Tag: used

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.

Threat Actor Uses AI to Build EDR Evasion Tools

June 2, 2026

A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds

Sophos uncovers AI-powered malware lab built for EDR evasion

A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to malicious payloads originating from a testing directory. The files pointed to a broader framework focused…

Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users

May 30, 2026

Fake Anthropic websites are being used to target Claude Code users with a fileless infostealer campaign that steals browser credentials and evades detection.

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks

May 29, 2026

Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved…

Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem

May 28, 2026

Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes Unit (DCU) in its disruption of Fox Tempest, a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) capability used by cybercriminals to make malicious files appear legitimate. On May 19, 2026,…

Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms

May 27, 2026

Iran’s Nimbus Manticore hackers used trojanized Zoom installers to deploy malware against US firms during a wider IRGC linked cyber campaign.

Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet

May 25, 2026

TrendAI™ Research analyzed an intrusion where threat actors used the EtherHiding technique to route ClearFake payload delivery through smart contracts on the BNB Smart Chain testnet. The attack chain ended with two simultaneously deployed stealers, SectopRAT and ACRStealer alongside an on-chain execution tracker that confirmed each victim compromise in real time.

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

May 25, 2026

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). […]

FBI director Kash Patel’s brand website taken offline after malware reports

May 25, 2026

FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports that it had been compromised by hackers using it to spread malware. The malware was…

Police take down VPN service (this time with a good reason)

May 22, 2026

European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Russia as a way of evading law enforcement. Criminals used it…

Police take down VPN service (this time with a good reason)

May 22, 2026

The AI that cracked Apple Silicon is only the beginning

May 22, 2026

A security research team just used Claude Mythos to identify the first known exploit in Apple’s M5 chip. They needed physical access to the device to use it, the vulnerability has since been patched, and I don’t think it should be seen as a huge threat. But it is a stark warning that in this AI…

Google API Keys Remain Active After Deletion

May 21, 2026

A security researcher discovered the API keys can still be used for 23 minutes after deletion, even though the cloud provider claims deletion is immediate.

Cybercriminal VPN Dismantled in Europol Crackdown

May 21, 2026

First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol

Police seize “First VPN” service used in ransomware, data theft attacks

May 21, 2026

A virtual private network service called ‘First VPN,’ used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. […]

Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator

May 21, 2026

Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users.

Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers

May 20, 2026

A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we’ve heard all year. Meanwhile, owners of $4,000 robot lawnmowers are discovering that their gadget can be hijacked over…

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

May 20, 2026

Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company has provided step-by-step mitigation advice to protect affected Windows devices from exploitation. CVE-2026-45585 and the…

Microsoft disrupts malware code-signing service used by ransomware gangs

May 19, 2026

Microsoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated legitimate organizations to obtain more than 1,000 code-signing certificates. Microsoft seized the group’s website, signspace[.]cloud, revoked the…

Leaked Shai-Hulud malware fuels new npm infostealer campaign

May 18, 2026

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. […]

Move Over CoreWeave, Here Comes Nebius

May 18, 2026

With AI cloud competition heating up, this company that used to own Russia’s biggest search engine is making its case.

Who Owns the Future of AI?

May 17, 2026

Plus, what to look for in a used EV, Anthropic’s AI lead, the Cerebras IPO, the OpenAI lottery tickets and the most AI-proof jobs in tech.

Used EVs Are Now the Most Affordable Cars. Here’s How to Buy a Good One.

May 15, 2026

With rising oil prices and more used EVs coming off leases, the total cost of ownership equation has flipped.

AI agent finds 18-year-old remote code execution flaw in Nginx

May 14, 2026

Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE-2026-42945, the vulnerability is one of 4 bugs found…

Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations

May 13, 2026

CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. Quest KACE SMA is an on-premises endpoint management platform…

OpenAI Launches ‘Daybreak’ to Help Build Secure By Design Software

May 12, 2026

With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up

Google Says Hackers Used AI to Develop a Zero-Day Exploit

May 11, 2026

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

Hackers Use AI for Exploit Development, Attack Automation

May 11, 2026

Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.

Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware

May 10, 2026

DigiCert revokes 60 code signing certificates after hackers used a malicious support chat attachment to sign the Zhong Stealer malware.

OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos

May 7, 2026

Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers

Instructure Breach Exposes Schools’ Vendor Dependence

May 6, 2026

ShinyHunters’ attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.

Iranian cyber espionage disguised as a Chaos Ransomware attack

May 6, 2026

Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended…

ServiceNow Pushes AI from Assistant to Operator

May 6, 2026

ServiceNow used its Knowledge 2026 conference to make a pretty direct case for where it thinks enterprise AI is headed. The company does not want AI sitting off to the side as a helpful assistant waiting to be called upon. It wants AI agents inside the systems where work actually happens, with enough governance to…

Palantir Beats Forecasts With $1.63 Billion Sales Quarter

May 4, 2026

U.S. military used company’s software in Iran war and Venezuela raid, and private-sector business has grown quickly.

I Vibe-Coded the App of My Dreams and Only Lost My Mind Twice

May 3, 2026

Our columnist used AI to create a dashboard to monitor her life—and caught a glimpse of our DIY software future.

Edu tech firm Instructure discloses cyber incident, probes impact

May 1, 2026

Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. […]

Edtech firm Instructure confirms data breach after Salesforce instance hack

May 1, 2026

Instructure, the company behind the widely used Canvas learning platform, has disclosed a security incident after a social engineering attack allowed hackers to access data in its Salesforce instance. […]

Carding service Jerry’s Store leak exposes 345,000 stolen payment cards

May 1, 2026

Jerry’s Store, a card-checking service used by cybercriminals, exposed 345,000 stolen payment cards after leaving its server open, revealing sensitive data. A cybercriminal operation known as Jerry’s Store has reportedly exposed a large cache of stolen payment card data after leaving its own infrastructure accessible online. The service appears to have been used to test…

Two American Cybersecurity Workers Jailed for BlackCat Ransomware Attacks

May 1, 2026

The cybersecurity workers used their knowledge and skills to conduct ransomware attacks for notorious gang, rather than protect victims against them

Warp open sources its AI terminal client

April 29, 2026

Warp, the AI-centric terminal used by close to a million developers, has released the source code for its client on GitHub under the AGPL license, with OpenAI signed on as the founding sponsor of the repository. An agent-first contribution model Warp is steering contributions through Oz, its cloud agent orchestration platform. Agents handle the bulk…

Reverse Engineering With AI Unearths High-Severity GitHub Bug

April 29, 2026

Wiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake.

AI Finds 38 Security Flaws in Electronic Health Record Platform

April 29, 2026

Flaws in OpenEMR’s platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.

Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet

April 27, 2026

The “fast16” malware may have been used to target Iran’s nuclear program prior to Stuxnet

Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure

April 22, 2026

Serial-to-Ethernet adapters used in industrial, retail, and healthcare environments to link serial devices to TCP/IP networks are riddled with vulnerabilities and outdated open-source components, researchers warn. The flaws enable various attacks scenarios, including taking full control of mission-critical equipment such as remote terminal units, programmable logic controllers, point-of-sale systems, and bedside patient monitors. In a…

Phishing reclaims the top initial access spot, attackers experiment with AI tools

April 22, 2026

Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial access could be determined, according to Cisco Talos. It is the first quarter phishing has led the category since Q2 2025, when exploitation of public-facing applications took over…

Venezuela energy sector targeted by highly destructive Lotus wiper

April 22, 2026

Lotus Wiper hit Venezuelan energy systems, used scripts to disable defenses, then erased all data beyond recovery. Kaspersky researchers found Lotus Wiper targeting Venezuela’s energy and utilities sector amid regional tensions in 2025–2026. Attackers first used batch scripts to weaken systems, disable defenses, and prepare the environment. Then they deployed the wiper, which erased recovery…

Exploits Turn Windows Defender into Attacker Tool

April 21, 2026

Three proof-of-concept exploits are being used in active attacks against Microsoft’s built-in security platform; two are unpatched.

