-deploying-darksword-exploit-kit/

New Homoglyph Attack Techniques Help Cybercriminals Spoof Trusted ...

2026-03-30T14:28:09Z

New Homoglyph Attack Techniques Help Cybercriminals Spoof Trusted Domains

Cybercriminals have found a clever way to trick people by swapping real letters in website addresses with characters that look almost the same. These are called homoglyph attacks, and they are becoming a growing problem across the internet. A single character swap — like replacing a Latin “o” with a Greek omicron — can fool […]

The post https://cybersecuritynews.com/new-homoglyph-attack-techniques/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/new-homoglyph-attack-techniques/

Hackers Backdoor Telnyx Python SDK on PyPI to Steal Cloud and Dev ...

2026-03-30T14:15:55Z

Hackers Backdoor Telnyx Python SDK on PyPI to Steal Cloud and Dev Credentials

A widely used Python package was quietly turned into a weapon, and most developers who got hit had no idea it happened. On March 27, 2026, a threat actor known as TeamPCP uploaded two malicious versions of the Telnyx Python SDK to PyPI, the main repository where Python developers download software packages. The compromised versions, […]

The post https://cybersecuritynews.com/hackers-backdoor-telnyx-python-sdk/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-backdoor-telnyx-python-sdk/

Open VSX’s New Scanner Vulnerability Allows Malicious Extension ...

2026-03-30T13:58:51Z

Open VSX’s New Scanner Vulnerability Allows Malicious Extension Goes Live

A serious security flaw was recently found in Open VSX, the extension marketplace used by popular code editors like Cursor and Windsurf, as well as the broader VS Code fork ecosystem. The vulnerability was found inside the platform’s newly introduced pre-publish scanning pipeline, a security layer built to check every extension before it becomes available […]

The post https://cybersecuritynews.com/open-vsxs-new-scanner-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/open-vsxs-new-scanner-vulnerability/

BlankGrabber Stealer Uses Fake Certificate Loader to Hide Malware ...

2026-03-30T13:11:55Z

BlankGrabber Stealer Uses Fake Certificate Loader to Hide Malware Delivery Chain

A Python-based information stealer known as BlankGrabber has been caught using a deceptive certificate loader trick to hide a multi-stage malware delivery chain. First identified in 2023, this threat has grown more complex over time and keeps targeting everyday users through widely used online platforms. BlankGrabber is designed to steal as much sensitive data as […]

The post https://cybersecuritynews.com/blankgrabber-stealer-uses-fake-certificate-loader/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/blankgrabber-stealer-uses-fake-certificate-loader/

Stored XSS Bug in Jira Work Management Could Lead to Full ...

2026-03-30T12:42:10Z

Stored XSS Bug in Jira Work Management Could Lead to Full Organization Takeover

A popular collaboration tool within the Atlassian ecosystem is widely used by organizations to track projects, manage approvals, and manage daily tasks. Recently, security researchers at Snapsec uncovered a critical Stored Cross-Site Scripting (XSS) vulnerability within the platform. By exploiting a seemingly low-risk configuration field, the team demonstrated how a low-privileged user could achieve a full […]

The post https://cybersecuritynews.com/stored-xss-bug-in-jira-work-management/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/stored-xss-bug-in-jira-work-management/

CanisterWorm Malware Attacking Docker/K8s/Redis to Gain Access ...

2026-03-30T12:29:26Z

CanisterWorm Malware Attacking Docker/K8s/Redis to Gain Access and Steal Secrets

A financially motivated cybercrime group has been quietly compromising cloud environments since late 2025, and its activities are now drawing serious concern across the security community. The group, known as TeamPCP, operates a self-propagating worm called CanisterWorm that hunts for poorly secured Docker APIs, Kubernetes clusters, Redis servers, and systems vulnerable to the React2Shell flaw. […]

The post https://cybersecuritynews.com/canisterworm-malware-attacking-docker/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/canisterworm-malware-attacking-docker/

Vim Vulnerability Let Attackers Execute Arbitrary Command Via ...

2026-03-30T12:08:12Z

Vim Vulnerability Let Attackers Execute Arbitrary Command Via Weaponized Files

A high-severity security flaw has been discovered in Vim, one of the most widely used text editors among developers. This vulnerability allows attackers to execute arbitrary operating system commands simply by tricking a user into opening a specially crafted file. Discovered by security researcher Hung Nguyen, the bug chain highlights the persistent risks associated with how […]

The post https://cybersecuritynews.com/vim-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/vim-vulnerability/

Critical Fortinet Forticlient EMS Vulnerability Exploited in ...

2026-03-30T09:32:00Z

Critical Fortinet Forticlient EMS Vulnerability Exploited in Attacks

A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-21643, is actively being exploited in the wild. Threat actors have been leveraging this flaw in attacks starting four days ago, despite it not yet appearing on the CISA Known Exploited Vulnerabilities catalog. The security flaw affects FortiClient EMS version 7.4.4, […]

The post https://cybersecuritynews.com/forticlient-ems-vulnerability-exploited/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/forticlient-ems-vulnerability-exploited/

India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From ...

2026-03-30T08:09:26Z

India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From April

Starting April 1, 2026, the Indian government will effectively ban Chinese video surveillance giants, including Hikvision, Dahua, and TP-Link, from selling internet-connected CCTV cameras in the country. This decisive market restriction stems from new mandatory certification rules driven by national security concerns regarding foreign hardware. The Ministry of Electronics and Information Technology (MeitY) has implemented […]

The post https://cybersecuritynews.com/india-ban-cctv-products/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/india-ban-cctv-products/

New “Prompt Poaching” Attack Steals Users’ AI Conversations ...

2026-03-30T07:45:55Z

New “Prompt Poaching” Attack Steals Users’ AI Conversations via Malicious Browser Extensions

For many users, engaging with an AI assistant requires opening a dedicated browser tab, which inherently isolates the AI from other browsing activities. While this separation improves privacy, it reduces usefulness and context. To bridge this gap, AI-powered browser extensions have surged in popularity, allowing AI agents to seamlessly interact with emails, corporate portals, and […]

The post https://cybersecuritynews.com/prompt-poaching-attack/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/prompt-poaching-attack/

VoidLink Malware Framework Shows that AI-assisted Malware is Not ...

2026-03-30T06:41:25Z

VoidLink Malware Framework Shows that AI-assisted Malware is Not Experimental Anymore

For years, cybersecurity professionals debated whether AI could truly be weaponized to build dangerous malware at scale. That debate is now settled. VoidLink, a Linux-based malware framework discovered in early 2026, has crossed a threshold the security community long feared — AI-assisted malware has moved from a theoretical concept to a fully operational threat. VoidLink […]

The post https://cybersecuritynews.com/voidlink-malware-framework-2/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/voidlink-malware-framework-2/

10 Best Spam Filter Tools 2026 Spam filter tools use advanced ...

2026-03-30T03:59:37Z

10 Best Spam Filter Tools 2026

Spam filter tools use advanced algorithms and machine learning techniques to detect and block unwanted email messages. They analyze email content, sender reputation, and patterns to effectively identify and filter out spam, ensuring inboxes remain clutter-free. These tools offer customizable filtering rules, allowing users to set specific criteria for identifying spam. This flexibility helps tailor […]

The post https://cybersecuritynews.com/best-spam-filter-tools/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/best-spam-filter-tools/

10 Best Log Monitoring Tools in 2026 As enterprises adopt more ...

2026-03-30T03:46:29Z

10 Best Log Monitoring Tools in 2026

As enterprises adopt more cloud-native technologies, containers, and microservices-based architectures, log monitoring and management are now critical. According to many market research assessments, the global log management industry is anticipated to increase from $1.9 billion in 2020 to $4.1 billion in 2026. This expansion is driven by the increased adoption of hyper-scale cloud providers, such […]

The post https://cybersecuritynews.com/best-log-monitoring-tools/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/best-log-monitoring-tools/

10 Best Fraud Detection Tools in 2026 Fraud management is ...

2026-03-30T03:31:07Z

10 Best Fraud Detection Tools in 2026

Fraud management is detecting, preventing, and responding to fraudulent activity. It entails spotting potential fraud, implementing procedures to prevent fraud, and lessening the effects of fraud. There are several strategies that organizations can use to manage fraud, including: What Does Fraud Detection Software Do? Fraud detection software is designed to identify fraudulent activity by analyzing […]

The post https://cybersecuritynews.com/best-fraud-detection-tools/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/best-fraud-detection-tools/

Microsoft Issues Critical WinRE and Setup Updates Ahead of 2026 ...

2026-03-29T14:39:06Z

Microsoft Issues Critical WinRE and Setup Updates Ahead of 2026 Secure Boot Certificate Expiration

Microsoft has rolled out two new dynamic updates, KB5081494 and KB5083482, designed for Windows 11 versions 24H2 and 25H2. Released on March 26, 2026, these patches deliver essential enhancements to setup binaries and the Windows Recovery Environment. Accompanying these technical releases is a critical advisory regarding the impending expiration of Windows Secure Boot certificates, urging […]

The post https://cybersecuritynews.com/microsoft-critical-winre-update/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/microsoft-critical-winre-update/

Hackers Probe Citrix NetScaler Instances Ahead of Likely ...

