Collecting Cyber-News from over 60 sources

Tag: tool

Databricks betritt mit KI-gestützten SIEM ‘Lakewatch” den Security-Markt

Mar 31, 2026 11:29 AM

Tags: ai, siem, tool

Databricks will mehr als nur ein weiteres SIEM-Tool liefern. Es geht um eine Plattform, die Sicherheit konsequent aus der Datenperspektive denkt First seen on infopoint-security.de Jump to article: www.infopoint-security.de/databricks-steigt-mit-neuem-siem-lakewatch-im-security-markt-ein/a44442/
Tax Filing Scams Used to Deliver Malware in New Cybercrime Campaigns

Mar 31, 2026 10:29 AM

Tags: credentials, cyber, cybercrime, exploit, malware, monitoring, phishing, scam, tool

Cybercriminals are once again exploiting global tax seasons, abusing IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tools, and credential phishing in a wave of new 2026 campaigns. Security researchers have already tracked more than a hundred tax-themed operations worldwide, with a noticeable increase in the use of legitimate RMM…
Hottest cybersecurity open-source tools of the month: March 2026

Mar 31, 2026 7:32 AM

Tags: cybersecurity, open-source, tool

Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/hottest-cybersecurity-open-source-tools-of-the-month-march-2026/
Fortinet hit by another exploited cybersecurity flaw

Mar 31, 2026 5:30 AM

Tags: access, advisory, ai, application-security, attack, authentication, control, credentials, cybersecurity, exploit, firewall, flaw, fortinet, group, hacking, infrastructure, injection, Internet, open-source, privacy, ransomware, remote-code-execution, risk, service, sql, theft, threat, tool, unauthorized, update, vulnerability, zero-day, zero-trust

SQL injection a top app security issue: Beauceron’s Shipley underscored the dangers of SQL injection, pointing out that the vulnerability was the first on the OWASP top 10 application security risks when the open source foundation was launched more than 20 years ago. The attack type has remained in the top spot for most of…
Kernel Observability for Data Movement

Mar 31, 2026 5:30 AM

Tags: breach, compliance, data, detection, tool

Kernel-level visibility reveals hidden data movement in breaches, exposing gaps in modern security tools and improving detection, compliance, and system behavior tracking. First seen on hackread.com Jump to article: hackread.com/kernel-observability-for-data-movement/
Wave Browser Brings Gaming Tools and Ocean Cleanup into the Same Tab

Mar 30, 2026 8:30 PM

Tags: tool

Wave Browser for gaming: built for multitasking, streaming, and tabs, with tools for gamers plus ocean cleanup support tied to everyday browsing activity. First seen on hackread.com Jump to article: hackread.com/wave-browser-gaming-tools-ocean-cleanup-tab/
FIRESIDE CHAT: AI gives rise to a semantic attack surface, forcing a new class of network defense

Mar 30, 2026 3:30 PM

Tags: ai, attack, defense, network, tool

SAN FRANCISCO, Enterprises rushing to deploy AI in their operations are opening a security exposure most of their existing tools were never designed to address. That’s the hard message coming out of RSAC 2026, and it’s one worth… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fireside-chat-ai-gives-rise-to-a-semantic-attack-surface-forcing-a-new-class-of-network-defense/
ClickFix Evades PowerShell Detection via Rundll32 and WebDAV

Mar 30, 2026 2:30 PM

Tags: attack, cyber, detection, powershell, tool, windows

A new variant of the ClickFix attack technique that shifts execution away from commonly monitored tools like PowerShell and mshta, instead abusing native Windows components such as rundll32.exe and WebDAV. This evolution allows attackers to bypass traditional script-based detection mechanisms, increasing the likelihood of a successful, stealthy compromise. The attack begins similarly to earlier ClickFix…
APIs are the new perimeter: Here’s how CISOs are securing them

Mar 30, 2026 1:29 PM

Tags: access, ai, api, attack, authentication, banking, breach, business, ciso, cloud, compliance, computer, control, credentials, cyber, data, data-breach, defense, edr, endpoint, exploit, finance, gartner, governance, group, Hardware, identity, infrastructure, iot, least-privilege, malicious, mobile, monitoring, network, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vulnerability, vulnerability-management, waf

