Collecting Cyber-News from over 60 sources

Tag: access

Court Blocks Trump’s Anthropic Ban as AI Dispute Continues

Mar 27, 2026 10:30 PM

Tags: access, ai, intelligence, technology

Temporary Ruling Preserves Pentagon’s AI Access as Courts Weigh AI Guardrail Limits. A federal judge’s decision to temporarily block the Trump administration from blacklisting the artificial intelligence firm Anthropic allows federal agencies and the Pentagon to continue using and evaluating its technology in the near term. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/court-blocks-trumps-anthropic-ban-as-ai-dispute-continues-a-31243
Court Blocks Trump’s Anthropic Ban as AI Dispute Continues

Mar 27, 2026 10:30 PM

Tags: access, ai, intelligence, technology

Temporary Ruling Preserves Pentagon’s AI Access as Courts Weigh AI Guardrail Limits. A federal judge’s decision to temporarily block the Trump administration from blacklisting the artificial intelligence firm Anthropic allows federal agencies and the Pentagon to continue using and evaluating its technology in the near term. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/court-blocks-trumps-anthropic-ban-as-ai-dispute-continues-a-31243
Ajax data breach exposed season tickets, supporter bans open to tampering

Mar 27, 2026 10:30 PM

Tags: access, breach, data, data-breach, email, hacker

AFC Ajax, the Dutch football club from Amsterdam, disclosed that an unknown hacker gained access to parts of its IT systems and obtained the email addresses of a few hundred … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/afc-ajax-data-breach-supporter-bans/
BIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash Servers

Mar 27, 2026 10:30 PM

Tags: access, control, cyber, dns, exploit, flaw, Internet, network, software, vulnerability

The Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9 Domain Name System (DNS) software suite. If left unpatched, remote attackers could exploit these weaknesses to bypass access control lists, consume excessive system resources, or crash DNS servers entirely. Network administrators must apply the provided…
Red Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized Access

Mar 27, 2026 10:30 PM

Tags: access, attack, cyber, cybersecurity, data, exploit, linux, malicious, malware, supply-chain, threat, tool, unauthorized

Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popularxzcompression utility. Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to affected Linux systems. Technical Analysis of the Exploit The xz utility is a fundamental data compression format…
Windows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM Access

Mar 27, 2026 10:30 PM

Tags: access, cve, cyber, exploit, flaw, microsoft, service, vulnerability, windows

Microsoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper permission handling. The vulnerability was so significant that Microsoft chose to remove the affected feature entirely…
Hackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent Access

Mar 27, 2026 10:30 PM

Tags: access, attack, backdoor, china, cyber, espionage, hacker, linux, malware, network, threat

A China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor. Instead of launching noisy, disruptive attacks, these hackers are building dormant sleeper cells in the telecom backbone.…
What Is CIAM? A Complete Guide to Customer Identity and Access Management in 2026

Mar 27, 2026 10:30 PM

Tags: access, data, guide, identity, technology

CIAM is the technology layer that decides how your customers log in, what they can access, and how their data is protected. Here’s a complete breakdown of what it is, how it works, and why it’s become a $14 billion market. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/what-is-ciam-a-complete-guide-to-customer-identity-and-access-management-in-2026/
Espionage campaign targets telecom with stealthy Linux-based backdoor

Mar 27, 2026 10:30 PM

Tags: access, backdoor, china, espionage, government, infrastructure, linux

A China-nexus actor has been able to gain long-term access in a bid to gather intel on government agencies and critical infrastructure providers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/espionage-campaign-telecom-linux-backdoor-China/815978/
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Mar 27, 2026 10:30 PM

Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windows

credentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Mar 27, 2026 10:30 PM

Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windows

credentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
8 steps CISOs can take to empower their teams

Mar 27, 2026 10:30 PM

Tags: access, business, ciso, compliance, control, corporate, edr, international, jobs, metric, risk, skills, software, technology, tool, training, update

Once when we were rolling out a well-known EDR tool, I knew the settings weren’t tight enough, nor were the received updates applied fast enough. So I asked two people to own this, come up with suggestions for tightening the screws, and guarantee a successful rollout on multiple OSes in parallel. The phased approach took…
Wordlist-Angriffe Wenn Cyberkriminelle gezielt Unternehmensbegriffe nutzen

Mar 27, 2026 10:30 PM

Tags: access, cyberattack

Ein Krankenhaus setzt strenge Passwortregeln um: mindestens zwölf Zeichen, Groß- und Kleinbuchstaben, Zahlen und Sonderzeichen; auf den ersten Blick eine solide Sicherheitsrichtlinie. Doch Angreifer testen mittlerweile keine zufälligen Kombinationen mehr, sondern Varianten wie ‘Universitätsklinikum2026!” oder ‘Rehaklinik#123″. Und nur wenige Minuten später haben die Cyberangreifer bereits Zugriff auf mehrere Accounts. Das Beispiel zeigt ein häufig unterschätztes…
NYC Health Notifying Patients of 2 Third-Party Hacks

Mar 26, 2026 10:47 PM

Tags: access, breach, data, data-breach, hacker, hacking, healthcare

Incidents Are Unrelated, Says NYC Health + Hospitals. Hackers had access to New York City’s municipal healthcare system for nearly three months before being detected, stealing data of an undisclosed number of patients. The incident is the second hacking-related data breach within weeks involving a third-party firm hired by NYC Health + Hospitals. First seen…
Alleged RedLine malware developer extradited to US, faces up to 30 years

Mar 26, 2026 8:47 PM

Tags: access, computer, fraud, malware

Hambardzum Minasyan appeared in an Austin federal court on Tuesday and was indicted on charges of conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and conspiracy to commit money laundering. First seen on therecord.media Jump to article: therecord.media/redline-malware-developer-extradited-to-us-faces-30-years
Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection

Mar 26, 2026 7:47 PM

Tags: access, ai, attack, business, chatgpt, corporate, cyber, cybersecurity, data, data-breach, defense, detection, google, group, injection, LLM, malicious, monitoring, openai, privacy, risk, strategy, threat, unauthorized

Tenable One’s new Model Refusal Detection turns an LLM’s refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky user behaviors before they escalate into a breach. Key takeaways: AI has shifted traditional cyber detection methods away…
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

Mar 26, 2026 7:47 PM

Tags: access, china, espionage, government, network, spy, threat

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks.The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that’s also tracked as Earth Bluecrow, First seen on…
IDrive for Windows Vulnerability Allows Attackers to Escalate Privileges and Gain Unauthorized Access

Mar 26, 2026 10:46 AM

Tags: access, backup, cloud, cve, cyber, flaw, unauthorized, vulnerability, windows

A critical security flaw has been identified in the IDrive Cloud Backup Client for Windows, exposing users to local privilege escalation attacks. Tracked as CVE-2026-1995, this vulnerability allows authenticated, low-privilege attackers to execute arbitrary code with the highest system permissions, potentially leading to a complete compromise of the targeted device. IDrive is a widely used…
Fake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain Attack

Mar 26, 2026 9:46 AM

Tags: access, attack, cyber, malware, open-source, rat, social-engineering, supply-chain, threat

Fake npm install messages are the latest social engineering trick in the open source supply chain, with attackers abusing npm post”‘install scripts to silently deploy a crypto”‘stealing remote access trojan (RAT) in what ReversingLabs is calling the “Ghost campaign.” By wrapping their payloads in realistic but entirely bogus npm install logs, the threat actors turn…
Biometrie-Daten: Airlines sollen Zugriff auf Pass-Chips erhalten

Mar 26, 2026 9:46 AM

Tags: access, governance

Die Bundesregierung will privaten Fluglinien erlauben, biometrische Fotos von RFID-Chips im Ausweis auszulesen – für eine Minute Zeitersparnis. First seen on golem.de Jump to article: www.golem.de/news/biometrie-daten-airlines-sollen-zugriff-auf-pass-chips-erhalten-2603-206936.html
Who owns AI agent access? At most companies, nobody knows

Mar 26, 2026 6:46 AM

Tags: access, ai, identity, infrastructure

AI agents are operating across production enterprise environments at scale, and the identity infrastructure managing their access has not kept up with their deployment. A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/26/ciso-ai-agent-identity-security-report/
New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert

Mar 26, 2026 1:46 AM

Tags: access, advisory, attack, business, china, citrix, credentials, cve, cvss, data-breach, defense, email, exploit, flaw, group, intelligence, Internet, leak, network, threat, update, vpn, vulnerability

CSO in an email, because the hole allows an unauthenticated remote attacker to leak potentially sensitive information from the appliance’s memory.”This vulnerability is one that threat actors and researchers alike are paying attention to,” he said.The vulnerability carries similar ramifications to 2023’s CitrixBleed and 2025’s CitrixBleed2 memory leak vulnerabilities, Emmons added. Then, unauthenticated attackers with…
AI Has Created a New Attack Surface and Encryption Is Not Enough

Mar 25, 2026 5:49 PM

Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability

<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
Entro Security Launches AGA to Govern AI Agents and Non-Human Identities Across the Enterprise

Mar 25, 2026 5:49 PM

Tags: access, ai, conference, governance, identity

Entro Security has announced Agentic Governance & Administration (AGA), a new pillar of its platform designed to help security and identity teams govern AI agents and AI access paths across enterprise systems. The company is showcasing AGA at RSA Conference 2026. The core problem AGA addresses is one that traditional Identity Governance and Administration (IGA)..…
AI Has Created a New Attack Surface and Encryption Is Not Enough

Mar 25, 2026 5:49 PM

Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability

<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
Cyera Ships Browser Shield, Data Lineage, and MCP to Close AI Data Security Gaps

Mar 25, 2026 4:47 PM

Tags: access, ai, data, tool

Cyera announced three new capabilities at RSAC 2026 on March 24: Browser Shield for AI, Data Lineage for files, and Cyera MCP. Together, they address two of the most pressing blind spots in enterprise AI security, what employees are sending into AI tools, and what happens to data after AI agents get access to it……
ConductorOne Launches AI Access Management to Govern AI Tools, Agents, and MCP Connections

Mar 25, 2026 4:47 PM

Tags: access, ai, governance, identity, tool

ConductorOne announced AI Access Management on March 19, a new product extension that extends its identity governance platform to cover AI tools, AI agents, and Model Context Protocol (MCP) connections across the enterprise. The announcement came ahead of RSAC 2026 in San Francisco. The core problem ConductorOne is addressing is shadow AI proliferation. According to..…
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Mar 25, 2026 4:47 PM

Tags: access, browser, chrome, crypto, cybersecurity, data, framework, google, malware, rat, theft

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs.”It logs keystrokes, dumps cookies and session tokens, captures screenshots, and First seen…
You Can’t Monetize What You Can’t See: AI Traffic Detection for Publishers

Mar 25, 2026 3:48 PM

Tags: access, ai, control, detection, risk, theft

You can’t monetize what you can’t see. Learn how DataDome’s AI traffic detection helps publishers control access, stop content theft, and turn risk into revenue. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/you-cant-monetize-what-you-cant-see-ai-traffic-detection-for-publishers/
Paid AI Accounts Are Now a Hot Underground Commodity

Mar 25, 2026 3:48 PM

Tags: access, ai, cybercrime, email, supply-chain

AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and resell premium AI access at scale. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/paid-ai-accounts-are-now-a-hot-underground-commodity/