Weekly Scan: Cloud, Cybersecurity, AI News — Mar 03, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2025-38617 (9 mentions, 9 sources)
📰 View all 9 sources covering this story ▼

1. Intruder Intel CVE Feed — CVE-2025-38617 (Mar 04, 04:17)
2. Intruder Intel CVE Feed — CVE-2025-43529 (Mar 04, 04:17)
3. Intruder Intel CVE Feed — CVE-2025-14500 (Mar 04, 04:17)
4. Intruder Intel CVE Feed — CVE-2025-54136 (Mar 04, 04:17)
5. Intruder Intel CVE Feed — CVE-2025-0282 (Mar 04, 04:17)
6. Intruder Intel CVE Feed — CVE-2025-68613 (Mar 04, 04:17)
7. Intruder Intel CVE Feed — CVE-2023-23397 (Mar 04, 04:17)
8. Intruder Intel CVE Feed — CVE-2025-10891 (Mar 04, 04:17)
9. Intruder Intel CVE Feed — CVE-2025-7544 (Mar 04, 04:17)

First reported: Mar 04, 04:17

• CVE-2026-3241 | Concrete CMS up to 9.4.7 cross site scripting (EUVD-2026-9359) (3 mentions, 3 sources)
📰 View all 3 sources covering this story ▼

1. VulnDB — CVE-2026-3240 | Concrete CMS up to 9.4.7 Question cross site scripting (EUVD-202… (Mar 04, 03:41)
2. VulnDB — CVE-2026-3244 | Concrete CMS up to 9.4.7 Search Result cross site scripting (EUV… (Mar 04, 03:49)
3. VulnDB — CVE-2026-3241 | Concrete CMS up to 9.4.7 cross site scripting (EUVD-2026-9359) (Mar 04, 03:49)

First reported: Mar 04, 03:41 | Last update: Mar 04, 03:49

• CVE-2025-70239 | D-Link DIR-513 1.10 formSetWAN_Wizard55 curTime stack-based overflow (3 mentions, 3 sources)
📰 View all 3 sources covering this story ▼

1. VulnDB — CVE-2025-70241 | D-Link DIR-513 1.10 formSetWANType_Wizard5 curTime stack-based … (Mar 04, 03:42)
2. VulnDB — CVE-2025-70240 | D-Link DIR-513 1.10 formSetWAN_Wizard51 curTime stack-based ove… (Mar 04, 03:45)
3. VulnDB — CVE-2025-70239 | D-Link DIR-513 1.10 formSetWAN_Wizard55 curTime stack-based ove… (Mar 04, 03:49)

First reported: Mar 04, 03:42 | Last update: Mar 04, 03:49

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

High-severity flaw let malicious add-ons access system via browser's embedded AI feature Security boffins have discovered a high-severity bug in Google Chrome that allowed malicious extensions to hijack its Gemini Live AI panel and inherit privile...

AI is making it ever easier for bad actors to launch attacks, and a newly-identified open source platform, CyberStrikeAI, seems to be lowering the bar even further. The platform packages end-to-end attack automation into a single AI-native orchest...

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.

The breach emerged this week when a threat actor claimed they stole 2 GB worth of information from the company that included millions of records.

Hackers abuse the .arpa Top-Level Domain to host phishing scams, using IPv6 tunnels, reverse DNS tricks, and shadow domains to bypass security checks.

Artificial intelligence is no longer just powering defensive cybersecurity tools, it is reshaping the entire threat landscape. AI is accelerating reconnaissance, improving the realism of phishing, automating malware mutation, and enabling adaptive attack techniques. At the same time, enterprises ...

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. I checked out one of the biggest anti-AI protests ever Pull the plug! Pull the plug! Stop the slop! Stop the slop! For a few hours this Saturday, February 28, ...

Large-scale commercial search systems optimize for relevance to drive successful sessions that help users find what they are looking for. To maximize relevance, we leverage two complementary objectives: behavioral relevance (results users tend to click or download) and textual relevance (a result...

AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of ...

Amazon Relational Database Service (RDS) for PostgreSQL now supports the latest minor versions 18.3, 17.9, 16.13, 15.17, and 14.22. These versions address the regression from the February 12, 2026 PostgreSQL community release. We recommend that you upgrade to the latest minor versions to fix know...

Amazon Bedrock now supports OpenAI-compatible Projects API in the Mantle inference engine in Amazon Bedrock. Amazon Bedrock is a fully managed service that offers a broad selection of best-in-class foundation models from leading AI companies like Anthropic, Meta, and OpenAI, along with a broad se...

Today, we're announcing the general availability of AWS Security Hub Extended, a new plan that extends unified security operations across your enterprise through a single-vendor experience. This plan helps address the complexity of managing multiple vendor relationships and lengthy procurement cy...

Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants. Here's his story.

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now! The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used...

Overview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, Microsoft Office, and Visual Studio Code. These vulnerabilities include privilege escalation, remote...

LLM-driven vuln finding has reached an inflection

What can the Bitlocker story tell us about risk?

GPS attacks trigger revisiting threat models

What if we think about LLM coding as if it’s a compiler stage?

The CRA is coming and it's going to be a dramatic change for technology producers

Thinking of threat modeling with a knob helps you get more out of it.

Thoughts on the CVE funding crisis

Grateful to introduce the Hackers' Almanack!

A group of us have urged HHS to require better handling of security reports

Some thoughts on the Voyager Episode ‘Inside Man’

One of the things we expect of a politician in a civilized country is that they put their country first.

The most important stories around threat modeling, appsec and secure by design for June, 2024.

Why is it hard to count lockbit infections?

Making an LLM forget is harder than it seems

Other people have written about the CSRB report, and I wanted to share their perspectives.

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

The NVD is in crisis, and so is patch management. It’s time to modernize.

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Red Teaming by Bryce Hoffman is a thought-provoking read.

Comments following the Senate’s CSRB hearing

The FDA has released their new guidance, which will be broadly impactful.

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Phishing behaviors, as observed in the wild.

Tarah Wheeler and Adam write in CFR

This month is all about memory safety, unless you’re a standards group.

External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you.

Pointer to Adam’s latest Darkreading article

Text captured from GPT-3

A few lessons from the Mazda radio incident.

What happened when Microsoft tried to buy climate abatements

Time flies and things change... A look back on the growth of this industry.

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

“It depends on your threat model...”

The timing of updates is not coincidental.

Thoughts on the issues with the Ever Given blocking the Suez Canal.

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Help me help you...

A recent talk by Alyssa Miller focuses on integrating threat modeling in devops.

As I built out my home studio to record videos for my distributed classes, I was lucky enough to be able to find an in-stock HDMI capture card, but those are harder and harder to find. As it turns out, you may be able to avoid the need for that with a mix of apps.

Just a few things for now

Sharing for you, bookmarking for me.

There are a couple of new, short (4-page), interesting papers from a team at KU Leuven discussin the building blocks of threat modeling.

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

A resource for those developing games.

Over-inflated numbers won't scare me into buying your ‘solution’.

Discussing the value of Security Advisory Boards

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

TL;DR Attackers sent a convincing DocuSign notification with a "Review & Sign" button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. [...]

Security researchers say exploits used by governments to hack into iPhones have been found to be used by cybercriminals. They warned of an emerging market for "secondhand" exploits.

Facebook is experiencing a global outage since 4:15 PM ET, with users reporting they cannot access their accounts. Facebook users worldwide report problems while attempting to access their accounts. The outage started around 4:15 PM ET. Upon attempting to access their account, users are presented...

The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle.

Executive Summary We identified a security weakness in n8n’s credential management layer that could have completely compromised the application’s security. This finding highlights the core risks of centralized authentication in workflow automation platforms. As n8n serves as the central hub conne...