New Lotus data wiper used against Venezuelan energy, utility firms

April 21, 2026

A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. […]

COO Mark Cree Outlines Scale Computing’s Edge Platform Push

April 21, 2026

Scale Computing used its Platform//2026 Summit to position its expanded edge computing platform alongside new partner growth opportunities as it looks to move beyond its roots in virtualization. In an interview at the event, President and COO Mark Cree outlined how the company is evolving into a full-stack edge provider spanning compute, networking, security, and…

Vehicle tracking is no longer just about finding a vehicle

April 21, 2026

GUEST OPINION: Vehicle tracking used to mean knowing where a vehicle was. That idea is still the core, but the job has expanded well beyond a dot on a map. In government fleet programs, telematics now reaches into real-time location, trip history, geofencing, driver coaching, maintenance reminders, fault data, and even accident reconstruction. That is…

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

April 17, 2026

Maintainers of Thymeleaf, a widely used template engine for Java web applications, fixed a rare critical vulnerability that allows unauthenticated attackers to execute malicious code on servers. The vulnerability, tracked as CVE-2026-40478, is rated 9.1 on the CVSS severity scale and is described as a Server-Side Template Injection (SSTI) issue. Thymeleaf has a sandbox-like protection…

W3LL phishing service sold for $500 dismantled by the FBI

April 14, 2026

The W3LL phishing kit, a cybercrime tool used to impersonate legitimate login pages and steal usernames and passwords, has been dismantled by the FBI and Indonesian law enforcement authorities. Officials estimate the operation was tied to more than $20 million in attempted fraud. (Source: FBI) “For a fee of about $500, users could purchase access…

Citizen Lab: Webloc tracked 500M devices for global law enforcement

April 13, 2026

Citizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the U.S., Hungary, and El Salvador used a surveillance tool called Webloc to track devices via advertising data, potentially affecting up to 500…

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

April 13, 2026

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. “Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” OpenAI said in a…

Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records

April 12, 2026

A lone hacker used Claude Code and GPT-4.1 to exfiltrate hundreds of millions of Mexican citizen records from 9 government agencies.

UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions

April 10, 2026

LucidRook is Lua malware used in phishing attacks on NGOs and universities in Taiwan, linked to UAT-10362, spread via password-protected emails. LucidRook is a new Lua-based malware used in targeted phishing attacks against NGOs and universities in Taiwan. Cisco Talos links it to a skilled group tracked as UAT-10362. In Oct 2025, attackers used password-protected…

WSJ Readers Share Their Top Tips for Switching to an EV

April 10, 2026

They highlight hidden costs, the importance of buying used, and better ways to charge,

New ‘LucidRook’ malware used in targeted attacks on NGOs, universities

April 9, 2026

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. […]

Malicious PDF reveals active Adobe Reader zero-day in the wild

April 9, 2026

Hackers used an Adobe Reader zero-day for months. Researcher Haifei Li found a malicious PDF and asks the community to help analyze it. Hackers used an Adobe Reader zero-day for months to deliver a sophisticated PDF exploit. Cybersecurity researcher Haifei Li, founder of Expmon, discovered the malicious file and warned the community. On March 26,…

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

April 9, 2026

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. “This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data,” the Microsoft Defender

Microsoft suspends dev accounts for high-profile open source projects

April 9, 2026

Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. […]

Number Usage in Passwords: Take Two, (Thu, Apr 9th)

April 8, 2026

In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years and seasons are used in passwords, especially…

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

April 8, 2026

Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation’s the bottleneck, which bounties don’t fund.

