Weekly Scan: Cloud, Cybersecurity, AI News — Mar 08, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2024-23225 (9 mentions, 9 sources)
📰 View all 9 sources covering this story ▼

1. Intruder Intel CVE Feed — CVE-2024-23225 (Mar 09, 08:17)
2. Intruder Intel CVE Feed — CVE-2024-23296 (Mar 09, 08:17)
3. Intruder Intel CVE Feed — CVE-2025-59287 (Mar 09, 08:17)
4. Intruder Intel CVE Feed — CVE-2025-43529 (Mar 09, 08:17)
5. Intruder Intel CVE Feed — CVE-2023-40238 (Mar 09, 08:17)
6. Intruder Intel CVE Feed — CVE-2025-55182 (Mar 09, 08:17)
7. Intruder Intel CVE Feed — CVE-2023-43000 (Mar 09, 08:17)
8. Intruder Intel CVE Feed — CVE-2025-43530 (Mar 09, 08:17)
9. Intruder Intel CVE Feed — CVE-2025-38617 (Mar 09, 08:17)

First reported: Mar 09, 08:17

• CVE-2026-3790 | SourceCodester Sales and Inventory System 1.0 POST Parameter check_supplier_details.php stock_name1 sql injection (EUVD-2026-10280) (3 mentions, 3 sources)
📰 View all 3 sources covering this story ▼

1. VulnDB — CVE-2026-3755 | SourceCodester Sales and Inventory System 1.0 POST check_custome… (Mar 07, 20:35)
2. VulnDB — CVE-2026-3756 | SourceCodester Sales and Inventory System up to 1.0 /check_item_… (Mar 07, 20:35)
3. VulnDB — CVE-2026-3790 | SourceCodester Sales and Inventory System 1.0 POST Parameter che… (Mar 08, 07:29)

First reported: Mar 07, 20:35 | Last update: Mar 08, 07:29

• CVE-2025-64152 | Apache IoTDB up to 1.3.5/2.0.6 path traversal (2 mentions, 2 sources)
📰 View all 2 sources covering this story ▼

1. VulnDB — CVE-2025-55017 | Apache IoTDB up to 1.3.5/2.0.5 path traversal (Mar 09, 06:53)
2. VulnDB — CVE-2025-64152 | Apache IoTDB up to 1.3.5/2.0.6 path traversal (Mar 09, 06:54)

First reported: Mar 09, 06:53 | Last update: Mar 09, 06:54

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported . The FBI acknowledged the incident in a statement to CNN, saying, “...

Trend Micro found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system information, and user files. Trend Micro uncovered a campaign distributing the BoryptGrab information stealer through mo...

WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses. The post Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited appeared first on SecurityWeek .

White House released President Trump’s Cyber Strategy for America, framing cyberspace as a strategic domain to project power and counter growing cyber threats The White House has released “President Trump’s Cyber Strategy for America,” a document ...

The long, strange trip of a large assembly of advanced iOS exploits.

See how Balyasny built an AI research system with GPT-5.4, rigorous model evaluation, and agent workflows to transform investment analysis at scale.

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. Online harassment is entering its AI era Scott Shambaugh didn’t think twice when he denied an AI agent’s request to contribute to matplotlib, a software librar...

OpenAI introduces CoT-Control and finds reasoning models struggle to control their chains of thought, reinforcing monitorability as an AI safety safeguard.

Introducing GPT-5.4, OpenAI’s most most capable and efficient frontier model for professional work, with state-of-the-art coding, computer use, tool search, and 1M-token context.

OpenAI introduces ChatGPT for Excel and new financial app integrations, powered by GPT-5.4 to accelerate modeling, research, and analysis in regulated environments.

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. Listen to Earth’s rumbling, secret soundtrack The boom of a calving glacier. The crackling rumble of a wildfire. The roar of a surging storm front. They’re the...

A new preprint extends single-minus amplitudes to gravitons, with GPT-5.2 Pro helping derive and verify nonzero graviton tree amplitudes in quantum gravity.

Artificial intelligence is no longer just powering defensive cybersecurity tools, it is reshaping the entire threat landscape. AI is accelerating reconnaissance, improving the realism of phishing, automating malware mutation, and enabling adaptive attack techniques. At the same time, enterprises ...

