Collecting Cyber-News from over 60 sources

Tag: cybersecurity

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Mar 27, 2026 10:30 PM

Tags: ai, cybersecurity, data, exploit, flaw, framework, open-source, vulnerability

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history.Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of First seen on thehackernews.com Jump to…
Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google

Mar 27, 2026 10:30 PM

Tags: computing, cryptography, cybersecurity, encryption, google, threat

‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/quantum-encryption-q-day-closer/
Claude Mythos and the Cybersecurity Risk That Was Already Here

Mar 27, 2026 10:30 PM

Tags: ai, cyber, cybersecurity, data, data-breach, leak, risk, switch

<div cla On March 26, Anthropic confirmed the existence of Claude Mythos, an unreleased AI model described internally as “a step change” in capabilities, after a data leak exposed approximately 3,000 unpublished assets in a publicly searchable, unencrypted data store (Fortune, March 26, 2026). The leak was not a sophisticated intrusion. A toggle switch in…
RSAC Focuses Cybersecurity Insights, Tech, and Community in One Place

Mar 27, 2026 10:30 PM

Tags: conference, cybersecurity, data, network, ransomware, service, technology, tool

The RSAC conference has once again descended upon San Francisco and delivered an event that brings together the largest collection of industry leaders, technologies, and cybersecurity community events! Over the course of several days, attendees accessed exceptional keynotes, thought-leading expert sessions, and an unmatched technology expo. During the evenings, there were countless private events, get-togethers,…
GPT Can’t Trace an Attack Chain. A Purpose-Built Cybersecurity LLM Can.

Mar 27, 2026 10:30 PM

Tags: attack, cybersecurity, data, LLM, soc

A purpose-built cybersecurity LLM is trained on security data from the ground up, not a general-purpose model with a security prompt. Here’s why the architecture matters for SOC operations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/gpt-cant-trace-an-attack-chain-a-purpose-built-cybersecurity-llm-can/
The Cyber Express Weekly Roundup: Cyberattacks, AI Risks, and Geopolitical Cyber Threats

Mar 27, 2026 10:30 PM

Tags: ai, attack, cyber, cyberattack, cybersecurity, ransomware, risk, threat

In this week’s weekly roundup, The Cyber Express brings together the latest developments in global cybersecurity news, from high-profile ransomware attacks to emerging risks in AI adoption and geopolitical cyber activity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/the-cyber-express-weekly-roundup-march-27/
After Funding Jolt, EU Moves to Back the CVE Vulnerability System

Mar 27, 2026 10:30 PM

Tags: cve, cyber, cybersecurity, mitre, vulnerability

The European Union is stepping forward to reinforce what many experts describe as a bedrock cyber vulnerability tracking system, as questions linger over the long-term sustainability of the Common Vulnerabilities and Exposures Program. The initiative, widely relied upon by cybersecurity professionals worldwide, has come under renewed scrutiny following a contracting scare involving MITRE, prompting discussions about diversification…
U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog

Mar 27, 2026 10:30 PM

Tags: cisa, credentials, cve, cybersecurity, exploit, flaw, infrastructure, kev, malicious, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Aquasecurity Trivy flaw, tracked as CVE-2026-33634 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. On March 19, 2026, attackers used compromised credentials to release a malicious…
CISA Flags Critical Flaw in Grassroots DICOM Imaging Library

Mar 27, 2026 10:30 PM

Tags: cisa, cybersecurity, exploit, flaw, healthcare, infrastructure, open-source, service

Researcher: If Exploited, Bug Could Crash Hospital Medical Imaging Systems. The Cybersecurity Infrastructure and Security Agency is warning of a high severity in Grassroots DICOM, an open-source library commonly used for medical imaging products, that if exploited could allow an attacker to send a specially crafted file resulting in a denial-of-service situation. First seen on…
Critical Vulnerabilities, Insider Threats, and AI-Driven Cybercrime Define the Week

Mar 27, 2026 10:30 PM

Tags: ai, cybercrime, cybersecurity, threat, vulnerability

Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/critical-vulnerabilities-insider-threats-and-ai-driven-cybercrime-define-the-week/
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation

Mar 27, 2026 10:30 PM

Tags: cisa, cve, cybersecurity, exploit, infrastructure, kev, rce, remote-code-execution, supply-chain, vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/cve-2026-33017-cve-2026-33634-exploited/
Google Moves Q-Day Estimate to 2029 Industry Experts Say the Clock Is Already Ticking

Mar 27, 2026 10:30 PM

Tags: computing, cryptography, cybersecurity, google, Hardware

Google has officially set 2029 as its target date for completing a full migration to post-quantum cryptography (PQC), in what the company describes as a necessary acceleration driven by faster-than-expected advances in quantum computing hardware, error correction and factoring resource estimates. The announcement, published on Google’s blog yesterday, has sent shockwaves through the cybersecurity community,…
CISA Adds Critical Aquasecurity Trivy Scanner Vulnerability to KEV Catalog

Mar 27, 2026 10:30 PM

Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, malicious, open-source, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targets continuous integration and continuous deployment (CI/CD) environments. Because Trivy is a widely adopted open-source vulnerability scanner used natively within…
Red Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized Access

Mar 27, 2026 10:30 PM

Tags: access, attack, cyber, cybersecurity, data, exploit, linux, malicious, malware, supply-chain, threat, tool, unauthorized

Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popularxzcompression utility. Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to affected Linux systems. Technical Analysis of the Exploit The xz utility is a fundamental data compression format…
China Upgrades the Backdoor It Uses to Spy on Telcos Globally

Mar 27, 2026 10:30 PM

Tags: apt, backdoor, china, cybersecurity, malware, spy

Chinese APT Red Menshen’s super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-upgrades-backdoor-spy-telcos
ODNI tackles AI, threat hunting, app cybersecurity in year-one tech review

Mar 27, 2026 12:47 AM

Tags: ai, cybersecurity, intelligence, threat

It’s the first significant cybersecurity-related announcement under Director of National Intelligence Tulsi Gabbard. First seen on cyberscoop.com Jump to article: cyberscoop.com/odni-tackles-ai-threat-hunting-app-cybersecurity-in-year-one-tech-review/
How do NHIs deliver value in cloud environments?

Mar 26, 2026 11:49 PM

Tags: cloud, cybersecurity

Are You Leveraging the Full Potential of Non-Human Identities? Non-Human Identities (NHIs) are rapidly gaining importance in digital security, and their role is particularly critical in managing cloud environments. Just as machine identities have become an integral part of cybersecurity, so too have NHIs, which are essentially machine identities that hold the key to accessing……
U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog

Mar 26, 2026 11:49 PM

Tags: ai, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, tool, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2026-33017 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows. CVE-2026-33017 is a…
Are you proactive in managing AI risks?

Mar 26, 2026 11:49 PM

Tags: ai, cybersecurity, risk, vulnerability

Are Your Non-Human Identities Adequately Secured? How secure is your organization’s management of non-human identities? Non-human identities (NHIs) are integral components of cybersecurity frameworks. They are not mere accessories but foundational elements that require diligent oversight and sophisticated security solutions. To ensure robust security measures, professionals across industries must address the vulnerabilities presented by NHIs….…
Why Healthcare Faces Rising Risks From Shadow AI

Mar 26, 2026 10:47 PM

Tags: ai, ciso, cybersecurity, governance, healthcare, risk

Zscaler’s Ravi Monga on Managing AI Risks in Clinical Environments. Healthcare organizations are increasingly adopting AI for efficiency and patient care, but governance is lagging behind. Zscaler’s Healthcare CISO Ravi Monga explains why visibility into AI usage, including shadow AI, has become the sector’s most urgent cybersecurity challenge. First seen on govinfosecurity.com Jump to article:…
BSidesSLC 2025 Guerrilla GRC Helping Small Businesses Get Cyber Smart

Mar 26, 2026 9:47 PM

Tags: cyber, cybersecurity, grc

Author, Creator & Presenter: Joshua Boyles – VP Of Cybersecurity At LHMCO) Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-guerrilla-grc-helping-small-businesses-get-cyber-smart/
Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles

Mar 26, 2026 9:47 PM

Tags: cybersecurity, threat

More than a decade since the 2015 Jeep hack, the cybersecurity of vehicles remains of the utmost importance. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/automotive-cybersecurity-threats-grow-connected-autonomous-vehicles
The CISO’s guide to responding to shadow AI

Mar 26, 2026 8:47 PM

Tags: ai, breach, business, ciso, cybersecurity, data, governance, guide, mitigation, privacy, risk, strategy, technology, tool, training, update

Understand why AI is being used: If CISOs want to manage shadow AI effectively, they need to understand why it keeps popping up. The immediate reaction may be to shut down the use of shadow AI, but there must be more to the response than that.”Our focus is understanding why they’re using it, educating them…
Channel Has ‘Huge’ Role In Securing AI Agent Revolution: Top Execs At RSAC 2026

Mar 26, 2026 8:47 PM

Tags: ai, business, crowdstrike, cybersecurity, network, skills

The widespread adoption of AI agents may be an unprecedented opportunity for channel partners to tap into their unique skills and expertise to create a fast-growth business, top executives from cybersecurity vendors including CrowdStrike, SentinelOne, Palo Alto Networks told CRN at RSAC 2026. First seen on crn.com Jump to article: www.crn.com/news/security/2026/channel-has-huge-role-in-securing-ai-agent-revolution-top-execs-at-rsac-2026
Why Misaligned Incentives Are the CISO’s Biggest Problem

Mar 26, 2026 8:47 PM

Tags: ai, cio, ciso, cyber, cybersecurity, microsoft

Jim DuBois, Former Microsoft CIO and CISO, on Incentives, AI and Cyber’s Future. As AI reshapes cybersecurity, aligning security and innovation teams is more critical than ever. Former Microsoft CIO and CISO Jim DuBois says misaligned incentives create conflict, and fixing that is what lets organizations move fast without compromising security. First seen on govinfosecurity.com…
New Langflow flaw actively exploited to hijack AI workflows

Mar 26, 2026 8:47 PM

Tags: ai, cisa, cybersecurity, exploit, flaw, hacker, infrastructure, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/
Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection

Mar 26, 2026 7:47 PM

Tags: access, ai, attack, business, chatgpt, corporate, cyber, cybersecurity, data, data-breach, defense, detection, google, group, injection, LLM, malicious, monitoring, openai, privacy, risk, strategy, threat, unauthorized

Tenable One’s new Model Refusal Detection turns an LLM’s refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky user behaviors before they escalate into a breach. Key takeaways: AI has shifted traditional cyber detection methods away…
MIWIC26: Kerlyn Manyi, Cybersecurity Practitioner, Nucleus Systems Founder of CyberFoundHer Initiative

Mar 26, 2026 7:47 PM

Tags: cyber, cybersecurity

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are…
MIWIC26: Kerlyn Manyi, Cybersecurity Practitioner, Nucleus Systems Founder of CyberFoundHer Initiative

Mar 26, 2026 7:47 PM

Tags: cyber, cybersecurity

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are…
Former NSA chiefs worry American offensive edge in cybersecurity is slipping

Mar 26, 2026 6:47 PM

Tags: cyber, cyberattack, cybersecurity, data-breach, military

A systemic numbness to cyberattacks has exposed the U.S. economy and its institutions to ever-widening threats. Retired four-star military officials worry the worst day in cyber is yet to come. First seen on cyberscoop.com Jump to article: cyberscoop.com/former-nsa-chiefs-offensive-edge-rsac/