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

April 8, 2026

U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks. U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations. “Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity…

Why 24/7 Threat Monitoring Has Become Essential for Modern Businesses

April 7, 2026

GUEST OPINION – Cybersecurity used to be treated like a perimeter problem. Put up a firewall, install antivirus, enforce a few password rules, and hope that was enough. That approach no longer works. Today’s attacks do not wait for business hours. They move quietly through cloud platforms, endpoints, email, collaboration tools, and third-party applications. In…

Apple’s Mac grabs 11% of US enterprise market share

April 7, 2026

It’s not just your imagination; you are seeing more Macs being used in business environments these days — and that trend is expected to continue. The latest Omdia/Informa US PC market data found that Apple took an 11% share of the US enterprise market last year. “For full-year 2025…, the biggest story at the vendor level was…

Anthropic cuts OpenClaw access from Claude subscriptions, offers credits to ease transition

April 6, 2026

Anthropic has blocked paid Claude subscribers from using the widely used open-source AI agent OpenClaw under their existing subscription plans, a move that took effect April 4 and has drawn pushback from subscribers who question both the cost implications and the company’s stated rationale. In an email to subscribers reviewed by InfoWorld, Anthropic said access…

Would You Let AI Day Trade Your Money?

April 3, 2026

Plus, a college kid used cat memes to hunt a cyberweapon and new jobs are being created by AI.

North Korea–linked hackers drain $285M from Drift in sophisticated attack

April 3, 2026

Drift lost $285M in a sophisticated attack, likely by North Korea, who used nonce-based tricks to gain control and quickly drain funds Drift suffered a $285 million cryptocurrency heist in a highly sophisticated attack likely linked to North Korea. Threat actors used durable nonce accounts to pre-sign and delay transactions, while also compromising multisig approvals…

Picking Up ‘Skull Vibrations’? Could Be XR Headset Authentication

April 3, 2026

“Skull vibration harmonics generated by vital signs” can be used to sign in to VR, AR, and MR headsets, according to emerging research.

What Is Digitization vs Digitalization vs Digital Transformation?

April 3, 2026

In today’s digital landscape, the terms “digitization,” “digitalization,” and “digital transformation” are often used interchangeably, leading to confusion about their distinct meanings and business implications. While these three concepts are interconnected, each represents a unique approach to leveraging technology to drive organizational change and growth. Understanding the nuances between them is crucial for companies seeking…

Residential proxies evaded IP reputation checks in 78% of 4B sessions

April 2, 2026

Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. […]

Cybersecurity in the age of instant software

April 2, 2026

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand — a spreadsheet, for example — and delete…

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

March 31, 2026

Attackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used it to publish malicious versions of the package that deployed a cross-platform remote access trojan on developer machines. The incident represents the highest-impact npm supply chain attack on record given Axios’ approximately 100 million weekly…

Cisco source code stolen in Trivy-linked dev environment breach

March 31, 2026

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. […]

Axios npm packages backdoored in supply chain attack

March 31, 2026

An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans. How the attack unfolded On March 30, 2026, with an account using a separate…

LiteLLM Supply Chain Attack Exposes Credentials Across AI Ecosystems

March 27, 2026

A widely used AI development library was compromised in a recent supply chain attack, potentially exposing a large number of systems to risk. Malicious LiteLLM packages on PyPI were backdoored to quietly steal credentials, tokens, and sensitive infrastructure data from both development and production environments. “The LiteLLM compromise shows just how quickly supply chain attacks…

China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks

March 27, 2026

China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been running a long-term espionage campaign by infiltrating telecom networks, mainly in the Middle East and Asia. Active since at least 2021, the group uses highly…

Coruna iOS exploit framework linked to Triangulation attacks

March 26, 2026

The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. […]

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

March 26, 2026

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. “When Coruna was first reported, the public evidence wasn’t sufficient to…

Alleged RedLine infostealer conspirator extradited to US

March 25, 2026

An operation to crack down on the widely used RedLine infostealer has netted the extradition of an Armenian man to the United States, where he made an initial appearance in a Texas court Wednesday. Authorities charged Hambardzum Minasyan with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and…

MY YAKE: A decade of cyber collaboration, built under Obama, is now hostage to a political grudge

March 25, 2026

SAN FRANCISCO — I was in the room at Stanford in February 2015 when President Obama used the bully pulpit to launch what became a decade of hard-won public-private collaboration in cybersecurity. It didn’t take much to tear it asunder. At RSAC 2026 this week, that decade of work is suddenly on the line —…

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

March 25, 2026

What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised. Charles Carmakal, CTO of Mandiant Consulting, made the assessment at a Google-hosted threat briefing held alongside the RSA Conference 2026 in San Francisco on Tuesday. “We…

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

March 25, 2026

In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed. This incident is worrying, but there’s a…

PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug

March 24, 2026

PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. […]

Infinite Campus warns of breach after ShinyHunters claims data theft

March 24, 2026

Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. […]

Trivy Supply Chain Attack Targets CI/CD Secrets

March 23, 2026

A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.

