Geek-Guy.com

Category: Network Security

Auto Added by WPeMatico

IP Fabric MCP server adds governance and control to enterprise AIOps workflows

IP Fabric has launched a new Model Context Protocol (MCP) server that removes key barriers to enterprise AIOps adoption, combining secure in-platform deployment with a built-in prompt library for network operations. While MCP servers and AI integrations are increasingly common, most fall short in enterprise environments where security, control and trusted data are non-negotiable. IP…

RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace

Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of how ransomware has become an organized marketplace, with sellers, buyers, brokers, and recruiters all playing different roles in the…

U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-33825 is a Microsoft Defender flaw that can be exploited…

Scale Computing Execs on Unified Edge, Partner-First Strategy

Scale Computing, an edge-first platform company, is positioning itself as a platform that spans everything outside traditional data centers and cloud environments, from localized infrastructure to device-level deployments. Executives point to unique challenges in modern infrastructure needs Craig Theriac, VP of Product Management at Scale Computing, told Channel Insider that this spectrum introduces real-world challenges…

Oracle Builds for AI While Channel Rivals Chase Share

Oracle is reshaping its enterprise strategy around AI, multicloud infrastructure, and deeper ties with hyperscale partners such as AWS. But as the company pours billions into data centers, pushes agentic AI across its portfolio, and cuts jobs to support that transition, rivals see an opening to compete more aggressively for Oracle-adjacent workloads. That opportunity is…

Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure

Serial-to-Ethernet adapters used in industrial, retail, and healthcare environments to link serial devices to TCP/IP networks are riddled with vulnerabilities and outdated open-source components, researchers warn. The flaws enable various attacks scenarios, including taking full control of mission-critical equipment such as remote terminal units, programmable logic controllers, point-of-sale systems, and bedside patient monitors. In a…

Malicious pgserve, automagik developer tools found in npm registry

Application developers are being warned that malicious versions of pgserve, an embedded PostgreSQL server for application development, and automagik, an AI coding tool, have been dropped into the npm JavaScript registry, where they could poison developers’ computers. Downloading and using these versions will lead to the theft of data, tokens, SSH keys, credentials, including those…

Anthropic Probes Alleged Unauthorized Access to AI Security Tool Mythos

Anthropic is investigating reports that an unauthorized group gained access to its newly launched tool, Mythos, highlighting potential gaps in how early-access AI systems are distributed and secured. “Unauthorized users were able to access Anthropic’s Mythos model, reportedly by just changing a model name,” said Shane Fry, CTO at RunSafe Security in an email to…

Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers

Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Link routers, Akamai reports. The flaw allows attackers to inject commands because an attacker-controlled value is copied without…

A technical walkthrough of multicloud full-stack security using AWS Security Hub Extended

Building on our recent announcement of AWS Security Hub Extended —our full-stack enterprise security offering — we want to show you how we’re simplifying security procurement and operations for your multicloud environments. Whether you’re a security architect evaluating solutions or a CISO looking to streamline vendor management, this post walks through the streamlined experience that…

5 Best Free VPNs You Can Trust in 2026 (And the Premium Trials Worth Trying)

This guide is for everyday users, remote workers, and privacy-conscious professionals who want to stay secure online without paying upfront, and it highlights the best free VPNs in 2026 you can trust along with premium trials worth testing before committing. Free Wi-Fi at the airport. A coffee shop hotspot. Even your home network. Every time…

Over 1,300 SharePoint Servers Still Exposed to Actively Exploited Spoofing Flaw

More than 1,300 internet-exposed Microsoft SharePoint servers remain unpatched against a spoofing flaw previously exploited as a zero-day. “Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network,” said Microsoft in its advisory. SharePoint Servers Still Exposed  The vulnerability, tracked as CVE-2026-32201, affects SharePoint Enterprise Server 2016, SharePoint…

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the…

News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category

NEW YORK, Apr. 21, 2026, CyberNewswire—BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition marks the first time BreachLock has been identified in the Adversarial Exposure Validation (AEV) category since launching its agentic AI-powered Adversarial Exposure Validation platform in 2025. Not only has the company gained recognition in the AEV market quickly, but BreachLock has also emerged as the only vendor offering adversarial exposure validation, Penetration Testing…

CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability

Microsoft has released an out-of-band update to fix an ASP.NET Core vulnerability that could allow attackers to take full control of affected systems.  The flaw enables unauthenticated privilege escalation, increasing risk for enterprises running .NET workloads.  “Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network,” said…

Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw

Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access…

Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters

22 BRIDGE:BREAK flaws hit Lantronix and Silex Technology converters, exposing approximately 20,000 devices to hijacking and data tampering. Researchers at Forescout Research Vedere Labs found 22 BRIDGE:BREAK flaws in serial-to-IP devices from Lantronix and Silex Technology. Serial-to-IP converters, also known as serial device servers, connect legacy serial equipment to modern IP networks for remote monitoring…

New Mirai variants target routers and DVRs in parallel campaigns

Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging by the aforementioned hard-coded string, this particular variant might have been coded the old-fashioned way. “Tuxnokill”…

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…

Toxic Combinations: When Cross-App Permissions Stack into Risk

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API…

The AI era demands a different kind of CISO

Many security leaders are still operating with frameworks built for a different era. For years, success was measured by fixed checkpoints, such as passing audits, closing vulnerabilities, and maintaining compliance. Those markers still have value, but they were designed for a threat landscape that moved in predictable, linear ways. Today, that landscape is shifting in…

Anthropic bets on EPSS for the coming bug surge

Anthropic’s Mythos has intensified a problem that vulnerability management programs were already struggling to contain: too many vulnerabilities and not enough clarity about which ones matter. What changes with Mythos — and the AI-based class of vulnerability discovery systems it represents — is the speed at which software flaws can be found and exploited. That…

Venezuela energy sector targeted by highly destructive Lotus wiper

Lotus Wiper hit Venezuelan energy systems, used scripts to disable defenses, then erased all data beyond recovery. Kaspersky researchers found Lotus Wiper targeting Venezuela’s energy and utilities sector amid regional tensions in 2025–2026. Attackers first used batch scripts to weaken systems, disable defenses, and prepare the environment. Then they deployed the wiper, which erased recovery…

The 6 Best Partner Relationship Management (PRM) Software in 2026

Partner Relationship Management (PRM) software is a type of B2B solution designed to help companies manage and optimize their partner relationships. The best PRM platforms typically include features such as partner management, lead distribution, deal registration, and incentives and rewards management to drive better outcomes. In this guide, we’ll explore the top PRM software solutions…

[Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)

[This is a Guest Diary by L. Carty, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1].] Introduction A few weeks ago, my honeypot logged an incident that changed how I think about modern attacks. A threat actor broke into my system using weak SSH credentials and immediately…

$293M KelpDAO Crypto Heist Exposes Cross-Chain Weaknesses in DeFi

A $293 million cryptocurrency theft has rocked the decentralized finance (DeFi) ecosystem, with KelpDAO at the center of an attack now suspected to be linked to North Korea’s Lazarus Group.  The attack highlights how quickly sophisticated attackers can exploit weaknesses in cross-chain infrastructure. “Preliminary indicators suggest attribution to a highly sophisticated state actor, likely DPRK’s…

Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered

Two weeks after researchers using an AI tool discovered a major hole in Apache’s ActiveMQ messaging middleware, there are still thousands of unpatched instances open to the internet, more evidence that many application developers and IT leaders aren’t paying close attention to warnings about vulnerabilities. While the remote code injection vulnerability [CVE-2026-34197] was revealed on…

Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety

A core leader of the hacker subset of The Com responsible for a series of high-profile phishing attacks and cryptocurrency thefts from September 2021 to April 2023 pleaded guilty to federal charges, the Justice Department said Friday.  Tyler Robert Buchanan of Dundee, Scotland, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft.…

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led to the discovery of a botnet of more than 1,570 victims. “SystemBC establishes SOCKS5 network…

VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes

Oracle shipped VirtualBox 7.2.8 on April 21, 2026, as a maintenance release covering crashes, networking problems, clipboard issues, and extended Linux kernel compatibility. The update touches the VMM layer, NAT networking, graphics, UEFI, and both Linux and Windows guest support. VMM and core stability A Guru Meditation error carrying the code VERR_IEM_IPE_4 is fixed in…

130K Users Compromised by StealTok Campaign That Uses Fake TikTok Downloaders 

A widespread browser extension campaign is quietly compromising users by disguising data-stealing tools as TikTok video downloaders. “While many people see browser extensions as harmless little widgets, oftentimes they have no idea who is actually behind these extensions, and what capabilities they contain within their source code,”  said Natalie Zargarov, security researcher at LayerX in…