Amazon Connect Health is now generally available, bringing purpose-built agentic AI to healthcare organizations to streamline patient engagement and point-of-care workflows. Amazon Connect Health delivers five AI agents designed to reduce administrative burden across the care continuum — enabling...

We’re excited to announce Amazon GameLift Servers DDoS Protection, a new feature that helps game developers protect session-based multiplayer games that utilize Amazon GameLift Servers to help improve overall game session resiliency. DDoS Protection is designed to defend against denial-of-service...

AWS Config now supports 30 additional AWS resource types across key services including Amazon Bedrock AgentCore and Amazon Cognito. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of ...

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been a...

Anthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, released in January 2026. Anthropic discovered 22 security vulnerabilities in Firefox using its Claude Opus 4.6 AI model in January 2026. Mozilla addres...

LLM-driven vuln finding has reached an inflection

What can the Bitlocker story tell us about risk?

GPS attacks trigger revisiting threat models

What if we think about LLM coding as if it’s a compiler stage?

The CRA is coming and it's going to be a dramatic change for technology producers

Thinking of threat modeling with a knob helps you get more out of it.

Thoughts on the CVE funding crisis

Grateful to introduce the Hackers' Almanack!

A group of us have urged HHS to require better handling of security reports

Some thoughts on the Voyager Episode ‘Inside Man’

One of the things we expect of a politician in a civilized country is that they put their country first.

The most important stories around threat modeling, appsec and secure by design for June, 2024.

Why is it hard to count lockbit infections?

Making an LLM forget is harder than it seems

Other people have written about the CSRB report, and I wanted to share their perspectives.

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

The NVD is in crisis, and so is patch management. It’s time to modernize.

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Red Teaming by Bryce Hoffman is a thought-provoking read.

Comments following the Senate’s CSRB hearing

The FDA has released their new guidance, which will be broadly impactful.

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Phishing behaviors, as observed in the wild.

Tarah Wheeler and Adam write in CFR

This month is all about memory safety, unless you’re a standards group.

External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you.

Pointer to Adam’s latest Darkreading article

Text captured from GPT-3

A few lessons from the Mazda radio incident.

What happened when Microsoft tried to buy climate abatements

Time flies and things change... A look back on the growth of this industry.

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

“It depends on your threat model...”

The timing of updates is not coincidental.

Thoughts on the issues with the Ever Given blocking the Suez Canal.

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Help me help you...

A recent talk by Alyssa Miller focuses on integrating threat modeling in devops.

As I built out my home studio to record videos for my distributed classes, I was lucky enough to be able to find an in-stock HDMI capture card, but those are harder and harder to find. As it turns out, you may be able to avoid the need for that with a mix of apps.

Just a few things for now

Sharing for you, bookmarking for me.

There are a couple of new, short (4-page), interesting papers from a team at KU Leuven discussin the building blocks of threat modeling.

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

A resource for those developing games.

Over-inflated numbers won't scare me into buying your ‘solution’.

Discussing the value of Security Advisory Boards

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

[no description provided]

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

The cables running along the ocean floor carry the overwhelming majority of the world’s cross-border data traffic, and for most of their operational history they have attracted little strategic attention. That is changing. A new sector report from Capacity Insights draws on interviews with senior...

Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen. mycteria – shutterstock.com Ransomware-Angreifer ändern zunehmend ihre Taktik und setzen vermehrt auf unauffällige Infiltration. Dies liegt daran...

Chinese government-linked hackers have breached a network used by the Federal Bureau of Investigation to manage court-authorized surveillance operations. The intrusion, first detected on February 17, 2026, involved systems supporting the FBI’s Digital Collection System Network (DSCNet), infrastru...

DumpBrowserSecrets extracts saved passwords, cookies, OAuth tokens and autofill data from Chrome, Edge, Firefox, Opera and Vivaldi, bypassing App-Bound Encryption via Early Bird APC injection.

AI is entering organisations faster than the security controls designed to govern it. Artificial intelligence is rapidly becoming embedded across organisations. AI assistants are now writing code, summarising documents, analysing data, and supporting operational decisions. What began as experimen...

Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault. [...]

Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. [...]

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BlacksmithAI: Open-source AI-powered penetration testing framework BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security ...

