Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

Authorities dismantle SocksEscort proxy network behind millions in fraud

SocksEscort, a residential proxy network used to exploit thousands of compromised home routers worldwide and facilitate large-scale fraud that cost victims millions of dollars, has been disrupted in an international law enforcement operation led by the U.S. Department of Justice. The domain seizure notice Law enforcement agencies seized 34 domains and 23 servers located in…

Beyond File Servers: Securing Unstructured Data in the Era of AI

File servers still exist for legacy storage and governance, but most modern workflows now happen in collaboration tools, code platforms, chats, and AI systems. File servers remain, but they are no longer central to operations. They still appear important on paper: legacy project shares with strict permissions, legal drives with structured folders, and network areas…

Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind

I used to think hybrid incidents would get easier once we standardized on “one tool”: one monitoring platform, one ticketing system, one on-call process. After a few real outages, I changed my mind. Hybrid response fails at the seams between ownership models: on-prem teams, cloud teams, security, vendors. Each group can be correct inside its…

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Microsoft has warned enterprises that cybercriminal group Storm-2561 is hijacking search engine results to serve trojanized VPN clients, stealing corporate credentials, and then covering its tracks before victims suspect anything is wrong. The group pushes spoofed websites to the top of results for queries such as “Pulse VPN download” or “Pulse Secure client,” redirecting users…

Red Access firewall-native SSE adds GenAI security and browser protection to existing firewalls

Red Access has announced firewall-native SSE, an agentless cloud layer that instantly upgrades any existing firewall with Security Service Edge (SSE), GenAI security, and browser-agnostic protection. Deployed directly on top of existing architecture, the firewall-native SSE eliminates the need for rip-and-replace projects, accelerating deployment while reducing operational overhead without compromising user experience. “Secure enterprise browsing…

The cyber perimeter was never dead. We just abandoned it.

Industry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it. The FBI’s Winter SHIELD effort is the operational side of…

Telus Digital hit with massive data breach

Telus Digital, which provides business process outsourcing (BPO) services to a range of organizations worldwide, has been hit with a massive cyberattack conducted by extortion group ShinyHunters The group, which has been in operation since 2020, specializes in stealing data from Salesforce and other SaaS vendors, and has also recently been conducting voice phishing (vishing)…

Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict

A cyberattack that an Iranian hacking group said it carried out against medical device manufacturer Stryker might mark Tehran’s first significant cyber action since the start of the joint U.S.-Israel conflict. But even that may have been a happy accident for Iranian hackers in what has been a low buzz of activity during that timeframe,…

AI Agent Safety Checklist

As organizations rapidly adopt AI agents to automate workflows, summarize data, and assist decision-making, security and governance teams face a new challenge: how to deploy AI safely without introducing unmanaged risk.  Unlike traditional SaaS tools, AI agents can interpret, generate, and act on data dynamically — often across multiple systems. That makes oversight, scope control,…

How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS

As organizations scale their cloud infrastructure, maintaining proper lifecycle management of Amazon Machine Images (AMIs) is a critical component of their security and risk management goals. AMIs provide the essential information required to launch Amazon Elastic Compute Cloud (Amazon EC2) instances, however; they present security and compliance challenges if not tracked and managed throughout their…

Active Directory Flaw Enables SYSTEM Privilege Escalation

A vulnerability in Microsoft’s Active Directory Domain Services could allow attackers to escalate privileges and potentially take full control of affected systems.  “Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network,” said Microsoft in its advisory. How the Active Directory…

Authorities takedown global proxy network SocksEscort

Authorities from multiple countries dismantled SocksEscort, a residential proxy network cybercriminals used to commit large-scale fraud, claiming access to about 369,000 IP addresses since 2020, the Justice Department said Thursday. Europol, which aided the investigation alongside various law enforcement agencies, Lumen’s Black Lotus Labs and the Shadowserver Foundation, said the malicious proxy service compromised routers…

400K WordPress Sites Exposed by Elementor Ally Plugin SQL Flaw

A vulnerability in a widely used WordPress accessibility plugin could allow attackers to steal sensitive data from vulnerable websites without logging in.  The flaw affects the Ally plugin developed by Elementor, which is installed on hundreds of thousands of sites worldwide This vulnerability “… can be leveraged to extract sensitive data from the database, such…

Report: AI Accelerates Attacks on Trusted Identities

A recent report from ConnectWise found that attackers are increasingly exploiting trusted identities, along with remote access infrastructure and software supply chains, while AI continues to accelerate in speed and scale. 2026 MSP Threat Report shows trusted identities and legitimate tools are top targets The research, ConnectWise’s 2026 MSP Threat Report, provides global threat intelligence…

Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules

Two years ago, it was revealed that Chinese hackers had compromised at least ten U.S. telecoms, giving them broad access to phone data affecting nearly all Americans. Since then, public officials charged with responding to the campaign and bolstering the nation’s cyber defenses have reported a common problem. Many of their constituents struggle to understand…

CVE-2026-21262: SQL Server Zero-Day Fixed in Microsoft’s March Patch Tuesday Release

The beginning of 2026 has brought a wave of zero-day vulnerabilities affecting Microsoft products, including the actively exploited Windows Desktop Window Manager flaw (CVE-2026-20805), the Microsoft Office zero-day (CVE-2026-21509) that prompted an out-of-band fix, and the Windows Notepad RCE bug (CVE-2026-20841). Microsoft’s March Patch Tuesday release keeps defenders busy again, this time shifting attention to…

Feds say another DigitalMint negotiator ran ransomware attacks and extorted $75 million

A 41-year-old South Florida man is accused of conducting at least 10 ransomware attacks and extorting a combined $75.25 million in ransom payments while he was working as a ransomware negotiator for DigitalMint.  Five of Angelo John Martino III’s alleged victims hired DigitalMint, which assigned Martino to conduct ransomware negotiations on their clients’ behalf —…

Iran-Linked Hacktivists Claim Wiper Attack on Stryker Systems

A cyberattack has disrupted global operations at medical technology manufacturer Stryker, forcing employees in multiple countries offline and cutting access to core corporate systems.  The incident, which began March 11, triggered widespread outages across the company’s Microsoft environment and left staff temporarily unable to access internal applications and devices.  “When a company the size of…

Atlassian cuts 1,600 jobs to fund AI and enterprise expansion

Atlassian will reduce its global workforce by approximately 10%, eliminating around 1,600 roles, as the collaboration software maker redirects capital toward artificial intelligence development and enterprise sales. Co-CEO and co-founder Mike Cannon-Brookes disclosed the cuts in a blog post. The decision, he said, was made to “self-fund further investment in AI and enterprise sales” while…

MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection 

Security teams depend on early signals to spot and contain new threats. But what happens when a fully capable infostealer spreads while traditional detections stay limited?  In recent investigations, ANY.RUN researchers observed MicroStealer in 40+ sandbox sessions in less than a month, despite low public visibility. Early activity points to distribution through compromised or impersonated accounts,…

Saviynt Taps NEXTGEN, an Exclusive Networks Company, to Accelerate Digital Identity Security in Australia

COMPANY NEWS:    Collaboration strengthens Saviynt’s partner-first strategy as AI-driven identity risk builds across the APJ region Key Highlights: Saviynt will broaden access to AI-ready identity security for organisations navigating growing digital risks NEXTGEN will help scale Saviynt’s partner ecosystem across APJ, enabling faster adoption of identity-centric security in the AI era 

North Korean fake IT worker tradecraft exposed

Research from GitLab has exposed the latest tradecraft behind North Korean fake IT worker scams. GitLab banned 131 North Korean-attributed accounts last year, most of which involved JavaScript repositories that acted as resources in the so-called Contagious Interview campaign. In most cases, GitLab projects acted as obfuscated loaders for malware payloads — such as BeaverTail…

U.S. CISA adds a flaw in n8n to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in n8n to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an n8n flaw, tracked as CVE-2025-68613 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. n8n is a workflow automation platform designed for technical teams that combines the…

Stop fixing OT security with IT thinking

In this Help Net Security interview, Ejona Preçi, Group CISO at Lindal Group, discusses the specific cybersecurity challenges in manufacturing environments. The conversation covers why standard IT security practices break down on shop floors, where PLCs and decade-old firmware were never designed to be networked. She explains how nation-state actors quietly settle into industrial networks,…

Bell Ambulance data breach impacted over 238,000 people

Bell Ambulance confirms a February 2025 breach affecting 238,000 people, exposing personal, financial, and health information. Nearly 238,000 individuals are impacted by a February 2025 Bell Ambulance data breach. Bell Ambulance is a U.S.-based emergency medical services provider offering ambulance transport, paramedic care, and patient support. It serves communities with urgent medical response, interfacility transfers,…

When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)

[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program] Introduction Have you ever installed a new device on your home or company router? Even when setup instructions are straightforward, end users often skip the step that matters most: changing default credentials. The excitement of deploying a…

How not to steal $46 million from the US government

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within minutes, giant woodpecker images are plastered across the internet’s favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it – and…

CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the wild. The agency has also updated its directive related to two Cisco Catalyst SD-WAN flaws that were also fixed last month after being used in zero-day…

Pro-Palestinian hacktivist group Handala targets Stryker in global disruption

Pro-Palestinian hacktivist group Handala claims a cyberattack on Stryker, alleging it wiped 200,000 systems and disrupted global operations. Pro-Palestinian hacktivist group Handala claims responsibility for a disruptive cyberattack against medical technology firm Stryker. “Medical technology giant Stryker is experiencing a global outage across its systems after a cyberattack early Wednesday. Staff and contractors report that…

Microsoft SQL Server Vulnerability Enables Privilege Escalation

A vulnerability in SQL Server could allow attackers to escalate their privileges to system administrator level within affected database environments.  “Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network,” said Microsoft in their security advisory. Understanding CVE-2026-21262 The vulnerability, tracked as CVE-2026-21262, carries a CVSS score of 8.8…

Microsoft .NET Vulnerability Enables Remote DoS Attacks

Microsoft has released a security update to address a vulnerability in the .NET platform that could allow attackers to remotely crash affected applications.  The flaw enables unauthenticated attackers to trigger a Denial-of-Service (DoS) condition, potentially causing applications or services running on vulnerable .NET environments to become unavailable.  Exploitation of the vulnerability “… allows an unauthorized…

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at…

Network Map 2.0 provides live network mapping and faster risk containment

Zero Networks has announced Network Map 2.0, an advancement in real-time network mapping designed to help large enterprises eliminate decision paralysis, reduce blast radius and turn visibility into immediate, enforceable action. Network Map 2.0 capability replaces static, point-in-time visualizations that must be generated on demand with a continuously updated, living map of the enterprise. Unlike…

Netskope Launches Security Suite Addressing AI Ecosystem

Netskope, a security and networking provider, has announced Netskope One AI Security, a suite of new AI security tools designed to protect and accelerate the AI ecosystem. Addressing AI-driven security risks Unified within the Netskope One platform, the suite introduces four new products: Netskope One Agentic Broker, Netskope One AI Gateway, Netskope One AI Read…

SolarWinds: 77% of IT Teams Lack Visibility Across Environments

Seventy-seven percent of IT teams lack full visibility across on-prem and cloud environments, according to SolarWinds’ 2026 State of Monitoring & Observability Report. The study examines how IT teams are navigating increasingly fragmented hybrid environments and how AI is reshaping modern observability. Balancing legacy and cloud IT environments SolarWinds, in partnership with UserEvidence, surveyed more…

Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX

Hewlett Packard Enterprise (HPE) fixed several flaws in Aruba AOS-CX, including a critical bug that lets attackers reset admin passwords. Hewlett Packard Enterprise (HPE) patched multiple vulnerabilities in Aruba AOS-CX, the operating system used in Aruba CX switches. The most severe issue, tracked as CVE-2026-23813 (CVSS score of 9.8), allows unprivileged attackers to bypass authentication…

Why zero trust breaks down in IoT and OT environments

Zero trust solves the wrong problem in OT Zero trust has become the dominant security narrative of the past decade, and rightly so. Its core principles, never trust, always verify; assume breach; enforce least privilege, have reshaped how organizations think about identity, access and lateral movement. In enterprise IT environments, these principles have produced measurable…

Did cybersecurity recently have its Gatling gun moment?

On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of kinetic battles. The later named “Siege of Petersburg,” was the first recorded instance of the Gatling gun being used in battle.…

Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network switches without any credentials. The critical flaw, CVE-2026-23813, scored 9.8 out of 10 on the CVSSv3.1 scale. According to a security advisory HPE published on…

If consequences matter, they should apply to vendors, too

Washington has rediscovered consequences. Just not consistently. The March 6 executive order rests on a simple, correct idea: cyber-enabled fraud persists because it is profitable, scalable, and too often tolerated. So the government’s answer is to raise the cost. More coordination. More disruption. More prosecutions. More diplomatic pressure on the states that shelter these operations.…

KadNap bot compromises 14,000+ devices to route malicious traffic

KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the…

Virtana enables full-stack root cause analysis beyond legacy APM

Virtana has launched an Application Observability offering that traces performance issues from application code through infrastructure, networks, storage, and AI workloads to deliver evidence-based root cause analysis without manual correlation. Built for autonomous operations at scale, the solution redefines the application as a system rather than software, automatically correlating performance issues across the full enterprise…

12 ways attackers abuse cloud services to hack your enterprise

Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic. Adversaries are pushing command and control (C2) through high-reputation services, including OpenAI and AWS, to blend in with normal business traffic and evade blocklists. The shift from “living off the land” to “living off the…

