Tag: threat
-
Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit
TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx’s KICS and VS Code plug-ins, and the LiteLLM AI library, and all signs point to more attacks to come. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/checkmarx-kics-code-scanner-widening-supply-chain
-
TeamPCP Backdoors LiteLLM Versions 1.82.71.82.8 Likely via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on…
-
Google Unleashes Gemini AI to Scour Dark Web for Corporate Threats
Google has launched a new dark web intelligence service to tackle the grueling task of monitoring underground criminal forums. It is deploying Gemini-powered artificial intelligence (AI) agents to sift through upwards of 10 million posts daily, the tech giant said, to replace clunky, keyword-based legacy systems with a platform that understands the context of a..…
-
Cy4Data Labs Brings Real-Time Insider Threat Detection to RSAC 2026
Cy4Data Labs announced at RSAC 2026 that its flagship platform Cy4Secure now includes a Behavior Engine for insider threat detection, designed to bring the time it takes to identify and contain a data breach from more than 200 days down to seconds. The Behavior Engine is built around a three-phase response model: Detect, Deny, Eject……
-
FCC bans import of consumer-grade routers amid national security concerns
The decision follows years of escalating attacks against the U.S. from state-linked threat groups targeting routers and edge devices. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fcc-bans-import-consumer-grade-routers-national-security/815528/
-
AI Forces CISOs to Rebuild Defense Playbooks
Francis deSouza of Google Cloud on Fighting AI-Driven Threats With AI. AI has redrawn the threat landscape for security leaders and forced a new operating model. Francis deSouza of Google Cloud says CISOs must counter faster, AI-driven attacks with AI-led defense, stronger governance and teams fluent in AI. First seen on govinfosecurity.com Jump to article:…
-
Huntress Brings ITDR to Google Workspace as Identity Attacks Surge
Huntress has announced it is extending its Managed Identity Threat Detection and Response (ITDR) solution to Google Workspace, marking a significant expansion of the company’s cloud identity security coverage and coming at a telling moment. The announcement, made today at RSA Conference in San Francisco, coincides with Huntress surpassing 10 million Microsoft 365 identities protected…
-
Infinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/infinite-campus-warns-of-breach-after-shinyhunters-claims-data-theft/
-
How a Large Bank Uses AI Digital Twins for Threat Hunting
JPMorgan Chase uses digital fingerprints and digital twins to spot online attackers and malicious behaviors while also reducing pesky false alerts. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/untitled
-
New ‘StoatWaffle’ malware auto”‘executes attacks on developers
Tags: attack, detection, group, infrastructure, jobs, korea, malicious, malware, north-korea, threatContagious Interview, revisited: StoatWaffle isn’t an isolated campaign. It’s the latest chapter in the Contagious Interview attacks, widely attributed to North Korea-linked threat actors tracked as WaterPlum.Historically, this campaign has targeted developers and job seekers through fake interview processes, luring them into running malicious code under the guise of technical assessments. Previously, the campaign weaponized…
-
DarkSword Exploit Chain Leaked Online, Posing Risk to Millions of iPhones
Security researchers have confirmed that the sophisticated iOS exploit chain known as DarkSword is now accessible outside of its original threat actor groups. Recently, security researcher @matteyeux successfully achieved kernel read/write access on an iPad mini 6th generation running iOS 18.6.2 using the in-the-wild DarkSword exploit. This development demonstrates that the exploit kit is highly…
-
Microsoft Proposes Better Identity, Guardrails for AI Agents
Companies need better controls to manage key threats rising from the growth of agentic AI. These new features provide a starting point. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/microsoft-proposes-better-identity-guardrails-ai-agents
-
Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security
Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybersecurity-software-failure-20/
-
Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution
TP-Link recently published a critical security advisory addressing four high-severity vulnerabilities in its Archer series routers. The flaws impact the Archer NX200, NX210, NX500, and NX600 models. If successfully exploited, these vulnerabilities enable threat actors to bypass authentication, execute unauthorised operating system commands, and manipulate sensitive device configuration files. Vulnerability Details The advisory highlights a…
-
Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution
TP-Link recently published a critical security advisory addressing four high-severity vulnerabilities in its Archer series routers. The flaws impact the Archer NX200, NX210, NX500, and NX600 models. If successfully exploited, these vulnerabilities enable threat actors to bypass authentication, execute unauthorised operating system commands, and manipulate sensitive device configuration files. Vulnerability Details The advisory highlights a…
-
Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution
TP-Link recently published a critical security advisory addressing four high-severity vulnerabilities in its Archer series routers. The flaws impact the Archer NX200, NX210, NX500, and NX600 models. If successfully exploited, these vulnerabilities enable threat actors to bypass authentication, execute unauthorised operating system commands, and manipulate sensitive device configuration files. Vulnerability Details The advisory highlights a…