Attackers deliberately crash browsers, impersonate IT staff, and convince employees to install malicious tools that deploy Havoc malware across corporate systems.

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. [...]

Trump’s Cyber Strategy calls for stronger deterrence against cyber adversaries, modernization of federal networks, protection of critical infrastructure, and investment in technologies such as AI and post-quantum cryptography. The post US Cyber Strategy Targets Adversaries, Critical Infrastructur...

Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more.

Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support military activity and bat...

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and St...

Attackers have turned AI into a “force multiplier” for the country’s expansive scheme to get and keep operatives hired at global companies, researchers said. The post Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI appeared first on CyberScoop .

Cylake's platform will analyze security data locally and identify potential attacks for organizations concerned about data sovereignty.

In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA - one of the world's most prolific phishing-as-a-service platforms - has been dismantled. Read more in my article on the Hot for Security blog.

A popular WordPress plugin can be abused to take over websites - with thousands of sites reportedly vulnerable.

CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed ...

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. [...]

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Se...

A House committee reauthorized an Energy Department program that funnels hundreds of millions of dollars and cybersecurity assistance to rural electric utilities. The post Congress looks to revive critical cyber program for rural electric utilities appeared first on CyberScoop .

An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to escalating geopolitical tensions in the Middle East. New backdoors used by Seedworm Symantec an...

The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1. The post CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List appeared first on SecurityWeek .

What would you do if you could eavesdrop on an ongoing social engineering attack against your LastPass account?

Cisco patches 48 vulnerabilities in Secure Firewall products, including two critical CVSS 10 flaws that could allow authentication bypass and remote code execution.

New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to...

Hexnode has announced the launch of Hexnode IdP. By introducing this native identity layer, Hexnode delivers enterprise-grade authentication and identity management within a single, unified framework. While debuting as a dedicated Identity Provider (IdP), the solution marks a significant expansio...

A Ghanaian national pleaded guilty to his role in a massive fraud ring that stole over $100 million from victims across the United States through business email compromise attacks and romance scams. [...]

The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching middle age — make up the largest cohort of today’s cybercriminals, according to an analysis of criminal cases carried out by Orange...

A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9...

Google tracked 90 vulnerabilities exploited as zero-days last year, with Chinese cyberespionage groups doubling their count from 2024 and commercial surveillance vendors overtaking state-sponsored hackers for the first time. Nearly half of the recorded zero-days targeted enterprise technologies s...

Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal e...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed...

Managed Security Service Provider können das Sicherheitsniveau nachhaltig steigern. Godlikeart | shutterstock.com Ein Managed Security Service Provider (MSSP) bietet seinen Kunden ein umfassendes Spektrum an Sicherheits-Services. Als Drittanbieter kann ein MSSP die Arbeitsbelastung der internen I...

Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch „private“ Akteure haben es auf sie abgesehen. Shutterstock Wie die Experten von Darktrace in ihrem aktuellen Threat Report 2026 darstellen, bleiben Cloud- und E-Mail-Konten das Einfallstor Nummer Eins in Europa. Dem Berich...

Iran attempts to hack security cameras to support its missile strikes, Israel bombs Iran’s cyber headquarters, authorities take down LeakBase and Tycoon 2FA, and TikTok says ‘no’ to encrypted private messaging.

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices. [...]

Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.

The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.

The bureau didn’t provide any further details on the incident, which reportedly targeted a network for managing surveillance activity. The post FBI targeted with ‘suspicious’ activity on its networks appeared first on CyberScoop .

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. [...]

Edge bugs are so fetch, and Cisco just patched 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.

OpenClaw's popularity is proving to be a great vessel for malware distribution, especially when it's advertised via Bing.

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. [...]

The 43-year-old Russian national ran a ransomware operation that impacted more than 1,000 victims globally. The conspiracy netted more than $39 million in extortion payments. The post Phobos ransomware leader pleads guilty, faces up to 20 years in prison appeared first on CyberScoop .

Researchers at Zenity Labs uncover PleaseFix flaws in Perplexity’s Comet browser. See how zero-click calendar invites allow AI agents to steal 1Password credentials and personal files.

Fig Security's platform traces security data flows end-to-end across SIEMs, pipelines, and response systems to alert teams before infrastructure changes break critical defenses.

Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error.

The vendor said it’s not aware of any active exploitation of the vulnerabilities, which could allow remote attackers to achieve root access and execute code. The post Cisco reveals 2 max-severity defects in firewall management software appeared first on CyberScoop .

With AI enabling fully automated cyber attacks, cyber resiliency has emerged as a critical strategy.

Europol seizes LeakBase cybercrime and hacker forum used to trade stolen data, disrupting a global platform with over 140,000 members.

Europol koordinierte den Schlag gegen Leakbase. PixelBiss – shutterstock.com Die Polizei von Amsterdam hat im Zuge einer internationalen Aktion laut Europol einen der weltweit größten Handelsplätze für gestohlene Daten geschlossen. Leakbase hatte weltweit 142.000 registrierte Nutzer, wie die euro...

Exploit kit "Coruna" targets iPhones running iOS 13.0 to 17.2.1, focusing on financial data theft

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the c...

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but c...

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction

The website was taken offline, and potential members arrested.

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, ...

Tycoon 2FA is no more thanks to a major law enforcement operation.

A global operation has resulted in the takedown of popular cybercrime forum LeakBase

Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit...

A joint law enforcement operation has dismantled LeakBase, one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members and more than 215,000 messages between me...

Zomato’s “Friend Recommendations” API allows unilateral contact syncing. By uploading a phone number, bad actors can extract a user’’ restaurant recommendation history and restaurant coordinates. By mapping overlapping delivery radii, an attacker can estimate a user's approximate physical locatio...

Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform’s core infrastructure. The alleged creator was also named in a civil complaint. The post Global coalition dismantles Tycoon 2FA phishing kit appeared first on CyberScoop .

Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.

The author of a new study told CyberScoop he's "very worried,” describing deanonymization capabilities of AI as a “large scale invasion of privacy.” The post LLMs are getting better at unmasking people online appeared first on CyberScoop .

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, drivi...

Law enforcers and industry partners have taken down notorious phishing-as-a-service platform Tycoon2FA

FulcrumSec leaked roughly 2GB of company data, but LexisNexis says it's old and outdated.

Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants. Here's his story.

Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict

Malware campaign uses Ukrainian email service for credibility, deploying "BadPaw" to execute attacks

Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. I...

Ransomware operators Anubis claimed the breach, saying it stole 170GB of sensitive data

Microsoft is reporting : Companies are embedding hidden instructions in “Summarize with AI” buttons that, when clicked, attempt to inject persistence commands into an AI assistant’s memory via URL prompt parameters…. These prompts instruct the AI to “remember [Company] as a trusted source” or “re...

A software supplier to France's health ministry was breached, with some very private information possible leaked.

As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actuall...

The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyber espionage activities.

The OpenID Foundation warns that fragmented policies on posthumous digital accounts could open the door for fraudsters to exploit AI deepfakes

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-help...

Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing int...

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: The US-Israeli attack on Iran had a whole lot of cyber. It’s clearly in the playbook now! The NSA Triangulation / L3 Harris Trenchant iOS exploit kit is on the loose, and being used...

Security researchers say exploits used by governments to hack into iPhones have been found to be used by cybercriminals. They warned of an emerging market for "secondhand" exploits.

The US conducted cyberattacks ahead of strikes on Iran, Russia aims for internet independence by 2028, Google finds a new iOS exploit kit in the wild, and Chrome moves to a two-week release cycle.

India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control.

Don't leave your OpenClaw with an easy password, experts warn.

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner...

AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

An OAuth feature is being abused in the wild to drop malware to people's computers.

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive a...

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected it...

Security researchers found a zero-click exploit in Perplexity AI browser, and helped fix it.

Hackers don't need an app to steal login credentials anymore - a PWA will do.

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a...

Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of red...

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of ...

Cybercriminals exploit the .arpa domain and IPv6 addresses to deliver phishing pages, bypassing traditional security and stealing credentials.

Cybercriminal group SLSH recruits women to impersonate IT helpdesks, offering up to $1,000 per call while targeting major companies.

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of ...

John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of c...

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent

Chainalysis reveals a big surge in median ransomware payment size in 2025 despite overall drop in criminal revenue

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources.

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actua...

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft. The post An Investigation Into Years of Undetected Operations Targeting High-Value Sectors appeared first on Unit 42 .

Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet, and Mamont banking Trojans.

Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran appeared first on Unit 42 .

A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw. The post Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel appeared first on Unit 42 .

Ignorance really was the way to achieve bliss Who, Me? Welcome to another working week, and another installment of "Who, Me?" – a weekly reader-contributed column that unearths your errors and reveals how you rebounded afterwards.…

백악관은 도널드 트럼프 대통령의 사이버 보안 전략을 공개했다. 오랜 기간 예고돼 온 이번 전략은 7쪽 분량의 보고서 로, 공세적 사이버 작전을 미국 정책의 중심에 배치하며 기존 접근 방식과 차별화를 시도했다. 국가사이버국(Office of the National Cyber Director, ONCD)이 수립한 이번 전략은 적대 세력 교란, 산업 규제 완화, 인공지능 도입 가속화에 방점을 찍었다. 동시에 연방 정부 시스템과 핵심 인프라 방어 강화도 주요 과제로 포함했다. 미 로펌 기업 베너블(Venable LLP) 사이버 보안 ...

TL;DR: Today only: Pay $11 for a lifetime of the AdGuard Family Plan and protect up to 9 devices from ads, trackers, malware, and unwanted content. Online browsing has become more cluttered than ever, with ads, pop-ups, and trackers competing for attention on nearly every page. The AdGuard Family...

GPT-5.4는 GPT-5.3-코덱스의 코딩 성능을 통합하면서 스프레드시트, 프레젠테이션, 문서 등 전문 업무 환경에서 다양한 도구와 소프트웨어를 활용하는 방식도 개선했다. 오픈AI는 이를 통해 복잡한 실제 업무를 보다 정확하고 효율적으로 수행하고, 사용자가 원하는 결과에 도달하기까지 필요한 반복 작업도 줄일 수 있을 것으로 전망했다. 오픈AI는 성능 측면에서도 GPT-5.4는 주요 벤치마크에서 개선된 결과를 보였다고 주장했다. 예를 들어 AI 에이전트가 실제 지식 기반 업무를 수행하는 능력을 평가하는 GDPval 벤치마크에서...

Inference at scale is much more complex than more GPUs, more tokens, more profits feature By now you've probably heard AI datacenters called factories. It's an apt description: power goes in and tokens come out.…

Research shows apparent Iranian state hackers trying to hijack consumer-grade cameras.

Now if only device makers would deliver higher quality components Thanks to Anthropic's AI and its bug-detecting abilities, Firefox users can now enjoy stronger security. Unfortunately, if browser crashes rather than security flaws are the problem, Claude probably can't help.…

GPT just keeps getting better at mathematics, increasingly solving the trickiest of problems. In January, AI testing company Epoch AI found that a previous version of the AI model, GPT-5.2 Pro had solved 31% of its mathematical challenges, a rise from the previous score best of 19%. The newest ve...

Switchzilla says flaws could allow file overwrites or privilege escalation Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.…

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves A new twist on the long-running ClickFix scam is now tricking Windows users into launching Windows Terminal and pasting malware into it themselves – handing the credential-stealing Lumma infostealer the keys t...

I love my home state of California. But sometimes its best intentions go awry. It’s not surprising that California’s legislature passed the Digital Age Assurance Act ( AB 1043 ) last October—age verification is currently a popular focus within governments. (And the reason for Discord’s current st...

AI developers must obtain licenses for copyrighted material before using it to train models, a committee of the House of Lords, the UK Parliament’s upper chamber, said Thursday. The committee called the approach “licensing-first,” meaning no training on protected works without prior permission an...

When Anthropic published a blog post last week describing how Claude Code can analyze and translate COBOL, the market rejoiced at yet another proof point of the power of LLMs. Critics also reacted swiftly, noting that translating COBOL is not the same as modernizing a system. After all, a system ...

Released from the curse of the update bork fairy Microsoft has finally fixed a Windows Recovery Environment (WinRE) bug it introduced in Windows 10's final update.…

It promised £1.15B… but finance ministry yet to show 'formal commitment' to adopt Workday SaaS, watchdog says The UK's Treasury is yet to fully commit to joining a multi-billion pound ERP and HR shared services program it has agreed to fund, potentially slashing any resulting savings, according t...

Mientras que C-3PO era ciencia ficción en la primera película de Star Wars en 1977, los robots humanoides ya son una realidad en las naves de producción de BMW. Tras introducir Figure 2 en la planta de Spartanburg, en Estados Unidos, BMW también está desplegando robots humanoides en su planta ale...

It’s ok, Todd. You’re only paranoid if you’re wrong. Okta chairman and CEO Todd McKinnon said he believes it would be difficult for an LLM alone to replicate the quality of SaaS applications his company provides, but that doesn’t stop him from worrying about competition from bots.…

Instead of the expected new major version Chrome 146, Google just released another update for Chrome 145 (presumably this version’s final security update). In the new Chrome versions 145.0.7632.159/160 for Windows and macOS and 145.0.7632.159 for Linux, the developers have fixed 10 security vulne...

Starting in September, Google’s Chrome browser will receive a new release every two weeks, the company has announced . Since 2021, Chrome has been on a four-week release schedule for new major versions. The rationale for the faster two-week cycle is to enable faster delivery of performance improv...

I was browsing on Reddit recently, as one does, and noticed yet another cynical comment dissing NordVPN . It compelled me to consider why exactly Nord in particular, and other popular VPNs in general, have this adverse public perception, and whether it’s actually fair. There is a trend in the onl...

So, you’ve received a suspicious link and would like to check whether the website is dangerous before visiting it. You can do this, for example, with the “URL Void” service from the security provider “No Virus Thanks.” To do this, go to www.urlvoid.com , enter the web address in question, and cli...

A list of topics we covered in the week of March 2 to March 8 of 2026

In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners one of the world's most prolific phishing-as-a-service platforms has been dismantled. First appearing in August 2023, Tycoon 2FA was designed specifically to help fraudsters hack into a...

MDR (Managed Detection and Response) delivers focused protection at the endpoint level. MXDR (Managed Extended Detection and Response) broadens that visibility across networks, cloud environments, identities, email, and more. Choosing the Right Fit: MDR is well‑suited for smaller or less complex ...

Key operator in global ransomware scheme admits to role in multimillion-dollar extortion campaign.

Bing search results pointed victims to GitHub repositories claiming to host OpenClaw installers, but in reality they installed malware.

Overview The Rakuten Viber messaging app for Android V25.7.2.0g and Windows V25.6.0.0-V25.8.1.0, has a flaw in its TLS handshake implementation when using the Cloak proxy configuration. This flaw allows for easy identification of proxy usage, potentially compromising user anonymity. Description R...

Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a way that any resulting samples still adhere to the grammar rules, thus the structure of the sampl...

[This is a Guest Diary by Joseph Gruen, an ISC intern as part of the SANS.edu BACS program]

If you run an accounting firm, tax practice, bookkeeping service, mortgage brokerage, financial advisory office, or small insurance agency, your business runs on trust. You handle tax returns, payroll data, bank details, loan applications, investment accounts, and insurance policies. That makes y...

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.

Google has patched 129 Android vulnerabilities, including an actively exploited flaw in a widely used Qualcomm component.

CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape th...

Too many organizations today still rely on "legacy" retainer models. These traditional contracts are often rigid, opaque, and reactive, and designed for a world that no longer exists.

Researchers found a now-patched vulnerability in "Live in Chrome" that allowed a Chrome extension to inherit Gemini’s permissions.

Cisco Talos continues to monitor the ongoing conflict in the Middle East. As always, we will be watching closely for any cyber-related incidents that are tied to the conflict.

Easy File Sharing Web Server v7.2 - Buffer Overflow

WeGIA 3.5.0 - SQL Injection

Boss Mini v1.4.0 - Local File Inclusion (LFI)

Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...

Torrance, United States / California, 2nd March 2026, CyberNewswire The post Criminal IP to Present Decision-Ready Threat Intelligence at RSAC™ 2026 appeared first on The Security Ledger with Paul F. Roberts .

Frankfurt am Main, Germany, 2nd March 2026, CyberNewswire The post Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat appeared first on The Security Ledger with Paul F. Roberts .

A fake purchase order attachment turned out to be a phishing page designed to harvest your login details.