Tag: access
-
Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files
Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites. The post Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-perplexity-comet-browser-vulnerability-local-files/
-
Cisco warns of max severity Secure FMC flaws giving root access
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-secure-fmc-flaws-giving-root-access/
-
Keeper Security Launches Native Jira Integrations
Keeper Security has announced two new native Atlassian Jira integrations, which embed security incident response and privileged access governance directly into existing Jira workflows while keeping access enforcement centralised in Keeper. Jira, a widely-used issue and project tracking software, plays a central role in how organisations manage security incidents, operational requests and change workflows. Security alerts…
-
Mississippi medical center reopens clinics hit by ransomware attack
The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mississippi-medical-center-reopens-clinics-hit-by-ransomware-attack/
-
How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ransomware-as-a-service ecosystem tied to initial access brokers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-a-brute-force-attack-unmasked-a-ransomware-infrastructure-network/
-
Chinesische Cyberspionage-Gruppe Silver-Dragon hat Behörden in Europa und Asien im Visier
Die Sicherheitsforensiker von Check Point Research (CPR) haben eine Cyberspionage-kampagne identifiziert, die sich gegen Regierungs-organisationen in Südostasien und Teilen Europas richtet. CPR nennt die Gruppe ‘Silver Dragon>> und nach Einschätzung der Sicherheitsexperten ist sie seit mindestens Mitte 2024 aktiv. Die Kampagne kombiniert Server-Exploits, Phishing, maßgeschneiderte Malware und eine cloudbasierte Befehlsinfrastruktur, um langfristigen Zugriff auf die…
-
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting…
-
China’s Silver Dragon Razes Governments in EU, SE Asia
The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyberespionage activities. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-silver-dragon-governments-eu-se-asia
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
Cybercriminals are now increasingly using Telegram to sell corporate access, malware subscriptions, and stealer logs, turning the messaging app into a fast cybercrime hub. First seen on hackread.com Jump to article: hackread.com/telegram-used-sell-access-malware-stolen-logs/
-
The vulnerability that turns your AI agent against you
Zenity Labs disclosed PleaseFix, a family of critical vulnerabilities affecting agentic browsers, including Perplexity Comet, that allow attackers to hijack AI agents, access … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/agentic-browser-vulnerability-perplexedbrowser/
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems.The names of the packages are listed below -nhattuanbl/lara-helper (37 Downloads)nhattuanbl/simple-queue (29 Downloads)nhattuanbl/lara-swagger (49 Downloads) First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
-
Datenpanne bei Entwicklerstudio: Hacker erbeutet Daten von Star-Citizen-Spielern
Ein Angreifer hatte Zugriff auf Systeme des Star-Citizen-Entwicklers Cloud Imperium Games und konnte unter anderem Spielerdaten abgreifen. First seen on golem.de Jump to article: www.golem.de/news/cloud-imperium-games-hacker-erbeutet-daten-von-star-citizen-spielern-2603-206066.html
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/04/google-chrome-two-week-release-cycle/
-
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.”Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments,” Check Point said…
-
LexisNexis Faces Data Breach After 2.04 GB of Data Allegedly Stolen
A threat actor known as FulcrumSec has claimed responsibility for a data breach at LexisNexis Legal & Professional, the legal information division of RELX Group. The actor alleges they have stolen 2.04 GB of structured data from the company’s Amazon Web Services (AWS) cloud infrastructure. The incident highlights significant security flaws, particularly concerning access controls…
-
Cloud Imperium Games: Hacker erbeutet Daten von Star-Citizen-Spielern
Ein Angreifer hatte Zugriff auf Systeme des Star-Citizen-Entwicklers Cloud Imperium Games und konnte unter anderem Spielerdaten abgreifen. First seen on golem.de Jump to article: www.golem.de/news/cloud-imperium-games-hacker-erbeutet-daten-von-star-citizen-spielern-2603-206066.html
-
How to know you’re a real-deal CSO, and whether that job opening truly seeks one
Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerabilityStriking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…
-
Malicious Laravel Packages Deploy PHP RAT, Grant Remote Access to Attackers
Malicious Packagist packages masquerading as Laravel helper utilities are delivering an obfuscated PHP remote access trojan (RAT) that grants full remote control over compromised hosts. Two of these, nhattuanbl/lara-helper and nhattuanbl/simple-queue, embed a byte”‘for”‘byte identical RAT payload in src/helper.php. A third package, nhattuanbl/lara-swagger, appears benign but hard”‘depends on lara-helper, ensuring the malware is installed transitively whenever developers require the swagger utility.…
-
LexisNexis Investigates Breach, Customer Data Access
LexisNexis confirmed a breach involving legacy servers and limited customer data. The company says there’s no impact to products or services. First seen on crn.com Jump to article: www.crn.com/news/security/2026/lexisnexis-investigates-breach-customer-data-accessed
-
Facebook is experiencing a global outage
Tags: accessFacebook is experiencing a global outage since 4:15″¯PM”¯ET, with users reporting they cannot access their accounts. Facebook users worldwide report problems while attempting to access their accounts. The outage started around 4:15 PM ET. Upon attempting to access their account, users are presented the following message: “Account Temporarily Unavailable. Your account is currently unavailable due…
-
Researchers discover suite of agentic AI browser vulnerabilities
Through a simple calendar invite, AI browsers like Comet can be directed to access local file systems, browse directories, open and read files, and exfiltrate data. First seen on cyberscoop.com Jump to article: cyberscoop.com/agentic-ai-browsers-allow-hijacking-zenity-labs-comet/
-
Human vs. AI Identity: Why AI Agents Are Breaking Identity
4 min readTraditional IAM was built for predictable workloads. Learn why AI agents demand a new approach to identity, access control, and credential management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/human-vs-ai-identity-why-ai-agents-are-breaking-identity/
-
Cybersecurity Leadership: Identity, Access, Complexity
CEOs and CISOs on Dealing With the ‘Work From Anywhere’ Challenge. In this era of work from anywhere, identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in. First seen on govinfosecurity.com Jump to…