CISA Orders US Government to Patch Maximum Severity Cisco Flaw

March 23, 2026

CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

March 21, 2026

Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows. The breach could trigger a cascade of additional supply-chain compromises if impacted projects and organizations don’t rotate their secrets immediately. The attack, disclosed by Trivy maintainers today, results from an…

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

March 20, 2026

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

March 20, 2026

The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number…

FBI seizes Handala data leak site after Stryker cyberattack

March 19, 2026

The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. […]

DarkSword: Researchers uncover another iOS exploit kit

March 19, 2026

A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared. iOS vulnerabilities exploited by DarkSword Two weeks ago, Google Threat Intelligence Group (GTIG) and iVerify disclosed the existence of Coruna, a spy-grade iOS exploit kit that has been used in…

DarkSword emerges as powerful iOS exploit tool in global attacks

March 19, 2026

DarkSword, a new iOS exploit kit, is used by multiple actors to steal data in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. Lookout Threat Labs discovered a new iOS exploit kit called DarkSword that has been used since late 2025 by multiple threat actors, including surveillance vendors and likely nation-state actors. The toolkit enables…

Android devices ship with firmware-level malware

March 18, 2026

Keenadu malware gives an attacker control over a device but appears to be used primarily to facilitate ad fraud Categories: Threat Research Tags: Android, Keenadu

Free Antivirus Software Face-Off: Which One Protects Best?

March 18, 2026

Free antivirus software isn’t what it used to be. It’s better. In 2025, some of the most respected names in cybersecurity are offering powerful tools at no cost. If you’re looking for solid protection without opening your wallet, you’re in the right place. I tested and reviewed the top free antivirus products available today, focusing…

New “Darksword” iOS exploit used in infostealer attack on iPhones

March 18, 2026

A new exploit kit for iOS devices and delivery framework dubbed “Darksword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. […]

China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years

March 16, 2026

Researchers uncovered an extensive cyberespionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets.

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

March 16, 2026

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. “The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py,”…

AI, Endpoint, Global Security News, malware

AI, Global Security News, malware

AI, Endpoint, Global Security News, malware

AI, Global Security News

AI, Apps, Global Security News, Risk Management

AI, Europe, Global Security News, malware, Network Security

AI, Global Security News, malware

AI, Global Security News

AI, Global Security News, malware

AI, Europe, Global Security News, Government & Policy, privacy, Russia

AI, Europe, Global Security News, Government & Policy, privacy, Russia

AI, APAC, Apps, Exploits, Global Security News, Network Security, Risk Management

AI, Global Security News

Global Security News, Network Security

AI, Global Security News

AI, Cybersecurity, Global Security News

Exploits, Global Security News

AI, Apps, Europe, Global Security News, malware

AI, Global Security News, malware

AI, Global Security News, Russia

AI, Global Security News

AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management

AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management

AI, Global Security News

AI, Exploits, Global Security News

AI, Exploits, Global Security News

Global Security News, malware

AI, Global Security News

AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security

AI, Apps, Compliance, Global Security News, Risk Management

AI, Global Security News

AI, Global Security News

Cybersecurity, Global Security News

AI, Exploits, Global Security News, Risk Management

AI, Cybersecurity, Global Security News

AI, Global Security News

AI, Global Security News

Global Security News, malware

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management, Russia

AI, Apps, Exploits, Global Security News

AI, Global Security News, Government & Policy, malware, Network Security

AI, Exploits, Global Security News

AI, Global Security News, malware

AI, Apps, Global Security News, Network Security