How Can Non-Human Identities Revolutionize AI Security? Have you ever considered the role machine identities play in AI security? Where artificial intelligence is becoming integral to numerous sectors, securing these non-human identities (NHIs) is critical. NHIs, essentially machine identities, f...

Are Non-Human Identities the Key to Robust Cybersecurity? Safeguarding digital assets goes beyond securing human credentials. Increasingly, organizations are realizing the need to extend this protection to Non-Human Identities (NHIs), machine-driven identities integral to modern IT. These NHIs co...

How Do Non-Human Identities Influence AI Security? Have you ever wondered how the intricate dance between machine identities and cybersecurity shapes AI security? The advent of advanced AI systems has introduced an array of complex security challenges. Non-Human Identities (NHIs) have become para...

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. [...]

Through a simple calendar invite, AI browsers like Comet can be directed to access local file systems, browse directories, open and read files, and exfiltrate data. The post Researchers discover suite of agentic AI browser vulnerabilities appeared first on CyberScoop .

Don't leave your OpenClaw with an easy password, experts warn.

A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns and, ultimately, ended into the hands of financially motivated hackers, according to new research from Google’s Threat Int...

Fake Zoom and Google Meet pages trick users into installing a monitoring software on Windows systems through phishing links and fake updates.

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner...

Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. [...]

AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

Fig Security, a new platform that finds and fixes broken security flows across your entire SecOps infrastructure, has launched from stealth with $38 million across Seed and Series A rounds. It addresses one of the least visible challenges yet most consequential in enterprise security: the quiet b...

An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from ...

An OAuth feature is being abused in the wild to drop malware to people's computers.

Compromised cPanel credentials are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure. Flare explains how analyzing 200,000 underground posts reveals a commoditized market for hacked site management panels. [...]

Josys has transitioned into an autonomous identity governance platform, expanding beyond traditional SaaS management. The enhanced platform empowers IT leaders and managed service providers (MSPs) to scale governance and compliance efforts by centralizing identity data within a single, AI-driven ...

ProcessUnity has introduced ProcessUnity Risk Index, a risk rating built specifically for third-party risk management programs, combining proprietary control intelligence with external threat and vulnerability data. ProcessUnity Risk Index rates vendors on a 100-point scale to drive faster, more ...

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive a...

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected it...

Enigma Networks has announced the general availability of its Internal Trust Governance platform, Enigma AI, which continuously determines and validates which communications are necessary and safe across enterprise networks. Just as identity and access management (IAM) governs trust for users, En...

Security researchers found a zero-click exploit in Perplexity AI browser, and helped fix it.

Hackers stole names, Social Security numbers, driver’s license information, voter registration records, and health-related information. The post 1.2 Million Affected by University of Hawaii Cancer Center Data Breach appeared first on SecurityWeek .

Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider domains such as Microsoft Entra ID and Google Workspace. The links look safe but ultimately lead somewh...

width="1600" height="900" sizes="auto, (max-width: 1600px) 100vw, 1600px"> Das britische Government Communications Headquarters (GCHQ) in Cheltenham, England. GCHQ Eine aktuelle Stellenausschreibung sorgt in der Branche für Kopfschütteln. Sie legt nahe, dass manche hochrangigen Regierungsstellen ...

An integer overflow or wraparound in the Qualcomm graphics component, the bug leads to memory corruption. The post Android Update Patches Exploited Qualcomm Zero-Day appeared first on SecurityWeek .

The cybersecurity industry is monitoring the landscape and says many of the big claims made by hacktivist groups remain unverified. The post Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low appeared first on SecurityWeek .

Hackers don't need an app to steal login credentials anymore - a PWA will do.

Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting softw...

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a...

Improper input sanitization in the framework can be exploited through the Shell tool, allowing attackers to modify system files and steal data. The post Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise appeared first on SecurityWeek .

