Tag: infrastructure
-
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/
-
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still fragmented by platform. For security leaders, this creates a First seen on…
-
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents.In March 2026, the TeamPCP threat actor proved just how valuable developer machines are. Their supply chain attack on First…
-
Hackers threaten to leak data after cyberattack on German party Die Linke
Die Linke confirmed in late March that its IT infrastructure had been hit by what it described as a “serious cyberattack.” First seen on therecord.media Jump to article: therecord.media/hackers-threaten-to-leak-german-political-party-data
-
Cybersecurity Leaders to Watch in California’s Artificial Intelligence Industry
California’s artificial intelligence industry includes security leaders working across frontier model development, enterprise AI platforms, data infrastructure, observability, and AI-native software products. The executives in this feature bring experience from high-growth startups, major technology companies, cloud-native environments, offensive security, incident response, compliance, and product security. Their backgrounds reflect how AI security leadership now spans not…The…
-
Trump Budget Proposal Would Cut Hundreds of Millions More From CISA
What happened A new federal budget proposal would cut hundreds of millions of dollars more from CISA, sharply reducing funding for the agency’s cybersecurity and critical infrastructure work. The fiscal 2027 proposal would reduce CISA’s total by $707 million, according to the budget summary, though another budget document points to a smaller but still significant…The…
-
U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in TrueConf Client, tracked as CVE-2026-3502 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. TrueConf is a videoconferencing platform often used in secure, offline…
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
Cisco fixes critical IMC auth bypass present in many products
Tags: access, ai, api, apt, attack, authentication, cisco, computing, credentials, cybersecurity, dns, email, exploit, firewall, firmware, flaw, group, infrastructure, linux, malicious, monitoring, network, password, ransomware, risk, router, vulnerability, zero-day[ Related: More Cisco news and insights ] The Cisco IMC is a baseboard management controller (BMC), a dedicated controller embedded into server motherboards with its own RAM and network interface that gives administrators monitoring and management capabilities as if they were physically connected to the server with a keyboard, monitor, and mouse (KVM). Because BMCs run…
-
Claude Source Code Leak Highlights Big Supply Chain Missteps
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/source-code-leaks-highlight-lack-supply-chain-oversight
-
Ukraine warns Russian hackers are revisiting past breaches to prepare new attacks
Tags: access, attack, breach, credentials, exploit, hacker, infrastructure, russia, ukraine, vulnerabilityIn a new report, CERT-UA said attackers are revisiting previously breached infrastructure to check whether access is still available, whether exploited vulnerabilities have been patched and whether previously obtained credentials remain valid. First seen on therecord.media Jump to article: therecord.media/ukraine-warns-russian-hackers-revisiting-old-attacks
-
Source Code Leaks Highlight Lack of Supply Chain Oversight
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/source-code-leaks-highlight-lack-supply-chain-oversight
-
Infrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former Employer
Daniel Rhyne, a 59-year-old former core infrastructure engineer, pleaded guilty on April 1, 2026, to federal hacking and extortion charges. He admitted to locking out administrators and sabotaging systems at his former New Jersey-based employer in an attack that began in November 2023. Rhyne entered his plea before U.S. District Judge Michael A. Shipp in…
-
CISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the TrueConf Client to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows clear evidence that threat actors are actively exploiting the bug in real-world attacks. The Vulnerability (CVE-2026-3502) Tracked as CVE-2026-3502, the flaw is categorized as a >>Download of…
-
12 cyber industry trends revealed at RSAC 2026
Tags: access, ai, application-security, authentication, awareness, business, ciso, cloud, control, cyber, cybersecurity, data, deep-fake, defense, detection, edr, endpoint, firewall, gartner, governance, identity, infrastructure, insurance, metric, microsoft, monitoring, mssp, phishing, programming, risk, risk-management, service, siem, skills, soc, software, startup, technology, threat, tool, trainingLegacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud…
-
Man admits to locking thousands of Windows devices in extortion plot