-
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack.The workflows, both maintained by the supply chain security company Checkmarx, are listed below -checkmarx/ast-github-actioncheckmarx/kics-github-actionCloud security First seen on thehackernews.com Jump to article:…
-
Gcore Radar report reveals 150% surge in DDoS attacks year-on-year
Luxembourg, Luxembourg, March 24th, 2026, CyberNewswire Gcore data highlights a threat landscape defined by newfound automated attack capabilities, scale, and frequency Gcore, the global infrastructure and software provider for AI, cloud, network, and security solutions, today announced the findings of its Q3-Q4 2025 Gcore Radar report DDoS attack trends. The report reveals growing attack volumes,…
-
NSFOCUS Threat Intelligence: Building an OpenClaw Defense System with Multiple-Layer Protection
In 2026, AI agents are being widely used. OpenClaw has become a high-frequency efficiency improvement tool for enterprises and developers with its autonomous decision-making and local execution capabilities. However, several authoritative security agencies have recently issued warnings: OpenClaw is facing multi-dimensional security threats from supply chain poisoning to remote control. When internal employees privately deploy…The…
-
Threat Actors Target MS-SQL Servers to Deploy ICE Cloud Scanner Malware
Threat actors are continuing to aggressively target Microsoft SQL (MS-SQL) servers in 2026, with new evidence showing the deployment of a scanner malware known as ICE Cloud Client. Larva-26002 has maintained a consistent focus on poorly secured MS-SQL servers exposed to the internet. These systems are typically compromised through brute-force or dictionary attacks using weak…
-
Streamline physical security to enable data center growth in the era of AI
Tags: access, ai, automation, best-practice, business, control, data, framework, identity, risk, threat, tool, vulnerabilityThink beyond delivery : Every company operates as an economy of projects. But at AI scale, projects must evolve into programs. Designing and delivering AI-capable data centers requires an integrated, fast-moving production model built on repeatable processes and structured knowledge transfer. Intelligent reuse of project elements, including toolsets, intellectual property, templates, design standards and best practices, becomes…
-
Google Forms Job Scam Spreads PureHVNC Malware
A newly observed malware campaign is leveraging trusted platforms like Google Forms to distribute the PureHVNC Remote Access Trojan (RAT), marking a shift in how attackers initiate infections. Rather than relying on traditional phishing emails or malicious websites, threat actors are using business-themed lures such as job interviews, project proposals, and financial documents to trick…
-
Why CISOs should embrace AI honeypots
Tags: access, ai, api, attack, breach, business, ciso, credentials, cyberattack, cybercrime, cybersecurity, data, defense, detection, exploit, hacker, LLM, mitigation, open-source, RedTeam, risk, service, threat, tool, vulnerabilityWhy CISOs should consider honeypots: Another player in the AI honeypot space is Deutsche Telekom (DT). The firm is both a user and purveyor of AI-powered honeypots through its free, open-source platform ‘T-Pot.’ The most obvious advantage to their use, explains Marco Ochse, DT’s lead for threat analytics and mitigation, lies in how little these…
-
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware
North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Contagious Interview campaign is spreading StoatWaffle malware through malicious Microsoft Visual Studio Code projects. Since late 2025, they have abused the “tasks.json” auto-run feature in Microsoft…
-
Roundcube Releases Urgent Security Update to Fix Critical Bugs
Roundcube Webmail, a widely deployed open-source webmail interface, has released an urgent security update to address multiple critical vulnerabilities. The new stable release, version 1.6.14, patches eight distinct security flaws reported by independent security researchers. Because webmail servers process highly sensitive corporate and personal communications, they remain a top target for threat actors. System administrators…
-
Fake ChatGPT Invites Target Android Users With Malware
Threat actors are now abusing Google’s Firebase App Distribution service to push fake Android ChatGPT and Meta advertising apps that steal Facebook credentials and enable account takeover. The operation closely mirrors a recent iOS phishing campaign that used bogus ChatGPT and Gemini apps, but this wave specifically targets Android users through invitation-style emails that appear…
-
Automated Cryptographic Agility Frameworks for AI Resource Orchestration
Learn how automated cryptographic agility frameworks protect AI resource orchestration and MCP deployments against quantum threats and tool poisoning. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/automated-cryptographic-agility-frameworks-for-ai-resource-orchestration/
-
RSAC 2026 Day 1: Security Must Evolve at Agentic Speed
AI-driven threats demand faster, context-aware security beyond human limits First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/rsac-2026-day-1-security-must-evolve-at-agentic-speed/
-
ISACs confront AI’s promise and peril for threat intelligence-sharing
Any use of AI for ISAC work must preserve members’ trust, representatives of three critical infrastructure sectors said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-isacs-threat-intelligence-information-sharing-trust/815499/