COO Mark Cree Outlines Scale Computing’s Edge Platform Push

Scale Computing used its Platform//2026 Summit to position its expanded edge computing platform alongside new partner growth opportunities as it looks to move beyond its roots in virtualization. In an interview at the event, President and COO Mark Cree outlined how the company is evolving into a full-stack edge provider spanning compute, networking, security, and…

Azure SRE Agent flaw let outsiders silently eavesdrop on enterprise cloud operations

A high-severity authentication flaw in Microsoft’s Azure SRE Agent exposed sensitive agent data to unauthorized network access, according to a confirmed vulnerability disclosure. The issue was identified by Enclave AI researcher Yanir Tsarimi, who detailed the findings in a blog post describing how agent interactions could be accessed without proper authentication controls. The vulnerability has…

Prompt injection turned Google’s Antigravity file search into RCE

Security researchers have revealed a prompt injection flaw in Google’s Antigravity IDE that could be weaponized to bypass its sandbox protections and achieve remote code execution (RCE). The issue came from Antigravity’s ability to allow AI agents to invoke native functions, like searching files, on behalf of the user. Designed to kill complexity, the feature…

The US NSA is using Anthropic’s Claude Mythos despite supply chain risk

Axios reports the National Security Agency uses Anthropic Mythos model despite Department of Defense concerns, blurring AI risk vs defense lines. The reported use of Anthropic’s Mythos model by the U.S. National Security Agency is a reminder that the line between AI as a defensive tool and AI as a security risk is getting harder…

Why identity is the driving force behind digital transformation

Identity centric technologies have undergone a significant transformation in recent times. Gone are the days when it was all about logging in and out of any given system. Today, identity has become the backbone of all digital enterprises. It’s the ‘invisible engine’ that powers everything. From security to how modern-day products are sold. Today’s Identity…

U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known…

Top techniques attackers use to infiltrate your systems today

Much of the talk around cybersecurity these days revolves around AI and the threat it poses to corporate systems when used by nefarious actors. But the reality on the ground remains a little more mundane than polymorphic AI malware and criminal masterminds putting machine learning and generative AI to work at scale. Still, keeping on…

The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops

On April 7, six US government agencies issued a critical advisory warning domestic private sector organizations of potential infrastructural cyberattacks conducted by Iranian-affiliated Advanced Persistent Threat (APT) actors. The advisory stops short of attributing these threats to a single group but makes reference to 2023 attacks on US water and wastewater facilities linked to the…

New Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits Businesses

Editor’s note: The research is authored by Mauro Eldritch, offensive security expert and a founder of BCA LTD, a company dedicated to threat intelligence and hunting. You can find Mauro on X.  The recent wave of ClickFix attacks has introduced several new ways to compromise users, establishing itself as a technique that is likely here to stay. We have observed Lazarus Group using…

Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility

Bluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its services for about 24 hours, starting on April 15. Bluesky is a decentralized, open-source microblogging social media platform similar to X (formerly Twitter). It allows users to post…

Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution

As organizations consider agentic AI for their business and IT stacks, researchers continue to find bugs and vulnerabilities in major, commercial models  that can significantly expand their attack surface. This week, researchers at Pillar Security disclosed a vulnerability in Antigravity, an AI-powered developer tool for filesystem operations made by Google. The bug, since patched, combined…

Cyberattack That Could Have Poisoned a City’s Water Supply by Manipulating Chlorine Levels

In mid-April 2026, researchers at Darktrace published a detailed breakdown of a malware sample that occupies a narrow but alarming niche in the threat landscape: a Windows-based OT weapon apparently designed from the ground up to sabotage Israeli water treatment and desalination infrastructure. The malware identifies itself internally as ZionSiphon — the name appears in a core…

Panasonic Connect introduces TOUGHBOOK 56 for Mobile Professionals

Panasonic Connect North America has launched the TOUGHBOOK 56, a modular rugged laptop designed to support mobile workers across a range of industries. The new device delivers high-performance computing, faster connectivity options, improved thermal management, and advanced security features for professionals in public safety, utilities, enterprise, and federal operations. Offering purpose-built machine to frontline professionals…