2026-03-29T06:56:08Z

Hackers Probe Citrix NetScaler Instances Ahead of Likely CVE-2026-3055 Exploitation

Cybersecurity researchers are sounding the alarm over imminent in-the-wild exploitation of a recently disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligence firm watchTowr and Defused Cyber have detected active reconnaissance campaigns specifically targeting CVE-2026-3055, a high-severity memory overread flaw that could allow unauthenticated attackers to extract sensitive data. Organizations relying on […]

The post https://cybersecuritynews.com/citrix-netscaler-instances-exploited/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/citrix-netscaler-instances-exploited/

Cybersecurity Stocks Fall as Anthropic Tests Powerful New Model ...

2026-03-28T15:05:18Z

Cybersecurity Stocks Fall as Anthropic Tests Powerful New Model

Cybersecurity stocks declined sharply on Friday following revelations that Anthropic has begun testing “Mythos,” an extraordinarily powerful new AI model with advanced vulnerability-discovery capabilities. Anthropic is actively trialing a new tier of artificial intelligence models codenamed “Capybara,” with the flagship model operating under the moniker “Mythos”. Internal documents indicate that Mythos significantly outperforms the company’s […]

The post https://cybersecuritynews.com/cybersecurity-stocks-anthropic/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/cybersecurity-stocks-anthropic/

CISA Warns of F5 BIG-IP Vulnerability Actively Exploited in ...

2026-03-28T14:26:19Z

CISA Warns of F5 BIG-IP Vulnerability Actively Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability affecting F5 BIG-IP systems to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability, tracked as CVE-2025-53521, was officially listed on March 27, 2026, with a remediation deadline of March 30, […]

The post https://cybersecuritynews.com/f5-big-ip-vulnerability-actively-exploited/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/f5-big-ip-vulnerability-actively-exploited/

European Commission Confirms Cyberattack Following AWS Account ...

2026-03-28T03:20:54Z

European Commission Confirms Cyberattack Following AWS Account Hack

The European Commission has officially confirmed a cyberattack following a targeted cyberattack that compromised its Amazon Web Services (AWS) account. Discovered on March 24, the intrusion specifically affected the external cloud environment that hosts the Commission’s public web presence on the Europa.eu platform. Despite the severity of the unauthorized access, immediate containment procedures ensured that […]

The post https://cybersecuritynews.com/european-commission-aws-hack/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/european-commission-aws-hack/

Windows 11 and Server 2025 Update to Block Untrusted Cross-Signed ...

2026-03-28T02:48:00Z

Windows 11 and Server 2025 Update to Block Untrusted Cross-Signed Kernel Drivers by Default

Microsoft is taking a major step to harden the Windows operating system against kernel-level threats by removing trust for drivers signed by the deprecated cross-signed root program. Starting with the April 2026 update, Windows 11 and Windows Server 2025 will block these untrusted drivers by default. This policy ensures that only drivers certified through the […]

The post https://cybersecuritynews.com/windows-11-and-server-2025-update/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/windows-11-and-server-2025-update/

CISA Adds Aquasecurity Trivy Scanner Vulnerability to KEV Catalog ...

2026-03-28T02:24:07Z

CISA Adds Aquasecurity Trivy Scanner Vulnerability to KEV Catalog

CISA has officially added a critical vulnerability affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this alarming security flaw poses a severe risk to software development pipelines. By exploiting this vulnerability, threat actors can gain unauthorized access to highly sensitive Continuous Integration and Continuous Deployment (CI/CD) environments. Organizations relying […]

The post https://cybersecuritynews.com/aquasecurity-trivy-scanner-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/aquasecurity-trivy-scanner-vulnerability/

FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian ...

2026-03-27T17:21:54Z

FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers

Iran-linked hackers have claimed responsibility for breaching FBI Director Kash Patel’s personal Gmail inbox, leaking photographs, documents, and email correspondence online. The hacker group Handala Hack Team announced the breach on their website, declaring that Patel “will now find his name among the list of successfully hacked victims.” The leaked materials, totaling approximately 800 megabytes, […]

The post https://cybersecuritynews.com/fbi-chief-kash-patel-gmail-hacked/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/fbi-chief-kash-patel-gmail-hacked/

New Silver Fox Campaign Hits Japanese Businesses With Tax-Themed ...