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

The University of Hawaii confirmed that a ransomware gang stole the data of nearly 1.2 million individuals in August 2025 after breaching its Cancer Center's Epidemiology Division. [...]

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of red...

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of ...

The company’s latest security update contains the highest number of Android vulnerabilities patched in a single month since April 2018. The post Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities appeared first on CyberScoop .

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers. [...]

Cybercriminal group SLSH recruits women to impersonate IT helpdesks, offering up to $1,000 per call while targeting major companies.

A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). [...]

John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more

Torrance, United States / California, 2nd March 2026, CyberNewswire

North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a ...

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of c...

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent

Trolls on 4chan generated sexualized images of female athletes, and the White House shared an AI-manipulated video of a hockey player—welcome to the new normal. The post From fake nudes to fake quotes: AI deepfakes plagued Olympic athletes appeared first on CyberScoop .

Chainalysis reveals a big surge in median ransomware payment size in 2025 despite overall drop in criminal revenue

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources.

Europol’s Project Compass led to 30 arrests targeting ‘The Com’ network, identifying 62 victims and protecting four children from harm. A yearlong operation, code-named Project Compass, led by Europol has dealt a major blow to The Com,’ a cybercrime network known for targeting children and teenag...

Frankfurt am Main, Germany, 2nd March 2026, CyberNewswire

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actua...

immer mehr betroffene Unternehmen und Organisationen folgen dem Rat, kein Lösegeld zu zahlen . fadfebrian – shutterstock.com Laut einem neuen Bericht des Analyseunternehmens Chainalysis konnten Hacker im Jahr 2025 im Zusammenhang mit Ransomware-Angriffen insgesamt 820 Millionen Dollar erbeuten. A...

LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet.

How businesses can master migration-led migration, including key steps like mapping and securing long-term governance.

Oblivion is an Android RAT which bypasses permissions, intercepts messages, and enables hidden remote control across devices from Samsung, Xiaomi, and OPPO.

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. "Our vulnerability lives in the core system itself – no plugins, no marketplace, no u...

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of dist...

Cybercriminal networks resell real travel bookings bought with stolen credit cards.

HBO's "The Pitt" is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.

Using AI to find security vulnerabilities holds significant promise, but the initial products fall short of the needs of enterprises and software developers, say experts.

Hackers found a new legitimate tool to abuse, and this time it's Google Tasks.

Fewer businesses are paying, but ransomware groups are growing in number.

It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks....

Two critical-severity flaws in Apex One, with Trend Micro advising users to apply the patch now.

This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system. News article .

If you thought running an AI agent locally kept it safely inside your machine’s walls, you’re in for a surprise. Researchers at Oasis Security have disclosed a flaw chain that allowed a malicious website to quietly connect to a locally running OpenClaw agent and take full control. The issue stems...

The US authorities have made it clear that they will have no truck with any individuals trying to by-pass regulations on trading cyberweapons with hostile powers. Selling sensitive cyber-exploit components to a Russian company landed Australian citizen Peter Williams with an 87-month prison sente...

International law enforcement operation led by Europol targets network of teenagers and young adults involved in ransomware attacks, extortion and other crimes

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gu...

French ecommerce site suffers third-party breach, losing data on millions of customers.

A Russian man prosecuted for extorting the Conti ransomware group, Google takes down a Chinese cyber-espionage operation, Anthropic tells Department of War to pound sand over AI restrictions, and a Cisco zero-day was exploited in the wild for three years.

The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind.

Officials said 30 perpetrators have been arrested in the past year, and global law enforcement cooperation is closing the gap. The post Project Compass is Europol’s new playbook for taking on The Com appeared first on CyberScoop .

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for command-and-control, Aeternum stores ...

Zyxel fixes a handful of worrying router flaws, including a critical RCE issue.

A decade-old threat actor is up to some new shenanigans, but Google is having none of it.