Legacy defenses can’t keep up: Traditional perimeter-based defenses are often insufficient against API-layer attacks. Traditional security defenses, such as EDR, XDR, and WAF, “primarily focus on clients, hardware, and software endpoints, looking at IP-based attack vectors,” explains BECU’s Murphy. “APIs bring us into the world of business logic and runtime types of issues.”Others agree that…
Android 17 tweaks location privacy with one-time access

Mar 30, 2026 1:29 PM

Tags: access, android, control, data, google, privacy, tool

Google introduced a suite of location privacy features in Android 17 Beta 3 to give users more control and provide developers with tools for data minimization and product … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/android-location-privacy-features-control/
SystemRescue 13 updates its kernel to Linux 6.18 LTS, adds new recovery tools

Mar 30, 2026 9:30 AM

Tags: incident response, linux, tool, update

Bootable Linux recovery environments occupy a specific niche in the systems administration and incident response toolkit. SystemRescue, an Arch-based live distribution built … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/systemrescue-13-released/
ShipSec Studio brings open-source workflow orchestration to security operations

Mar 30, 2026 7:30 AM

Tags: jobs, open-source, tool, vulnerability

Security teams have long relied on a mix of shell scripts, cron jobs, and loosely connected tools to chain reconnaissance and vulnerability scanning work together. ShipSec … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/shipsec-studio-security-workflow-automation-platform/
VoidLink Proves AI-Assisted Malware Is No Longer Experimental

Mar 30, 2026 7:30 AM

Tags: ai, attack, cyber, malware, threat, tool

VoidLink shows that AI-assisted malware is now a mature, operational tool rather than a lab experiment, compressing what once required a full team into days of work by a single developer. At the same time, threat actors are cautiously testing self-hosted models, abusing agentic AI architectures, and probing enterprise GenAI usage as a fresh attack…
Attribute-Based Access Control for AI Capability Negotiation

Mar 30, 2026 5:30 AM

Tags: access, ai, control, threat, tool

Learn how Attribute-Based Access Control (ABAC) secures AI capability negotiation and MCP deployments against quantum threats and tool poisoning. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/attribute-based-access-control-for-ai-capability-negotiation/
Malicious Browser Extensions Hijack Users’ AI Chats in New “Prompt Poaching” Attack

Mar 28, 2026 12:31 PM

Tags: ai, attack, cyber, malicious, threat, tool

A new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools, in a growing threat now dubbed “prompt poaching.” The rise of AI assistants in everyday browsing has created a usability gap. Most users interact with AI tools in isolated tabs, manually copying and pasting content for analysis or summarization.…
Fake Certificate Loader Hides BlankGrabber Malware Chain

Mar 28, 2026 10:31 AM

Tags: cyber, infection, malware, rust, service, tool, windows

BlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi”‘stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built”‘in tools such as certutil.exe, heavily obfuscated PyInstaller stubs, and stealthy exfiltration via Telegram and public web services to evade both…
RSAC 2026: No easy fixes for expanding AI attack surface, but a coordinated response is emerging

Mar 28, 2026 1:29 AM

Tags: ai, attack, cybersecurity, network, technology, threat, tool

SAN FRANCISCO, Forty-four thousand cybersecurity practitioners converged on Moscone Center this week with an urgent question: how do you secure a network when everything, the technology, the threats, the tools, is changing faster than anyone can govern… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/rsac-2026-no-easy-fixes-for-expanding-ai-attack-surface-but-a-coordinated-response-is-emerging/
RSAC Focuses Cybersecurity Insights, Tech, and Community in One Place

Mar 27, 2026 10:30 PM

Tags: conference, cybersecurity, data, network, ransomware, service, technology, tool

The RSAC conference has once again descended upon San Francisco and delivered an event that brings together the largest collection of industry leaders, technologies, and cybersecurity community events! Over the course of several days, attendees accessed exceptional keynotes, thought-leading expert sessions, and an unmatched technology expo. During the evenings, there were countless private events, get-togethers,…
Apple’s Email Privacy Tool Tested in FBI Threat Case, Exposing Limits of Anonymity