Zero trust, zero buzzwords: Here’s what it means

In this Help Net Security video, Murat Balaban, CEO of Zenarmor, breaks down zero trust and zero trust network access (ZTNA) without the buzzwords. The video covers why this approach matters, including the risk of lateral movement after a breach and the growing number of remote workers accessing private resources. Murat walks through three real-world…

March Patch Tuesday: Three high severity holes in Microsoft Office

Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities. Still, Jack Bicer, director of vulnerability research at Action1, says these Office-related flaws should be treated “with urgency.” “Productivity tools remain one of the most…

Microsoft Patch Tuesday security updates for March 2026 fixed 84 bugs

Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities in its products. None of the flaws are known to be exploited so far. Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities across its products. The IT giant addressed flaws across Windows, Office, Edge, Azure, SQL Server, Hyper-V, and ReFS. Including…

Fake OpenClaw npm Package Installs GhostClaw Malware

A malicious npm package is targeting developers by posing as a legitimate command-line tool while secretly deploying an infostealer and a remote access trojan (RAT).  The package, @openclaw-ai/openclawai, masquerades as an OpenClaw Installer utility but instead initiates a multi-stage malware operation.  Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and…

Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days

Microsoft addressed 83 vulnerabilities that cut across its broad portfolio of enterprise software and underlying services in its latest security update. The company’s Patch Tuesday release contained no actively exploited zero-day vulnerabilities and six defects it described as more likely to be exploited.  The vendor’s batch of patches marks the first monthly update without an…

FBI says even in an AI-powered world, security basics still matter

Artificial intelligence may be enhancing cyber threats, but the defensive approach to those AI-amplified attacks remains the same, a top FBI official said Tuesday. “We have seen actors both criminal and nation-state, they’re absolutely using AI to their advantage,” said Jason Bilnoski, deputy assistant director at the FBI’s cyber division. “But the way attacks unfold…

Attackers exploit FortiGate devices to access sensitive network information

Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about…

Teams Social Engineering Campaign Drops A0Backdoor Malware

Microsoft Teams impersonation and social engineering tactics are being used in an ongoing campaign to deliver a stealthy malware payload known as A0Backdoor.  Researchers at BlueVoyant report that the operation combines social engineering techniques, malicious installers, and covert command-and-control (C2) communications to gain persistent access within targeted networks. “The malware’s loader exhibits anti-sandbox evasion, and…

Security is a team sport: AWS at RSAC 2026 Conference

The RSAC 2026 Conference brings together thousands of professionals, practitioners, vendors, and associations to discuss issues covering the entire spectrum of cybersecurity—a place where innovation meets collaboration and the industry’s brightest minds converge to shape its future. This March, Amazon Web Services (AWS) returns to the annual RSAC Conference in San Francisco to share how…

Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)

Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities. Disclose vulnerabilities: CVE-2026-26127: A denial of service vulnerability in .Net. Microsoft considers exploitation unlikely. The…

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology

AWS Security Hub is expanding to unify security operations across multicloud environments

After talking with many customers, one thing is clear: the security challenge has not gotten easier. Enterprises today operate across a complex mix of environments, including on-premises infrastructure, private data centers, and multiple clouds, often with tools that were never designed to work together. The result is enterprise security teams spend more time managing tools…

There’s only one kind of tool security teams should be building with AI

I am not sure what I’ve been doing on social media over the past year (particularly on LinkedIn), but these days my feed is filled with posts of security people who build some very cool tools. There’s so much excitement that with LLMs, anyone can now be a product developer, which means that security teams…

Fake Claude Code Install Pages Spread Infostealer Malware

Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute malware through fake software installation pages.  Security researchers at Push Security recently uncovered a campaign targeting users of Anthropic’s Claude Code, a popular command-line AI coding assistant.  The attackers are using cloned websites and malicious search advertisements…

OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector

ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams.  Key Takeaways  OAuth Device Code phishing is rising rapidly. Campaigns abusing Microsoft’s Device…

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing setup that produced millions in value every day. Everyone knew that the system was a risk, but no one was willing…

U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2021-22054 (CVSS score of 7.5) Omnissa Workspace ONE…

Why access decisions are becoming the weakest link in identity security

In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in. We often obsess over the perimeter and the sophistication of technical exploits, but many of the most damaging security failures I’ve witnessed didn’t involve a zero-day or…

