access ai android api apple attack authentication backdoor breach browser business ceo china cisa cisco ciso cloud compliance conference control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-google-security-site-uses-pwa-app-to-steal-credentials-mfa-codes/ also interesting: 7 biggest cybersecurity stories of 2024 Privacy Roundup: Week 12 of Year 2025…
-
Iranian Cyber Proxies Active But Not Nation-State Hackers
Nation-State Hackers Sheltering From Bombs or Cut Off From Internet. Iranian cyber proxies are girding for revenge while nation-state hackers in Tehran have gone quiet, whether to shelter from an onslaught of missile attacks or because the Middle Eastern country remains disconnected from the global internet on the third day of a U.S. and Israeli…
-
Popular Iranian App BadeSaba was Hacked to Send “Help Is on the Way” Alerts
Hackers took over Iran’s BadeSaba Calendar prayer app, sending “Help Is on the Way” alerts and messages urging soldiers to lay down weapons. First seen on hackread.com Jump to article: hackread.com/popular-iranian-app-badesaba-hacked-alerts/ also interesting: Iranian Hackers Set Up New Network to Target U.S. Political Campaigns US Sees Iranian Hackers Working Closely With Ransomware Groups Iranian Hackers…
-
Vulnerability monitoring service secures public-sector websites faster
Tags: business, ceo, cyber, dns, government, Internet, monitoring, office, resilience, risk, service, skills, technology, threat, tool, update, vulnerabilityTools good, talk better: The UK government’s VMS uses a combination of commercial and proprietary scanning tools to detect vulnerabilities in internet-facing assets.But McKay cautions against drawing the wrong conclusion from the results.”Process, accountability and taking ownership for explaining why this matters to the resilience of the business is far more important than the technical…
-
Travel-tinted glasses
Tags: unclassifiedWhen I travel abroad, I become a different person. I find myself doing things i would never do at home. Last week I landed in Billund. It’s small, Danish town, and home of Lego. The hotel was in Aarhus. Perfectly reasonable. Except getting there required taking a coach. A coach. At home, I would rather……
-
North Korean Hackers Target Developers Through npm Packages
Open-source ecosystems power modern software development. Millions of developers rely on public repositories to accelerate innovation and reduce development time. That trust, however, is increasingly being weaponized. New reporting from The Hacker News reveals that North Korean threat actors have published 26 malicious packages to the npm registry in an attempt to compromise developer environments…
-
When Trusted Authentication Enables Privilege Escalation
Active Directory remains the backbone of enterprise identity. Despite years of modernization efforts, many organizations still rely on legacy authentication protocols that were never designed for today’s threat landscape. New reporting from Dark Reading highlights how attackers continue to abuse NTLM and Kerberos within Microsoft Active Directory environments to escalate privileges, move laterally, and maintain…
-
Latest OpenClaw Flaw Can Let Malicious Websites Hijack Local AI Agents
Oasis Security researchers find another security problem with the OpenClaw autonomous AI agent, uncovering a vulnerability dubbed “ClawJacked” that allows malicious websites to silently take full control of a developer’s system and steal data. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/latest-openclaw-flaw-can-let-malicious-websites-hijack-local-ai-agents/ also interesting: 8 security risks overlooked in the rush to implement AI Security…
-
NDSS 2025 Siniel: Distributed Privacy-Preserving zkSNARK
Tags: blockchain, china, computer, computing, conference, cryptography, data, framework, Internet, network, oracle, privacySession 14B: Privacy & Cryptography 2 Authors, Creators & Presenters: Yunbo Yang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Yuejia Cheng (Shanghai DeCareer Consulting Co., Ltd), Kailun Wang (Beijing Jiaotong University), Xiaoguo Li (College of Computer Science, Chongqing University), Jianfei Sun (School of Computing and Information Systems, Singapore Management University), Jiachen…
-
NDSS 2025 Siniel: Distributed Privacy-Preserving zkSNARK
Tags: blockchain, china, computer, computing, conference, cryptography, data, framework, Internet, network, oracle, privacySession 14B: Privacy & Cryptography 2 Authors, Creators & Presenters: Yunbo Yang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Yuejia Cheng (Shanghai DeCareer Consulting Co., Ltd), Kailun Wang (Beijing Jiaotong University), Xiaoguo Li (College of Computer Science, Chongqing University), Jianfei Sun (School of Computing and Information Systems, Singapore Management University), Jiachen…
-
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms-2/ also interesting: SANDWORM_MODE: The Rise of…
-
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms/ also interesting: SANDWORM_MODE: The Rise of…
-
Alabama man pleads guilty to hacking, extorting hundreds of women
A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alabama-man-pleads-guilty-to-hacking-extorting-hundreds-of-women/ also interesting: Top 10 Cybersecurity Predictions for 2026 FBI pierces ‘anonymity’ of cryptocurrency, secret domain registrars in Scattered Spider probe 9…
