Tag: access
-
Mississippi medical center reopens clinics hit by ransomware attack
The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mississippi-medical-center-reopens-clinics-hit-by-ransomware-attack/
-
How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ransomware-as-a-service ecosystem tied to initial access brokers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-a-brute-force-attack-unmasked-a-ransomware-infrastructure-network/
-
Chinesische Cyberspionage-Gruppe Silver-Dragon hat Behörden in Europa und Asien im Visier
Die Sicherheitsforensiker von Check Point Research (CPR) haben eine Cyberspionage-kampagne identifiziert, die sich gegen Regierungs-organisationen in Südostasien und Teilen Europas richtet. CPR nennt die Gruppe ‘Silver Dragon>> und nach Einschätzung der Sicherheitsexperten ist sie seit mindestens Mitte 2024 aktiv. Die Kampagne kombiniert Server-Exploits, Phishing, maßgeschneiderte Malware und eine cloudbasierte Befehlsinfrastruktur, um langfristigen Zugriff auf die…
-
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting…
-
China’s Silver Dragon Razes Governments in EU, SE Asia
The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyberespionage activities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-silver-dragon-governments-eu-se-asia
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
Cybercriminals are now increasingly using Telegram to sell corporate access, malware subscriptions, and stealer logs, turning the messaging app into a fast cybercrime hub. First seen on hackread.com Jump to article: hackread.com/telegram-used-sell-access-malware-stolen-logs/
-
The vulnerability that turns your AI agent against you
Zenity Labs disclosed PleaseFix, a family of critical vulnerabilities affecting agentic browsers, including Perplexity Comet, that allow attackers to hijack AI agents, access … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/agentic-browser-vulnerability-perplexedbrowser/
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Datenpanne bei Entwicklerstudio: Hacker erbeutet Daten von Star-Citizen-Spielern
Ein Angreifer hatte Zugriff auf Systeme des Star-Citizen-Entwicklers Cloud Imperium Games und konnte unter anderem Spielerdaten abgreifen. First seen on golem.de Jump to article: www.golem.de/news/cloud-imperium-games-hacker-erbeutet-daten-von-star-citizen-spielern-2603-206066.html
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.”Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,” Check Point said…
-
LexisNexis Faces Data Breach After 2.04 GB of Data Allegedly Stolen
A threat actor known as FulcrumSec has claimed responsibility for a data breach at LexisNexis Legal & Professional, the legal information division of RELX Group. The actor alleges they have stolen 2.04 GB of structured data from the company’s Amazon Web Services (AWS) cloud infrastructure. The incident highlights significant security flaws, particularly concerning access controls…
-
Cloud Imperium Games: Hacker erbeutet Daten von Star-Citizen-Spielern
Ein Angreifer hatte Zugriff auf Systeme des Star-Citizen-Entwicklers Cloud Imperium Games und konnte unter anderem Spielerdaten abgreifen. First seen on golem.de Jump to article: www.golem.de/news/cloud-imperium-games-hacker-erbeutet-daten-von-star-citizen-spielern-2603-206066.html
-
How to know you’re a real-deal CSO, and whether that job opening truly seeks one
Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerabilityStriking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…
-
Malicious Laravel Packages Deploy PHP RAT, Grant Remote Access to Attackers
Malicious Packagist packages masquerading as Laravel helper utilities are delivering an obfuscated PHP remote access trojan (RAT) that grants full remote control over compromised hosts. Two of these, nhattuanbl/lara-helper and nhattuanbl/simple-queue, embed a byte”‘for”‘byte identical RAT payload in src/helper.php. A third package, nhattuanbl/lara-swagger, appears benign but hard”‘depends on lara-helper, ensuring the malware is installed transitively whenever developers require the swagger utility.…
-
LexisNexis Investigates Breach, Customer Data Access
LexisNexis confirmed a breach involving legacy servers and limited customer data. The company says there’s no impact to products or services. First seen on crn.com Jump to article: www.crn.com/news/security/2026/lexisnexis-investigates-breach-customer-data-accessed
-
Facebook is experiencing a global outage
Tags: accessFacebook is experiencing a global outage since 4:15″¯PM”¯ET, with users reporting they cannot access their accounts. Facebook users worldwide report problems while attempting to access their accounts. The outage started around 4:15 PM ET. Upon attempting to access their account, users are presented the following message: “Account Temporarily Unavailable. Your account is currently unavailable due…
-
Researchers discover suite of agentic AI browser vulnerabilities
Through a simple calendar invite, AI browsers like Comet can be directed to access local file systems, browse directories, open and read files, and exfiltrate data. First seen on cyberscoop.com Jump to article: cyberscoop.com/agentic-ai-browsers-allow-hijacking-zenity-labs-comet/
-
Human vs. AI Identity: Why AI Agents Are Breaking Identity
4 min readTraditional IAM was built for predictable workloads. Learn why AI agents demand a new approach to identity, access control, and credential management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/human-vs-ai-identity-why-ai-agents-are-breaking-identity/
-
Cybersecurity Leadership: Identity, Access, Complexity
CEOs and CISOs on Dealing With the ‘Work From Anywhere’ Challenge. In this era of work from anywhere, identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in. First seen on govinfosecurity.com Jump to…
-
AI Emerges as the New Insider Threat: Thales Releases the 2026 Data Threat Report
Tags: access, ai, api, attack, business, cloud, compliance, container, control, credentials, cyber, data, deep-fake, encryption, governance, identity, infrastructure, risk, saas, skills, software, strategy, theft, threat, toolAI Emerges as the New Insider Threat: Thales Releases the 2026 Data Threat Report madhav Tue, 03/03/2026 – 15:00 Over the past year, I’ve watched AI move to operational reality across nearly every industry we work with. The conversation is no longer about whether AI will transform business. It already has. Cybersecurity Todd Moore –…
-
DJI-Staubsaugerroboter gehackt: Tüftler erlangt Zugriff auf tausende Geräte und Live-Kameras
Tags: accessFirst seen on t3n.de Jump to article: t3n.de/news/dji-staubsaugerroboter-gehackt-1729729/
-
Chrome flaw let extensions hijack Gemini’s camera, mic, and file access
Researchers found a now-patched vulnerability in “Live in Chrome” that allowed a Chrome extension to inherit Gemini’s permissions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/chrome-flaw-let-extensions-hijack-geminis-camera-mic-and-file-access/
-
SloppyLemming Espionage Campaign Targets Pakistan, Bangladesh with BurrowShell Backdoor and Rust RAT
SloppyLemming, an India-linked espionage group also known as Outrider Tiger and Fishing Elephant, has run a year-long cyber campaign against high”‘value targets in Pakistan and Bangladesh using a new BurrowShell backdoor and a Rust-based remote access tool (RAT). This activity builds directly on earlier operations exposed by Cloudflare’s CloudForce One in 2024. However, it shows…
-
Chrome Gemini panel became privilege escalator for rogue extensions
High-severity flaw let malicious add-ons access system via browser’s embedded AI feature First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/google_chrome_bug_gemini/