Ericsson US confirms breach after third-party provider attack

Ericsson US reports a data breach after attackers hacked a service provider, exposing employee and customer information. Ericsson Inc., the U.S. branch of the Swedish telecom giant, disclosed a data breach after a service provider was hacked. The attack compromised the personal information of an unspecified number of employees and customers. “On April 28, 2025,…

Hacker abusing .arpa domain to evade phishing detection, says Infoblox

A threat actor has found a new way to evade phishing detection defenses: Manipulate the .arpa top-level domain (TLD) and IPv6-to-IPv4 tunneling to host phishing content on domains that shouldn’t resolve to an IP address.  For the uninitiated, the .arpa domain is an Address and Routing Parameter Area domain meant to be used exclusively for internet infrastructure…

Malicious Chrome Extension Targets imToken Wallet Users

A malicious Chrome extension disguised as a harmless color visualization tool is quietly redirecting users to phishing pages designed to steal cryptocurrency wallet credentials.  Socket researchers warn that the extension impersonates the popular imToken wallet brand and tricks victims into entering their seed phrases or private keys. The “… extension automatically opens a threat actor-controlled…

AVideo Zero-Click Flaw Lets Attackers Hijack Live Streams

A flaw in the open-source AVideo platform requires no authentication and allows attackers to remotely execute commands and take over affected servers. Exploitation of the vulnerability “… can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption,” said researchers. Inside the AVideo Server Takeover Risk AVideo is an…

CleanMyMac Imposter Site Installs SHub Stealer on Macs

A fake version of the popular Mac utility CleanMyMac is being used to trick users into installing data-stealing malware. The campaign uses a fraudulent website that instructs visitors to manually run a command in Terminal, which secretly installs a macOS infostealer known as SHub Stealer.  This malware steals “… sensitive data including saved passwords, browser…

Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)

Last week, two related RFCs were published:  RFC 9848: Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings RFC 9849: TLS Encrypted Client Hello These TLS extensions have been discussed quite a bit already, and Cloudflare, one of the early implementers and proponents, has been in use for a while. Amidst an increased concern about threats to privacy…

Why MSPs Should Focus on Managed Patch Management in 2026

In 2026, patch management is more critical than ever as organizations face a rapidly evolving threat environment. AI-driven attacks have increased both the volume and sophistication of exploits, making vulnerabilities easier and faster for threat actors to weaponize.  As a result, MSPs and internal IT teams alike must implement effective patch management strategies to keep…

Security Leaders Warn of Cyber Risks Tied to Iran Conflict

The escalating confrontation between the United States and Iran is raising concerns among cybersecurity agencies and security leaders, who have warned businesses to be on alert for a potential increase in cyberattacks from the region. Governments warn of increased cyber activity linked to Iran conflict Official warnings from cybersecurity centers in the United States, the…

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed

PQC roadmap remains hazy as vendors race for early advantage

Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent. That posture is beginning to shift. Earlier this year, Palo Alto Networks published a blog announcing a new “quantum-safe security” initiative, framing it as a way for enterprises to assess where quantum-vulnerable cryptography exists across…

Product Showcase: Fing Desktop puts network visibility on your screen

Phones, laptops, smart TVs, cameras, and smart home equipment all use the same network. Knowing what’s connected helps users manage performance and security. Fing Desktop provides tools that identify devices, test connectivity, and analyze network activity. Creating an account is required to use the platform. Account creation The free plan gives access to core discovery…

How AI Assistants are Moving the Security Goalposts

AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting…

Critical Nginx UI flaw CVE-2026-27944 exposes server backups

Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-27944 (CVSS score of 9.8), allows attackers to download and decrypt full server backups without authentication. The flaw poses a serious risk to organizations exposing the management…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem!   StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer   Inside a fake Google security check that becomes a browser RAT   SloppyLemming…

Security Affairs newsletter Round 566 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI probing intrusion into a system managing sensitive surveillance information Reading White House President Trump’s Cyber…

FBI probing intrusion into a system managing sensitive surveillance information

The Federal Bureau of Investigation (FBI) is probing suspicious activity on an internal system containing sensitive surveillance and investigation data. The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations, The Associated Press reports. According to a notification sent to members of the United…

Reading White House President Trump’s Cyber Strategy for America (March 2026)

White House released President Trump’s Cyber Strategy for America, framing cyberspace as a strategic domain to project power and counter growing cyber threats The White House has released “President Trump’s Cyber Strategy for America,” a document that outlines how the United States intends to maintain dominance in cyberspace and confront an increasingly hostile digital landscape.…

Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence

Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support military activity and battle damage assessment (BDA). During the Israel-Iran tensions, researchers from Check Point Software Technologies observed…