-
Attacks on GPS Spike Amid US and Israeli War on Iran
New analysis shows that attacks on satellite navigation systems have impacted some 1,100 ships in the Middle East since the US and Israel attacked Iran on February 28. First seen on wired.com Jump to article: www.wired.com/story/gps-attacks-on-ships-spike-amid-the-us-and-israeli-war-on-iran/ also interesting: Iranian-Linked Group Facilitates APT Attacks on Middle East Networks Threat Casting a Nation State Attack on Critical…
-
The Dark Side of Luxury Brands: Fraud and Laundering
Tags: fraudBehind haute couture’s glamour lies an underground economy fueled by counterfeiting, fraud, and money laundering. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/the-dark-side-of-luxury-brands-fraud-and-laundering/ also interesting: Phishing Prevention Framework Reduces Incidents by Half Phishing, Fraud, and Stolen Data: Europol Takes Down Cybercrime Network Task Scams: Trend Micro warnt vor digitalem Job-Betrug How deepfake scams are fueling…
-
UK Businesses told to brace cyber defenses amid Iran conflict risk
NCSC urges all to review posture as escalating tensions increase risk of indirect digital spillover First seen on theregister.com Jump to article: www.theregister.com/2026/03/02/ncsc_security_iran/ also interesting: US military allocated about $30 billion to spend on cybersecurity in 2025 Critical infrastructure under attack: Flaws becoming weapon of choice Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases…
-
University of Hawaiʻi Cancer Center confirms data leak following ransomware attack
Part of the breach was traced back to a Multiethnic Cohort (MEC) Study established in 1993, which used driver’s license numbers and voter registration records to recruit participants. First seen on therecord.media Jump to article: therecord.media/university-of-hawaii-ransomware-data-breach also interesting: Qilin ransomware claims attack at Lee Enterprises, leaks stolen data The most notorious and damaging ransomware of…
-
The future is AC/DC: the Agent Centric Development Cycle
Tags: unclassifiedThe era of Continuous Integration, with its familiar processes and workflows, is rapidly coming to an end. Traditional CI relies on developers making small, frequent, iterative commits. Today, the “continuous” part is changing. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-future-is-ac-dc-the-agent-centric-development-cycle/ also interesting: Would you like an audio recording with that? McDonalds records conversations for…
-
Andres Andreu Named a Finalist for the 2026 SC Awards Resilient CISO Award
Constella is pleased to announce that Andres Andreu, CEO has been named a finalist for the Resilient CISO Award as part of the 2026 SC Awards, presented by SC Media Awards and CyberRisk Alliance, and sponsored by Absolute Security. Now in its 29th year, the SC Awards recognize solutions, organizations, and leaders advancing the security……
-
Florida woman imprisoned for massive Microsoft license fraud scheme
A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/florida-woman-imprisoned-for-massive-microsoft-license-fraud-scheme/ also interesting: Microsoft and Cloudflare execute ‘rugpull’ on massive phishing empire Transnational Organized Crime Gang Steals $1 Million from Ontario…
-
Upcoming Opportunities in Space Investment: What to Know About SpaceX
Guide to the SpaceX IPO date, company profile, pricing method, risks, and how investors can prepare to buy shares when the company goes public soon. First seen on hackread.com Jump to article: hackread.com/upcoming-opportunities-what-to-know-spacex/ also interesting: CISOs must prove the business value of cyber, the right metrics can help Roses Are Red, AI Is Wild: A…
-
Omnichannel Identity Architecture for Retail Enterprises
Tags: identityDiscover how a unified omnichannel identity architecture can revolutionize retail by creating seamless customer experiences, boosting security, and driving revenue. Learn how to conquer fragmented identity systems! First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/omnichannel-identity-architecture-for-retail-enterprises/ also interesting: How to prevent data breaches in enterprise organizations The Imperative of Tunnel-Free Trusted Cloud Edge Architectures Identity-Fundament: Damit…
-
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.”To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web…
-
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by…
-
Ignition Technology sets sights on increasing business
Channel player looks to grow revenues through vendor, geographical and services expansion First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366639470/Ignition-Technology-sets-sights-on-increasing-business also interesting: CISOs’ top 12 cybersecurity priorities for 2025 Beyond Checkboxes: The Essential Need for Robust API Compliance SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats CISO Julie Chatman offers insights for…
-
Hackers and internet outages hit Iran amid US air strikes