Procure IT & NetWolves Target Enterprise IT Expense Visibility

NetWolves has partnered with Procure IT to integrate its Managed Intelligence Platform into the provider’s Site Connectivity as a Service (SCaaS) offering, aiming to give large enterprises greater visibility into IT spending across vendors, contracts, and services. Why Procure IT and NetWolves formed the partnership The goal is to give Fortune 1000 companies and large…

Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft

Tyler Buchanan, linked to Scattered Spider, pleaded guilty in the US to hacking companies and stealing millions in cryptocurrency. Tyler Buchanan, a 24-year-old from Scotland linked to the Scattered Spider group, admitted in a US court that he hacked dozens of companies, committed fraud, and stole millions in cryptocurrency. Spanish police arrested the British national…

Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one

Public key infrastructure — the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology — is facing a double whammy. Related: Achieveing AI security won’t be easy Autonomous AI agents are flooding enterprise networks, most without verified identities or any meaningful governance. What’s more, quantum computers are…

How to clone an AWS CloudHSM cluster across Regions

Important: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been updated to use Client SDK 5 commands exclusively. Ensure you’re using the latest Client SDK 5 version (5.17 or later) for the most recent features and security improvements. You can use AWS CloudHSM to…

NIST Scales Back Vulnerability Scoring in 2026 as CVE Volume Surges

The National Institute of Standards and Technology (NIST) is narrowing how it analyzes and scores software vulnerabilities, citing a sharp increase in submissions that has made it difficult to keep pace.  “For years, security teams relied on NVD for vulnerability context to support prioritization decisions. But that model is under real strain,” said Ian Gray,…

CVE-2023-33538 under attack for a year, but exploitation still unsuccessful

Hackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to exploit a serious flaw, tracked as CVE-2023-33538 (CVSS score of 8.8), in outdated TP-Link routers, but so far without success. The vulnerability is a command…

Vercel Confirms Security Incident as Threat Actor Claims Stolen Data for Sale

Cloud development platform Vercel has confirmed a security incident involving unauthorized access to internal systems, after a threat actor claimed to be selling stolen company data online.  “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems,” said the company in its advisory. Threat Actor Claims Access to Vercel Systems  Vercel…

Network ‘background noise’ may predict the next big edge-device vulnerability

Attackers rarely exploit an edge-device vulnerability indiscriminately. Typically, they first test how widely the flaw can be used and how much access it can provide, then move on to steal data or disrupt operations. Pre-attack surveillance and planning leaves a lot of noise in its wake. These signals — particularly spikes in traffic that are…

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CPU-Z / HWMonitor watering hole infection – a copy-pasted attack   Fake Claude site installs malware that gives attackers access to your computer   Malware Analysis Static SKILL for Codex   JanelaRAT: a financial threat targeting users in Latin…

Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware Nexcorium Mirai variant…

Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

Attackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on…

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability…

World ID expands its ‘proof of human’ vision for the AI era

Identity management is a critical concern for any enterprise, and it’s becoming ever more complex and convoluted with the advent of AI agents. World ID is taking a unique (and to some, controversial) approach to this challenge by building a ‘digital proof of human’ ecosystem for the internet. Today, at its “Lift Off” event, the…

Flawed Cisco update threatens to stop APs from getting further patches

Cisco admins are scrambling to patch a critical flash memory overflow vulnerability in over 200 Cisco Systems IOS XE-based models of wireless access points (APs), caused by a recent flawed software update. If the issue is not corrected quickly, the AP’s memory will become so flooded that new software updates will be blocked and the…

Microsoft’s Patch Tuesday release for April is a whopper

Windows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle we can recall. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild.  The Readiness team is recommending “Patch Now” schedules…

Transform security logs into OCSF format using a configuration-driven ETL solution

Security logs capture essential security-related activities, such as user sign-ins, file access, network traffic, and application usage. These logs are important for monitoring, detecting, and responding to potential security events. The Open Cybersecurity Schema Framework (OCSF) addresses this challenge by providing a standardized format to represent security events, ensuring consistent and efficient data handling across…

Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered

Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts. Operation PowerOFF is an international law enforcement action that dismantled 53 domains linked to DDoS-for-hire services used by over 75,000 cybercriminals. Authorities arrested four suspects, seized infrastructure, and gained access to databases containing more than…

Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances

In two decades, Palo Alto Networks has evolved from a next-generation niche player to one of the largest global cybersecurity giants today. Under its mantra of “platformization,” the company has catapulted its revenues over its closest competitors and boosted its stock valuation to over $130 billion. No stranger to AI use in cybersecurity, Palo Alto recently announced…

Liongard upgrades LiongardIQ with AI access, live asset data, and deeper discovery

Liongard has announced the expansion of LiongardIQ with new capabilities spanning programmatic AI integration, conversational querying, enhanced network discovery, and deeper identity mapping, extending its system of authority for asset intelligence across the full IT stack. Without a trusted foundation of asset intelligence, automation runs on assumptions, AI agents query stale data, and security gaps…

Inside ZionSiphon: politically driven malware aims at Israeli water systems

New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt operations by altering hydraulic pressure and increasing chlorine levels to unsafe levels. The malware combines…

U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-34197 is a critical flaw in Apache ActiveMQ caused by…

US nationals sentenced for aiding North Korea’s tech worker scheme

Two New Jersey men were sentenced Wednesday for facilitating North Korea’s long-running scheme to plant operatives inside U.S. businesses as employees, generating more than $5 million in illicit revenue for the regime, the Justice Department said.  The U.S. nationals — Kejia Wang, also known as Tony Wang, and Zhenxing Wang, also known as Danny Wang…

RCE by design: MCP architectural choice haunts AI agent ecosystem

AI agent building tools enable users to configure Model Context Protocol (MCP) servers may be exposing systems to remote code execution due to an architectural decision in Anthropic’s reference implementation. At issue are unsafe defaults in how MCP configuration works over the STDIO interface, with broad implications for the agent ecosystem, according to a new…

ImmuniWeb brings AI upgrades, post-quantum detection and more in Q1 2026

ImmuniWeb unveiled technical updates, new features and functionalities across all products available on the ImmuniWeb AI Platform. ImmuniWeb Discovery Launch of a dedicated Cyber Threat Intelligence (CTI) dashboard Advanced detection of exposed AI-related assets, services and software Enhanced detection of phishing websites thanks to finetuning of our AI models Better and faster detection of IoC…

Cookeville Regional Medical Center hospital data breach impacts 337,917 people

A ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data breach affecting about 337,000 people. The attack, carried out by the Rhysida group, involved…

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. “PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections,” Cisco Talos

Officials seize 53 DDoS-for-hire domains in ongoing crackdown

Authorities from 21 countries took down 53 domains and arrested four people allegedly involved in distributed denial-of-service operations used by more than 75,000 cybercriminals, Europol said Thursday.  The globally coordinated effort dubbed “Operation PowerOFF” disrupted booter services and seized and dismantled infrastructure, including servers and databases, that supported the DDoS-for-hire services, officials said. Law enforcement…

Exhibit at or Sponsor the 2026 Community Meetings

  Don’t miss your chance to join the excitement at this year’s highly anticipated PCI SSC Community Meetings in Vancouver, BC, Canada; Edinburgh, Scotland; and Kuala Lumpur, Malaysia. Secure sponsorship or exhibitor opportunities to connect with payment security leaders, network with peers, and meet prospective customers—all while celebrating PCI SSC’s 20th anniversary with the global…

UAC-0247 Attack Detection: AGINGFLY Malware Targets Hospitals, Local Governments, and FPV Operators in Ukraine

Phishing remains one of the most effective tactics in the cybercriminal playbook, particularly when attackers exploit urgent humanitarian themes, trusted online resources, and legitimate system tools to increase victim engagement. Europol also notes that phishing continues to serve as a primary delivery vector for data-stealing malware. This pattern is clearly reflected in the latest activity…

BlobPhish: The Phantom Phishing Campaign Hiding in Browser Memory

ANY.RUN has observed a sustained surge in a credential-phishing campaign active since 2024. This campaign, dubbed BlobPhish, introduces a sneaky twist: instead of delivering phishing pages via traditional HTTP requests, it generates them directly inside the victim’s browser using blob objects. The result is a phishing payload that lives entirely in memory, leaving little to no trace in logs, caches,…

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug

Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more than 30 days, long enough for researchers to watch the actor work through their tools, scripts, and decisions beyond the initial break-in.…

From clinics to government: UAC-0247 expands cyber campaign across Ukraine

CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to steal sensitive…