2026-03-27T14:00:32Z

New Silver Fox Campaign Hits Japanese Businesses With Tax-Themed Phishing Lures

Japan’s tax season has become a hunting ground for a well-organized threat actor known as Silver Fox. As Japanese companies enter their annual cycle of tax filing, salary reviews, and personnel changes, this group is taking full advantage of the moment — sending highly targeted spearphishing emails designed to look like routine internal communications. The […]

The post https://cybersecuritynews.com/new-silver-fox-campaign-hits-japanese-businesses/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/new-silver-fox-campaign-hits-japanese-businesses/

Hackers Deploy BRUSHWORM and BRUSHLOGGER Against South Asian ...

2026-03-27T12:34:57Z

Hackers Deploy BRUSHWORM and BRUSHLOGGER Against South Asian Financial Firm

A South Asian financial institution has become the latest target of a focused cyberattack involving two custom-built malware tools — BRUSHWORM, a modular backdoor, and BRUSHLOGGER, a keylogger disguised as a trusted system file. The attack combined file theft, persistent system access, and real-time keystroke capture, underlining the growing risk that financial organizations across South […]

The post https://cybersecuritynews.com/hackers-deploy-brushworm-and-brushlogger/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-deploy-brushworm-and-brushlogger/

Hackers Use Phishing ZIP Files to Deploy PXA Stealer Against ...

2026-03-27T10:34:18Z

Hackers Use Phishing ZIP Files to Deploy PXA Stealer Against Financial Firms

A new wave of cyberattacks is putting financial institutions on high alert, as threat actors ramp up the use of PXA Stealer — a powerful information-stealing malware — against organizations worldwide. The surge follows law enforcement’s successful dismantling of major infostealer operations, including Lumma, Rhadamanthys, and RedLine, throughout 2025. With those platforms gone, PXA Stealer […]

The post https://cybersecuritynews.com/hackers-use-phishing-zip-files/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/hackers-use-phishing-zip-files/

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP ...

2026-03-27T10:18:14Z

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

The official Telnyx Python SDK on PyPI was compromised this morning as part of an escalating, weeks-long supply chain campaign orchestrated by the threat actor group TeamPCP. Malicious versions 4.87.1 and 4.87.2 of the telnyx package were uploaded to PyPI at 03:51 UTC on March 27, 2026, with the payload executing silently at import time […]

The post https://cybersecuritynews.com/telnyx-pypi-package-compromised/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/telnyx-pypi-package-compromised/

Red Hat Warns of Malware Code Embedded in Popular Linux Tool ...

2026-03-27T09:30:27Z

Red Hat Warns of Malware Code Embedded in Popular Linux Tool Allow Unauthorized Access to Systems

Red Hat has issued a critical security warning regarding malicious code discovered in recent versions of the “xz” compression tools and libraries. Tracked as CVE-2024-3094, this highly sophisticated supply chain compromise could allow threat actors to bypass authentication and gain unauthorized remote access to affected Linux systems. The xz utility is a fundamental data compression […]

The post https://cybersecuritynews.com/linux-tool-malware-embedded/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/linux-tool-malware-embedded/

Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote ...

2026-03-27T08:26:09Z

Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information

Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting customer-managed NetScaler ADC and NetScaler Gateway appliances. These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow remote attackers to leak sensitive information or cause user session mixups. Network administrators and security teams are strongly urged to apply the latest security […]

The post https://cybersecuritynews.com/citrix-netscaler-and-gateway-vulnerabilities/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/citrix-netscaler-and-gateway-vulnerabilities/

Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on ...

2026-03-27T07:50:00Z

Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on macOS Systems

A new macOS malware that was undocumented previously, is quietly tricking users through fake Cloudflare human verification pages. Called Infiniti Stealer, this threat uses a well-known social engineering trick called ClickFix to convince Mac users into running dangerous commands directly on their own machines, bypassing the need for any software vulnerability or exploit. For a […]

The post https://cybersecuritynews.com/fake-cloudflare-captcha-pages-spread-infiniti-stealer/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/fake-cloudflare-captcha-pages-spread-infiniti-stealer/

New Windows Error Reporting Vulnerability Lets Attackers Escalate ...

2026-03-27T07:14:48Z

New Windows Error Reporting Vulnerability Lets Attackers Escalate to Gain SYSTEM Access

A newly analyzed local privilege escalation vulnerability in the Windows Error Reporting (WER) service allows attackers to easily gain full SYSTEM access. The flaw, tracked as CVE-2026-20817, was considered so structurally dangerous that Microsoft completely removed the vulnerable feature rather than attempting a traditional code patch. The security flaw exists within the main executable library […]

The post https://cybersecuritynews.com/new-windows-error-reporting-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/new-windows-error-reporting-vulnerability/

ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services ...

2026-03-27T07:08:38Z

ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely

The Internet Systems Consortium (ISC) has released a critical security advisory warning network administrators of a high-severity vulnerability affecting the Kea DHCP server. Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error. When successfully exploited, the vulnerability causes the receiving daemon to crash, resulting in a sudden and total […]

The post https://cybersecuritynews.com/isc-warns-kea-dhcp-flaw/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/isc-warns-kea-dhcp-flaw/

Anthropic’s Leaked Drafts Expose Powerful New AI Model ...

2026-03-27T04:40:40Z

Anthropic’s Leaked Drafts Expose Powerful New AI Model “Claude Mythos”

Anthropic has inadvertently exposed highly sensitive internal documents, revealing the existence of a powerful, unreleased AI model dubbed “Claude Mythos.” The leak, which stems from an unsecured and publicly searchable data cache, has raised immediate alarms within the cybersecurity community, particularly due to internal assessments indicating the new model presents unprecedented cybersecurity risks. According to […]

The post https://cybersecuritynews.com/anthropic-claude-mythos/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/anthropic-claude-mythos/

Claude Chrome Extension 0-Click Vulnerability Enables Silent ...

2026-03-27T03:09:21Z

Claude Chrome Extension 0-Click Vulnerability Enables Silent Prompt Injection Attacks

A critical zero-click vulnerability in Anthropic’s Claude Chrome Extension exposed over 3 million users to silent prompt-injection attacks, allowing malicious websites to hijack the AI assistant without user interaction. The flaw, now patched, could have enabled attackers to steal Gmail access tokens, read Google Drive files, export chat history, and send emails all invisibly. The […]

The post https://cybersecuritynews.com/claude-chrome-extension-0-click-vulnerability/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/claude-chrome-extension-0-click-vulnerability/

Critical NVIDIA Vulnerabilities Enables RCE and DoS Attacks ...

2026-03-27T02:00:19Z

Critical NVIDIA Vulnerabilities Enables RCE and DoS Attacks

Critical March 2026 security updates have been released to fix multiple vulnerabilities across enterprise and AI software systems. The latest advisories highlight severe flaws that could enable attackers to execute arbitrary code, trigger denial-of-service (DoS) conditions, or escalate privileges within compromised systems. Organizations utilizing NVIDIA’s AI frameworks are strongly urged to review and patch their environments […]

The post https://cybersecuritynews.com/nvidia-vulnerabilities-rce-attacks/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/nvidia-vulnerabilities-rce-attacks/

New ClickFix Attack Leverage Windows Run Dialog Box and macOS ...

2026-03-26T19:45:17Z

New ClickFix Attack Leverage Windows Run Dialog Box and macOS Terminal to Deploy Malware

A social engineering technique called ClickFix has resurfaced with significant force, tricking users on both Windows and macOS into manually executing malicious commands that quietly install malware on their devices. First documented in late 2023, the method has rapidly grown from a niche tactic into one of the most widely adopted initial access strategies across […]

The post https://cybersecuritynews.com/new-clickfix-attack-leverage-windows-run-dialog-box/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/new-clickfix-attack-leverage-windows-run-dialog-box/

Leak Bazaar Turns Stolen Corporate Data Into a Structured ...

2026-03-26T19:38:53Z

Leak Bazaar Turns Stolen Corporate Data Into a Structured Criminal Marketplace

A threat actor known as “Snow” from SnowTeam posted an advertisement on the Russian-speaking TierOne (T1) cybercrime forum on March 25, 2026, introducing a new criminal service called Leak Bazaar. The platform is not a traditional data leak site. Instead, it presents itself as a post-exfiltration processing service — one that takes raw stolen corporate […]

The post https://cybersecuritynews.com/leak-bazaar-turns-stolen-corporate-data/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/leak-bazaar-turns-stolen-corporate-data/

VoidLink Rootkit Uses eBPF and Kernel Modules to Hide Deep Inside ...

2026-03-26T19:26:03Z

VoidLink Rootkit Uses eBPF and Kernel Modules to Hide Deep Inside Linux Systems

A new and technically advanced rootkit called VoidLink has emerged as a serious threat to Linux systems, blending Loadable Kernel Modules (LKMs) with extended Berkeley Packet Filter (eBPF) programs to hide deep inside the operating system’s core. First documented by Check Point Research in January 2026, VoidLink is a cloud-native Linux malware framework written in […]

The post https://cybersecuritynews.com/voidlink-rootkit-uses-ebpf-and-kernel-modules/ appeared first on https://cybersecuritynews.com.

https://cybersecuritynews.com/voidlink-rootkit-uses-ebpf-and-kernel-modules/