Users of a popular Iranian prayer app were flooded with phone notifications as U.S. air strikes hit Iran’s biggest cities, killing the country’s leader. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/02/hackers-and-internet-outages-hit-iran-amid-u-s-air-strikes/ also interesting: Hackers and internet outages hit Iran amid U.S. air strikes TDL001 – Cybersecurity Explained: Privacy, Threats, and the Future – Chester…
-
Die Umsetzung von KI-Agenten in deutschen Unternehmen ist viel geringer als der Hype vermuten lässt
Tags: aiWarum sind manche Unternehmen bei der Nutzung von KI-Agenten erfolgreicher als andere? Mit dieser Frage beschäftigt sich eine aktuelle Studie von Cloudflight unter 150 Entscheiderinnen und Entscheidern aus deutschen Unternehmen. Die Studie zeigt die zentralen Voraussetzungen und Kriterien für einen erfolgreichen Einsatz von KI-Agenten. Erfolg ist nicht hauptsächlich vom Geld abhängig so viel sei […]…
-
2nd March Threat Intelligence Report
Wynn Resorts, a United States-based casino and hotel operator, has confirmed that employee data was accessed following an extortion threat linked to ShinyHunters. The company said operations were not disrupted. Reports indicate […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/2nd-march-threat-intelligence-report/ also interesting: Top 10 cybersecurity misconfigurations: Nail the setup to avoid attacks Google confirms…
-
Iran-linked hackers raise threat level against US, allies
Security researchers warn that hacktivists and state-linked groups are using DDoS, phishing and other tactics against critical infrastructure. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-hackers-threat-level-us-allies/813494/ also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts Iranian Hackers Exploit RMM Tools to Target…
-
University of Mississippi Medical Center reopens clinics after ransomware attack
The academic medical center’s clinics can once again access patient records and are resuming normal operations more than a week after the attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/university-mississippi-medical-center-ransomware-attack/813507/ also interesting: New ransomware group Funksec is quickly gaining traction Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations Identity-First Security: Mitigating…
-
NDSS 2025 SHAFT: Secure, Handy, Accurate And Fast Transformer Inference
Authors, Creators & Presenters: (All Via The Chinese University of Hong Kong) Andes Y. L. Kei, Sherman S. M. Chow PAPER SHAFT: Secure, Handy, Accurate and Fast Transformer Inference Adoption of transformer-based machine learning models is growing, raising concerns about sensitive data exposure. Nonetheless, current secure inference solutions incur substantial overhead due to their extensive…
-
You’re Optimizing for the Wrong AI Engine. And It’s Costing You Enterprise Deals.
Two cybersecurity companies told me they’re optimizing for Perplexity. Their buyer? Enterprise CISOs. The data shows ChatGPT leads at 67% enterprise adoption and 87.4% of AI referral traffic. Only 11% of domains get cited by both ChatGPT and Perplexity. Most B2B companies are optimizing wrong. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/youre-optimizing-for-the-wrong-ai-engine-and-its-costing-you-enterprise-deals/ also interesting:…
-
Expect Iran to Launch Cyber-Attacks Globally, Warns Google Head of Threat Intel
John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-cyber-attacks-global-google/ also interesting: Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat Cybersecurity Snapshot: Tenable Highlights Risks of…
-
Chrome Unveils Plan For Quantum-Safe HTTPS Certificates
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chrome-quantum-safe-https/ also interesting: Google Chrome to let Isolated Web App access sensitive USB devices Google Using Enhanced Encryption to Protect Cookies SHUYAL Emerges: Stealing Login Credentials from 19 Major Browsers CrashFix Chrome Extension Delivers ModeloRAT Using…
-
UK warns of Iranian cyberattack risks amid Middle-East conflict
The United Kingdom’s National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uk-warns-of-iranian-cyberattack-risks-amid-middle-east-conflict/ also interesting: Threat Casting a Nation State Attack on Critical Infrastructure Scenario at CognectCon2025 8 biggest cybersecurity threats manufacturers face CISOs…
-
War in Iran Spiked Oil Prices. Trump Will Decide How High They Go
The conflict in the Middle East is driving oil prices up in a midterm year when Americans are already focused on high energy bills. First seen on wired.com Jump to article: www.wired.com/story/war-in-iran-sent-oil-prices-up-trump-will-decide-how-high-they-go/ also interesting: Caught in the Crossfire: Jordan’s Cyber Defenses Tested Amid Israel-Iran Clashes Iran backdoors planted across Middle East telecoms, government agencies, Google…
-
Anthropic’s Claude hit by widespread service outage (updated)
Anthropic suffered widespread service disruptions Monday morning, leaving thousands of users unable to access its Claude AI platform. Most users reporting problems said they … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/02/anthropic-claude-service-disruptions-worldwide/ also interesting: The Imperative of Tunnel-Free Trusted Cloud Edge Architectures Disaster recovery and business continuity: How to create an effective plan Data…
-