A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/man-admits-to-extortion-plot-locking-coworkers-out-of-thousands-of-windows-devices/
-
Trivy supply chain attack enabled European Commission cloud breach
CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/european-commission-cloud-breach/
-
Phorpiex Botnet Fuels Ransomware, Sextortion, and Crypto-Theft Attacks
Hackers are abusing the long-running Phorpiex (Trik) botnet to run large-scale ransomware, sextortion, and crypto-clipping operations, turning one infrastructure into a multi-purpose crime machine. A newer variant called Twizt gives the botnet a hybrid architecture that combines traditional command-and-control (C2) with a peer”‘to”‘peer (P2P) protocol, allowing infected machines to share commands and node lists directly with each…
-
Microsoft releases open-source toolkit to govern autonomous AI agents
AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/microsoft-ai-agent-governance-toolkit/
-
North Korea Uses GitHub as C2 in New LNK Phishing Campaign
A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North Korearelated actors, shows a clear evolution from earlier, less obfuscated XenoRAT-delivery campaigns observed since 2024. In…
-
Gmail’s New Rename Feature Could Add Spam and Phishing to Your Inbox
As of March 31st, Google is allowing users to change their primary Gmail address username. Although a nice feature for those who created unfortunate names originally, it may also undermine spam and phishing blocking. The feature is intended to allow the user account to be changed while keeping the underlying account intact. The original name…
-
US Bans All Foreign-Made Consumer Routers
This is for new routers; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt…
-
How Treating AI Agents as Identities Can Reduce Enterprise AI Risk
AI agents are no longer experimental. They’re running production workloads, calling APIs, querying databases, provisioning infrastructure, and making decisions across cloud environments. Ironically these agents often end up with more access than the developers who built them. They operate with real credentials, real permissions, and real consequences when something goes wrong. What most enterprise security……
-
Threat Detection Software
Tags: ai, api, attack, automation, cloud, cybersecurity, detection, infrastructure, intelligence, saas, software, threatThreat detection software has become an essential pillar of modern cybersecurity as organizations face a rapidly evolving threat landscape driven by automation, artificial intelligence, and increasingly sophisticated attack techniques. In today’s hyperconnected digital environment, businesses rely heavily on cloud platforms, remote work infrastructure, SaaS applications, APIs, and interconnected systems that significantly expand the attack surface.…
-
EvilTokens abuses Microsoft device code flow for account takeovers
A phishing package with post-compromise focus: Beyond the initial access vector, EvilTokens is structured as a full-service phishing platform. The kit provides affiliates with ready-to-use lures, infrastructure, and automation tools designed to carry out both the phishing phase and post-compromise activity.The lures used in the campaign include fake SharePoint document notifications, DocuSign requests, and account…
-
Akira-Style Ransomware Campaign Hits Windows Users Across South America
A newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware group. According to ESET’s findings, the threat actors behind this campaign are attempting to exploit Akira’s reputation by replicating its branding, ransom notes, and dark web infrastructure references. This includes the use of Tor-based…
-
OT Cyber Resilience: Strategic Data Protection for IEC 62443 and NIS2 Compliance
Learn how to protect OT systems, ICS, and SCADA infrastructure from ransomware with backup strategies built for legacy, air-gapped industrial environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ot-cyber-resilience-strategic-data-protection-for-iec-62443-and-nis2-compliance/
-
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation
Tags: browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, hacker, infrastructure, kev, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability affecting Google Chrome and other Chromium-based web browsers. Officially tracked as CVE-2026-5281, this security flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog because hackers are actively exploiting it in real-world attacks. The vulnerability originates…
-
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Tags: breach, cyber, infrastructure, malicious, microsoft, mitigation, north-korea, supply-chain, threatMicrosoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure attributed to the North Korean threat actor Sapphire Sleet. On March 31, 2026, two Axios npm versions (1.14.1 and 0.30.4) were published with a hidden malicious dependency that contacted attacker command”‘and”‘control (C2) infrastructure and…