The U.S. government and its allies said hackers have been exploiting the newly identified bug in Cisco networking gear around the world for years, and urged organizations to patch.

New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts

RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.

As AI gets integrated, attacks speed up and grow in severity, so buisnesses should shape up.

2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. H...

There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog.

Maximum-severity Cisco flaw is being actively abused, and FCEB agencies were given just a few days to patch.

UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation

LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven ­ for example, L , 9, m, 2, $ and ...

Tom Uren and Amberleigh Jack talk about the argy-bargy between the Pentagon and AI company Anthropic. US Defense Secretary Pete Hegseth is demanding that all safeguards are lifted from Claude, while Anthropic CEO Dario Amodei is insisting on protections against mass surveillance of Americans and ...

When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with pa...

Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves.

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting internat...

An adult site kept an open database, but it played down its importance.

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms, ...

Threat actors targeted developers with a bogus package — a shift away from the recent crypto development hack focus.

1Campaign has been around for three years and comes with a fancy dashboard.

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief....

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case...

Breakout time is the clearest signal of how intrusion has changed, researchers say, as they see data exfiltration within minutes of initial compromise.

Four critical flaws were addressed, all of which could lead to remote code execution.

Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon's servers. Read more in my article on the Hot for Security blog.

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guil...

In the latest operation targeting cybercrime groups, African law enforcement agencies cooperated with Interpol and cybersecurity firms to recover more than $4.3 million.

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access c...

Russia launches a criminal probe into Telegram’s founder, two teenagers arrested for a South Korean bike share hack, Anthropic accuses Chinese AI firms of distillation attacks, and the US Treasury sanctions a Russian exploit broker.

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran appeared first on Unit 42 .

Insights and recommended defensive measures from Sophos X-Ops Counter Threat Unit Categories: Security Operations Tags: Sophos CTU, Iran, Operation Epic Fury

Running a nuclear power plant isn’t an easy task, even with the level of automation available to a 1980s Soviet RBMK reactor. In their continuing efforts to build a full-sized, …read more

The AI giant is also trying to walk back some terms of its deal with the Defense Department OpenAI says GPT‑5.3 Instant, the latest addition to its GPT-5.3 family of models, is less inclined to moralize.…

FCC to review foreign debt, but Carr indicates it will be a formality.

If all you want is just a basic WiFi extender that gets some level of network connectivity to remote parts of your domicile, then it might be tempting to get …read more

New data shows electricity rates rose 5 percent nationwide in 2025.

Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider domains such as Microsoft Entra ID and Google Workspace. The links look safe but ultimately lead somewh...

On any given day, an organization’s employees might be using smartphones, laptops, desktop computers, tablets, a variety of cloud and networking services, a host of enterprise applications and mobile apps, and other digital tools. Many of them might be working remotely, and nearly all of them wil...

'Expect elevated activity for the foreseeable future' Iranian hackers have launched spying expeditions, digital probes, and distributed denial of service (DDoS) attacks in the wake of the US and Israel launching missile strikes over the weekend, and security researchers urge organizations to expe...

OpenAI has struck a deal to supply the US government with AI services, announcing it hours after US President Donald Trump’s decision on Friday to ban its AI rival Anthropic from all US government contracts. Sam Altman, CEO of OpenAI, said of the negotiation, “ It was definitely rushed, and the o...

So, you’ve received a suspicious link and would like to check whether the website is dangerous before visiting it. You can do this, for example, with the “URL Void” service from the security provider “No Virus Thanks.” To do this, go to www.urlvoid.com , enter the web address in question, and cli...

The Trump administration on Friday moved to ban the use of products from artificial intelligence company Anthropic by federal businesses, escalating a high-stakes clash over whether private AI makers can limit how the US military uses their systems. Just hours later, Anthropic rival OpenAI’s CEO,...