Mar 27, 2026 10:30 PM

Tags: apple, email, privacy, threat, tool

Apple’s Hide My Email feature, long promoted as a privacy safeguard for consumers, has come under scrutiny following a federal investigation that revealed how easily anonymized identities can be uncovered through legal channels. Newly disclosed court records show that Apple provided authorities with account information tied to an anonymous email address used to send a..…
8 steps CISOs can take to empower their teams

Mar 27, 2026 10:30 PM

Tags: access, business, ciso, compliance, control, corporate, edr, international, jobs, metric, risk, skills, software, technology, tool, training, update

Once when we were rolling out a well-known EDR tool, I knew the settings weren’t tight enough, nor were the received updates applied fast enough. So I asked two people to own this, come up with suggestions for tightening the screws, and guarantee a successful rollout on multiple OSes in parallel. The phased approach took…
Apple says no one using Lockdown Mode has been hacked with spyware

Mar 27, 2026 10:30 PM

Tags: apple, attack, hacking, leak, spyware, tool

The tech giant’s claim that it has not seen any successful spyware attacks targeting Apple devices with Lockdown Mode enabled comes amid a leak of hacking tools targeting users running devices with older software. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/27/apple-says-no-one-using-lockdown-mode-has-been-hacked-with-spyware/
AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure

Mar 27, 2026 10:30 PM

Tags: ai, credentials, infrastructure, leak, tool

Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/gitguardian-exposed-credentials-risk-report/
TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects

Mar 27, 2026 10:30 PM

Tags: ai, attack, credentials, cyber, exploit, group, hacker, intelligence, malicious, security-incident, supply-chain, threat, tool

The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artificial intelligence software. By exploiting weak credential management and leveraging AI-assisted coding, the group distributed malicious…
Red Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized Access

Mar 27, 2026 10:30 PM

Tags: access, attack, cyber, cybersecurity, data, exploit, linux, malicious, malware, supply-chain, threat, tool, unauthorized

Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popularxzcompression utility. Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentially grant threat actors unauthorised remote access to affected Linux systems. Technical Analysis of the Exploit The xz utility is a fundamental data compression format…
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Mar 27, 2026 10:30 PM

Tags: cybersecurity, malicious, microsoft, tool

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry.”The pipeline had a single boolean return value that meant both ‘no scanners are configured’…
Erpressungen erwartet: Hacker wollen riesige Supply-Chain-Attacke zu Geld machen

Mar 27, 2026 10:30 PM

Tags: cyberattack, hacker, ransomware, supply-chain, tool

Nach verheerenden Attacken auf Trivy, LiteLLM und andere Tools will TeamPCP massenhaft eingesammelte Zugangsdaten für Ransomware-Angriffe einsetzen. First seen on golem.de Jump to article: www.golem.de/news/erpressungen-erwartet-hacker-wollen-riesige-supply-chain-attacke-zu-geld-machen-2603-206984.html
LiteLLM Hit in Cascading Supply-Chain Attack

Mar 26, 2026 11:49 PM

Tags: attack, backdoor, breach, credentials, exploit, group, hacker, malicious, malware, pypi, supply-chain, theft, threat, tool

Stolen Credentials From Trivy Breach Let Hackers Push Malware to PyPI. Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, persistent backdoors and lateral movement tools within hours of publication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/litellm-hit-in-cascading-supply-chain-attack-a-31210
U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog

Mar 26, 2026 11:49 PM

Tags: ai, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, tool, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2026-33017 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows. CVE-2026-33017 is a…
Chain Reaction: How One Stolen Token Tore Through Five Ecosystems

Mar 26, 2026 9:47 PM

Tags: breach, credentials, data-breach, theft, tool, vulnerability

Why Your Static Credentials Are a Ticking Time Bomb The TeamPCP campaign, one of the largest credential theft campaigns of 2026, began with a compromise in Trivy. A security tool trusted to scan for vulnerabilities and leaked secrets was weaponized against the very environments it was meant to protect. Instead of catching exposed credentials, it……
What is PUE? A Guide to Data Center Efficiency

Mar 26, 2026 8:47 PM

Tags: data, guide, metric, technology, tool

In the world of data centers, energy efficiency isn’t just a buzzword”, it’s a vital part of running a cost-effective and sustainable operation. As technology demands grow, so does the need to monitor exactly how much energy is being used and where it’s going. This is where metrics like Power Usage Effectiveness (PUE) become essential…