Meta AI in WhatsApp organizes chats and reopens privacy issues
The trend of integrating AI into digital platforms continues. In the latest Android beta release (2.26.9.4), the company has introduced a feature that allows users to organize … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/02/whatsapp-chats-meta-ai-user-privacy/ also interesting: Google Unveils New Intelligent, Real-Time Protections for Android Users Privacy Roundup: Week 3 of Year 2025 Privacy…
-
IPFire ships its 200th core update with a new domain blocklist and kernel upgrade
Network firewall distribution IPFire released Core Update 200, marking the 200th incremental update to the 2.29 branch. The release bundles a kernel upgrade, a beta domain … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/02/pfire-2-29-core-update-200-released/ also interesting: Palo Alto Patches Exploited Firewall DenialService Flaw AI in the Enterprise: Key Findings from the ThreatLabz 2025 AI…
-
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch
Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code…
-
Alleged India-linked espionage campaign targeted Pakistan, Bangladesh, Sri Lanka
An espionage campaign last year targeted government agencies and critical infrastructure operators in Pakistan, Bangladesh and Sri Lanka, the cybersecurity firm Arctic Wolf said. First seen on therecord.media Jump to article: therecord.media/india-pakistan-cyber-campaign-apt also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia US CISA Endorses…
-
Dringlichkeit ist wichtigstes Warnsignal beim Erkennen betrügerischer E-Mails
Die Zeiten, in denen man Phishing-E-Mails an ihrer schlechten Grammatik erkennen konnte, sind vorbei. Eine neue Umfrage von KnowBe4 zeigt, dass Mitarbeiter nicht mehr Rechtschreibfehler im Text, sondern den Versuch, ein Gefühl der Dringlichkeit zu vermitteln, als zuverlässigstes Erkennungsmerkmal für Betrugsversuche ansehen. Die Daten zeigen, dass 34 Prozent der Befragten nun das ‘Erzeugen von Druck,…
-
Hacktivists claim to have hacked Homeland Security to release ICE contract data
A hacking group called Department of Peace said they hacked a specific office within Homeland Security to protest ICE’s mass deportation campaign, and the companies aiding it. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/02/hacktivists-claim-to-have-hacked-homeland-security-to-release-ice-contract-data/ also interesting: 7 biggest cybersecurity stories of 2024 Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach FCC creates national…
-
Scalable Security for Small and Large Enterprises
Building Adaptive Cyber Defense That Grows with Your Business The Scalability Imperative in Modern Cybersecurity Digital transformation has redefined how organizations operate. Cloud adoption, hybrid work models, SaaS platforms, and connected ecosystems have expanded the attack surface across businesses of every size. What differs is not the type of threats faced but the scale First…
-
A fake FileZilla site hosts a malicious download
A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past traditional monitoring. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/a-fake-filezilla-site-hosts-a-malicious-download/ also interesting: NCSC Warns of SHOE RACK Malware Targeting Fortinet Firewalls via DOH SSH Protocols Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup Notepad++ author says…
-
Samsung TVs stop spying on viewers in Texas. Here’s how to disable ACR anywhere
Tags: dataAs Samsung settles a lawsuit over how its smart TVs collect and monetize viewing data using ACR, here’s how the rest of us can limit the data we’re sharing. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/samsung-tvs-stop-spying-on-viewers-in-texas-heres-how-to-disable-acr-anywhere/ also interesting: Skype Illegally handed over data of alleged Paypal & Mastercard Anonymous Hacker Hacktivist Groups Target Indian…
-
Top Data Breaches of February 2026
February 2026 brought a series of significant data breaches spanning automotive, aviation, hospitality, finance, telecom, and media. The incidents were not driven by a single attack method. Some resulted from… The post Top Data Breaches of February 2026 appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/03/top-data-breaches-of-february-2026/ also interesting: How defenders…
-
Psychische Belastung – cURL stoppt Bug-Bounty-Programm wegen KI-generierten Falschmeldungen
First seen on security-insider.de Jump to article: www.security-insider.de/ende-bug-bounty-programm-curl-ki-falschmeldungen-a-7918a628a41352e4cc170987f1788dee/ also interesting: AI Bug Bounty Program Yields 34 Flaws In Open Source Tools Google’s new AI bug bounty program pays up to $30,000 for flaws 9 top bug bounty programs launched in 2025 9 top bug bounty programs launched in 2025
-
Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity
Military strikes in the Middle East escalate cyber ops, raising spillover risks globally for firms First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/middle-east-conflict-surge-global/ also interesting: Frequently Asked Questions About Iranian Cyber Operations US military allocated about $30 billion to spend on cybersecurity in 2025 SCADA Vulnerabilities Allow Attackers to Cause DoS and Gain Elevated Privileges…