Stateless AI, in which a model offers one-off answers without context from previous sessions, can be helpful in the short-term but lacking for more complex, multi-step scenarios. To overcome these limitations, OpenAI is introducing what it is calling, naturally, “stateful AI.” The company has ann...

Claude Opus 3, which has been replaced by Claude Opus 4.6 as Anthropic’s most powerful AI model, has managed to find a new position. The “newly retired” AI model has launched its own Substack blog, Claude’s Corner , which it is aiming to publish it weekly. Claude set out its purpose in writing th...

The humble spreadsheet is a staple of modern work, one you probably barely think about. But with global systems intimately interconnected, and only growing more so, it seems almost anything can be an attack vector. Such is the case with Google Sheets. Google reports that it disrupted a wide-rangi...

Block, the payments and financial services company led by Jack Dorsey, is cutting more than 4,000 jobs, nearly half its workforce, because AI tools have made a leaner organisation not just possible, but strategically preferable, Dorsey said in a letter to its shareholders . The cuts will reduce B...

Choosing a secure password isn’t always easy. That’s why some people are turning to “artificial intelligence” (e.g., chatbots like ChatGPT and Google Gemini) to create secure passwords for them. But security experts at Irregular warn against this approach. After some tests, they’ve discovered tha...

AI doesn’t always give accurate answers—much less specific. Meanwhile, security software sometimes gets outright ignored. You wouldn’t think combining the two would make for a solid match, but Malwarebytes is proving me wrong. Recently, the venerable security software maker launched a ChatGPT int...

CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape th...

Too many organizations today still rely on "legacy" retainer models. These traditional contracts are often rigid, opaque, and reactive, and designed for a world that no longer exists.

Researchers found a now-patched vulnerability in "Live in Chrome" that allowed a Chrome extension to inherit Gemini’s permissions.

Cisco Talos continues to monitor the ongoing conflict in the Middle East. As always, we will be watching closely for any cyber-related incidents that are tied to the conflict.

Easy File Sharing Web Server v7.2 - Buffer Overflow

WeGIA 3.5.0 - SQL Injection

Boss Mini v1.4.0 - Local File Inclusion (LFI)

Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...

Dysruption Hub reports: A reported “cyber incident” left the Denmark School District in the Village of Denmark, Wisconsin, without internet access for five school days, forcing teachers and students to rely on paper-based workarounds, according to a local news report. But that “cyberincident” app...

Torrance, United States / California, 2nd March 2026, CyberNewswire The post Criminal IP to Present Decision-Ready Threat Intelligence at RSAC™ 2026 appeared first on The Security Ledger with Paul F. Roberts .

Cassandre Coyer reports: A partial government shutdown threatens to further derail a key federal cybersecurity agency’s incident reporting rule—and delay answers that companies need to comply. The Department of Homeland Security shutdown, now entering its third week, may push back the finish line...

Ashley Nyquist, Ashden Fein, Caleb Skeath, John Webster Leslie, Matthew Harden, Catherine McGrath, and Samar Amidi of Covington and Burling write: On January 28, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a new resource on Assembling a Multi-Disciplinary Insi...

Frankfurt am Main, Germany, 2nd March 2026, CyberNewswire The post Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat appeared first on The Security Ledger with Paul F. Roberts .

A fake purchase order attachment turned out to be a phishing page designed to harvest your login details.

It's Friday, let's have a look at another simple piece of malware to close a busy week! I received a Fedex notification about a delivery. Usually, such emails are simple phishing attacks that redirect you to a fake login page to collect your credentials. Here, it was a bit different:

Disguised as a security check, this fake Google alert uses browser permissions to harvest contacts, location data, and more.

There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Conti, one of the world's most infamous cybercriminal operations, was allegedly the victim of an...

Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as “UAT-10027,” delivering a previously undisclosed backdoor dubbed “Dohdoor.”

Unsealed court records reveal Instagram executives discussed explicit messages to teens years before a blur feature was introduced.

Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges.