🐛 COMMON VULNERABILITIES AND EXPOSURES 22[−]
17 Mar KEVCISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server PathsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 (CVSS score: 4.3), i…THEHACKERNEWS.COM
17 MarCVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpdInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflateInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137Information published.MSRC.MICROSOFT.COM
17 MarCVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpdInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchiveInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement groupInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus methodInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-23066 rxrpc: Fix recvmsg() unconditional requeueInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-1703 Limited path traversal when installing wheel archivesInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-23069 vsock/virtio: fix potential underflow in virtio_transport_get_credit()Information published.MSRC.MICROSOFT.COM
17 MarAngular XSS Vulnerability Threatens Thousands of Web ApplicationsA high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-32635, has been discovered in Angular, one of the world’s most widely used web application frameworks. This flaw resides in the Angular runtime and compiler and affects internationalisation (i18n)…GBHACKERS.COM
17 MarCISA Flags Year-Old Wing FTP Vulnerability as ExploitedTracked as CVE-2025-47813, the flaw leads to the disclosure of the full local installation path of the application. The post CISA Flags Year-Old Wing FTP Vulnerability as Exploited appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarNvidia NemoClaw promises to run OpenClaw agents securelyIn the few short weeks since OpenClaw became the biggest story in agentic AI, it has been dogged by concerns that it is not secure enough to be safely let loose in enterprises. This week at the Nvidia GPU Technology Conference (GTC) conference, CEO Jensen Huang announced what he …CSOONLINE.COM
17 MarApple pushes first Background Security Improvements update to fix WebKit flawApple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. [...]BLEEPINGCOMPUTER.COM
17 MarZDI-26-216: (Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass VulnerabilityThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2025-6284…ZERODAYINITIATIVE.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
17 MarGlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python ReposThe GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI pac…THEHACKERNEWS.COM
17 MarNew CondiBot Variant and ‘Monaco’ Miner Target More Network DevicesOver the past few years, the enterprise attack surface has shifted decisively toward network infrastructure, with attackers increasingly abusing routers, VPNs, firewalls, and other edge devices for initial access and long‑term persistence. Research from Verizon and others has doc…GBHACKERS.COM
17 Mar KEVCISA Alerts Users to Exploited Chrome 0-Day FlawsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being exploited in the wild by malicio…GBHACKERS.COM
17 MarRuntime: The new frontier of AI agent securityAI agents are already operating inside enterprise networks, quietly doing some of the work employees once handled themselves — writing code, drafting emails, retrieving files, and connecting to internal systems. Sometimes they also make costly mistakes. At Meta, an employee asked…CSOONLINE.COM
17 MarWebFiling Flaw at UK Companies House Exposed Director Data for MonthsThe UK Companies House recently disclosed a significant security vulnerability in its WebFiling service that exposed sensitive director information for several months. Chief Executive Andy King confirmed that the flaw was initially introduced during a system update in October 202…GBHACKERS.COM
17 Mar KEVCISA Issues Alert on Wing FTP Server Vulnerability Used in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical vulnerability in the Wing FTP Server. On March 16, 2026, the agency officially added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog. This …GBHACKERS.COM
17 MarCreating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and recreating one of his own startups. One of the themes of this conversation is how i…YOUTUBE.COM
17 MarSouth Korean Police Accidentally Post Cryptocurrency Wallet PasswordAn expensive mistake : Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in …SCHNEIER.COM
17 MarMicrosoft Launches AI-Driven Troubleshooting for Purview Data Lifecycle ToolsMicrosoft has officially released a new open-source tool designed to simplify how IT and security administrators manage data governance. Announced on March 16, 2026, the DLM Diagnostics Model Context Protocol (MCP) Server brings artificial intelligence directly into the troublesh…GBHACKERS.COM
17 MarAWS Bedrock’s ‘isolated’ sandbox comes with a DNS escape hatchAWS’ promise of “complete isolation” for agentic AI workflows on Bedrock is facing scrutiny after researchers found its sandbox mode isn’t as sealed as advertised. In a recent disclosure, BeyondTrust detailed how the “Sandbox” mode in AWS Bedrock AgentCore’s Code Interpreter can …CSOONLINE.COM
17 MarGlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repossubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/glassworm-attack-uses-stolen-github.htmlSH.ITJUST.WORKS
17 MarLeakNet ransomware uses ClickFix and Deno runtime for stealthy attacksThe LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. [...]BLEEPINGCOMPUTER.COM
17 Mar KEVCISA flags Wing FTP Server flaw as actively exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-flags-wing-ftp-server-flaw-as-actively-exploited-in-attacks/SH.ITJUST.WORKS
17 Mar174 Vulnerabilities Targeted by RondoDox BotnetThe botnet has increased its activity, peaking at 15,000 exploitation attempts per day, and taking a more targeted approach. The post 174 Vulnerabilities Targeted by RondoDox Botnet appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarIranian Hackers Use Compromised Cameras for Regional SurveillanceIranian cyber actors are expanding operations targeting US organizations while also exploiting internet-connected cameras across the Middle East for intelligence collection and battlefield awareness. Recent incidents tied to APT group MuddyWater, camera‑focused infrastructure, an…GBHACKERS.COM
17 MarMicrosoft stops force-installing the Microsoft 365 Copilot appMicrosoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA) that have the Microsoft 365 desktop client apps. [...]BLEEPINGCOMPUTER.COM
17 MarOutdated OWASP AdviceThe OWASP Go Secure Coding Practices project contains outdated libraries and flawed advice that can lead to insecure code. Relying on stale or incorrect security guidance can cause developers—and AI code generators—to produce vulnerable applications. This hidden risk undermines s…YOUTUBE.COM
17 MarUK Companies House Exposed Details of Millions of FirmsThe government agency confirmed the vulnerability could have been exploited to obtain company details and alter records. The post UK Companies House Exposed Details of Millions of Firms appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarTech Giants Invest $12.5 Million in Open Source SecurityAnthropic, AWS, Google, Microsoft, and OpenAI fund the Linux Foundation’s long-term security initiatives focused on open source software. The post Tech Giants Invest $12.5 Million in Open Source Security appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarAI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCECybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore …THEHACKERNEWS.COM
17 MarEnd / Collapse: New Code, New RisksNot all vulnerabilities come from legacy systems; sometimes new code introduces serious security flaws like SQL injection or XSS. When fresh code contains vulnerabilities, it signals gaps in the security process and oversight, making it a bigger failure than discovering old, unpa…YOUTUBE.COM
17 MarApple rolls out first ‘background security’ update for iPhones, iPads, and Macs to fix Safari bugApple's first-ever "background security improvement" fixes a vulnerability in its Safari browser running its latest software.TECHCRUNCH.COM
17 MarAnton’s Vibe Coding Experience: A Reflection on Risk DecisionsLook, I’m not a developer, and the last time I truly “wrote code” was probably a good number of years ago (and it was probably Perl so you may hate me). I am also not an appsec expert (as I often remind people). Below I am describing my experience “vibe coding” an application. Be…MEDIUM.COM
17 MarMalware Hiding on SteamSeveral games on Steam were found to contain malware, impacting users who downloaded them between 2024 and 2026. The FBI is actively investigating and asking affected users to come forward. This challenges a core assumption: that trusted platforms are inherently safe. As users gr…YOUTUBE.COM
17 MarLABScon25 Replay | Your Apps May Be Gone, But the Hackers Made $9 Billion and They’re Still HereAndrew MacPherson exposes how crypto thieves exploit DeFi architecture, from the $1.5 billion Bybit heist to drainers-as-a-service and fund laundering.SENTINELONE.COM
17 MarInvesting in the people shaping open source and securing the future togetherSee how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help reduce burden and strengthen software supply chains. The post Investing in the people shaping open source and securing the future together appeared f…GITHUB.BLOG
17 MarGet started with Elastic Security from your AI agentGo from zero to a fully populated Elastic Security environment without leaving your IDE, using open source Agent Skills.ELASTIC.CO
📢 SECURITY ADVISORIES 4[−]
17 MarWindows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility IssuesMicrosoft has rolled out an unexpected out-of-band hotpatch, KB5084897, targeting Windows 11 versions 25H2 and 24H2. Released on March 16, 2026, this specific update resolves a highly disruptive visual bug affecting Bluetooth connectivity management. The patch elevates supported …GBHACKERS.COM
17 MarStryker says it’s restoring systems after pro-Iran hackers wiped thousands of employee devicesThe hack, which brought ongoing widespread disruption to the company's operations, is thought to be the first major cyberattack in the United States in response to the Trump administration's war in Iran.TECHCRUNCH.COM
🔥 INCIDENT REPORTING 9[−]
17 MarWeekly Update 495Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite In the beginning, it was simple. A website, a database and 150M+ email addresses to search. Time has added serverless functions (which …TROYHUNT.COM
17 MarStryker Targeted by Large-Scale Wiper Attack, Tens of Thousands of Devices LostGlobal medical technology giant Stryker suffered a massive cybersecurity incident on March 11, 2026, resulting in the remote wiping of thousands of corporate devices. A pro-Iranian hacktivist group known as Handala has claimed responsibility for the attack, which severely disrupt…GBHACKERS.COM
17 MarHackers Abuse Trusted Websites in New Attacks on Microsoft Teams UsersThreat actors are increasingly turning to trusted infrastructure to launch their attacks, making it harder for automated security tools to flag malicious activity. A newly identified phishing campaign highlights this growing trend by abusing compromised websites to harvest valuab…GBHACKERS.COM
17 MarPayload ransomware hits Windows and ESXi with Babuk-style encryptionA new ransomware operation called Payload is rapidly emerging as a serious threat to both Windows and VMware ESXi environments, combining Babuk-style cryptography with aggressive anti-forensics and a working double-extortion model. The group claims to have been active since at le…GBHACKERS.COM
17 MarAI, APIs and DDoS Collide in New Era of Coordinated CyberattacksAkamai warns that Layer 7 DDoS, API abuse and AI-powered attacks are merging into coordinated, multi-vector campaigns that are harder to detect and defend against. The post AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarGoogle Warns Ransomware Groups Shift to Data Theft as Profits DeclineGoogle is warning that ransomware gangs are reinventing their business model as traditional encryption‑for‑ransom attacks become less profitable and data‑theft extortion surges. Better cybersecurity controls, improved backup strategies, and stronger recovery capabilities mean mo…GBHACKERS.COM
17 MarRobotic Surgery Giant Intuitive Discloses CyberattackThe company says some of its internal business applications were accessed after an employee fell victim to a phishing attack. The post Robotic Surgery Giant Intuitive Discloses Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarLeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory LoaderThe ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, i…THEHACKERNEWS.COM
17 MarEurope sanctions Chinese and Iranian firms for cyberattacksThe European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 30[−]
17 MarISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
17 MarLiveChat Support Tools Abused in SaaS Phishing SchemeA newly identified campaign shows how Software-as-a-Service (SaaS) platforms like LiveChat are being weaponized to steal sensitive data in real time. Unlike traditional phishing attacks that rely on fake login pages or static forms, this tactic uses live chat conversations to ext…GBHACKERS.COM
17 MarMalicious NPM Packages Spread PylangGhost RAT in Supply Chain AttackMalicious npm packages are delivering the North Korean–linked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/m…GBHACKERS.COM
17 MarResearchers Uncover Ways to Decrypt Palo Alto Cortex XDR BIOC Rules for EvasionCybersecurity researchers have discovered a critical evasion technique in Palo Alto Networks’ Cortex XDR agent that allowed attackers to completely bypass behavioral detections. The research demonstrates how predefined Behavioral Indicators of Compromise (BIOC) rules, shipp…GBHACKERS.COM
17 MarHackers Leverage Safe Links and URL Rewriting to Evade DetectionThreat actors were already abusing URL rewriting mechanisms in phishing campaigns to mask malicious domains. URL rewriting is designed to protect users by replacing original links with security-vendor URLs that scan destinations at click time. These rewritten links route traffic …GBHACKERS.COM
17 MarWhat is Integrated Cloud Email Security (ICES) and Why do you Need It?Integrated cloud email security (ICES) is a term coined by industry analyst, Gartner, in their 2021 Market Guide for Email Security. The guide was reissued in 2023 and stated that ‘by 2025, 20% of anti-phishing solutions will be delivered via API integration with the email platfo…KNOWBE4.COM
17 MarPackagist Themes Deliver Trojanized jQuery in OphimCMS Supply Chain AttackA new OphimCMS supply chain attack in which six Packagist themes ship trojanized jQuery and other JavaScript to compromise site visitors rather than servers. Researchers found six malicious Composer packages under the “ophimcms” namespace on Packagist that pretend to be legitima…GBHACKERS.COM
17 MarKonni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate MalwareNorth Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genia…THEHACKERNEWS.COM
17 MarGlassworm Malware Infects Popular React Native npm PackagesA new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-internati…GBHACKERS.COM
17 MarMicrosoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilitiessubmitted by kid to cybersecurity 1 points | 0 comments https://www.techrepublic.com/article/news-microsoft-windows-11-rras-vulnerabilities-hotpatch/SH.ITJUST.WORKS
17 MarIPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)Yesterday, in my diary about the scans for "/proxy/" URLs, I noted how attackers are using IPv4-mapped IPv6 addresses to possibly obfuscate their attack. These addresses are defined in RFC 4038 . These addresses are one of the many transition mechanisms used to retain some backwa…ISC.SANS.EDU
17 MarTracebit Raises $20M for Cloud-Native Deception TechnologyThe company plans to scale its products, expand to new markets, and grow its marketing and engineering teams. The post Tracebit Raises $20M for Cloud-Native Deception Technology appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarMicrosoft shares fix for Windows C: drive access issues on Samsung PCsMicrosoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. [...]BLEEPINGCOMPUTER.COM
17 MarGoogle, Meta, Microsoft Among Signatories of Pact to Combat ScamsSeveral major tech and retail companies have signed an industry accord against online scams and fraud. The post Google, Meta, Microsoft Among Signatories of Pact to Combat Scams appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarSecurity Flaw in AWS Bedrock Code Interpreter Raises Alarms - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/security-flaw-aws-bedrock/SH.ITJUST.WORKS
17 MarCyber-Attacken fluten Eon-Netz: Angriffe verzehnfachtEon trägt eine große Verantwortung für die Energieversorgung in Deutschland. nitpicker – shutterstock.com Der Energiekonzern Eon sieht eine zunehmende Zahl von Cyberangriffen auf seine Energienetze. Mittlerweile seien täglich mehrere hundert Angriffe auf die Netzinfrastuktur zu v…CSOONLINE.COM
17 MarUK Agency Exposed Corporate Executive Data - BankInfoSecuritysubmitted by kid to cybersecurity 2 points | 0 comments https://www.bankinfosecurity.in/uk-agency-exposed-corporate-executive-data-a-31033SH.ITJUST.WORKS
17 MarGitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHubNew York, NY, March 17th, 2026, CyberNewswire In 2025, Developer Commits Using Claude Code Show 3.2% Secret Leak Rate vs. 1.5% Baseline. The Human Factor Remains Critical GitGuardian, the security leader behind GitHub’s most installed application, today released the 5th edi…GBHACKERS.COM
17 MarOrchid Security Recognized by Gartner® as a Representative Vendor of Guardian AgentsNew York, United States, March 17th, 2026, CyberNewswire Unleash AI adoption securely: discover, attribute, and govern AI agents throughout the enterprise Orchid Security, the company bringing clarity and control to the complexity of enterprise identity, today announced it has be…GBHACKERS.COM
17 MarSurf AI Raises $57 Million for Agentic Security Operations PlatformThe company has announced its launch, backed by funding from Accel, Cyberstarts, and Boldstart Ventures. The post Surf AI Raises $57 Million for Agentic Security Operations Platform appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarWe don't need to hack your AI Agent to hack your AI Agent - SRLabs Researchsubmitted by not_IO to cybersecurity 1 points | 0 comments https://srlabs.de/blog/hacking-ai-agentINFOSEC.PUB
17 MarWe don't need to hack your AI Agent to hack your AI Agent - SRLabs Researchsubmitted by not_IO to cybersecurity 1 points | 0 comments https://srlabs.de/blog/hacking-ai-agentINFOSEC.PUB
17 MarSwitzerland built an alternative to BGP. Nobody noticedsubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/INFOSEC.PUB
17 MarSwitzerland built an alternative to BGP. Nobody noticedsubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/SH.ITJUST.WORKS
17 MarFrom Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based luressubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/189542/cyber-crime/from-windows-to-macos-clickfix-attacks-shift-tactics-with-chatgpt-based-lures.htmlSH.ITJUST.WORKS
17 MarNew font-rendering trick hides malicious commands from AI toolssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-font-rendering-trick-hides-malicious-commands-from-ai-tools/SH.ITJUST.WORKS
17 MarFrom Phishing to AI Agents: Can We Design for Digital Mindfulness?Anyone who knows me knows I’m passionate about mindfulness. Because I genuinely believe it makes us better humans. But also, because I have one of those brains that desperately needs it. I’m easily distracted and I start new ideas before finishing old ones. My attention can scatt…KNOWBE4.COM
17 MarSo Many AI Attacks, It Made Quantum Seem EasyAs I was writing my latest book , How AI and Quantum Impact Cyber Threats and Defenses, I was hit by how many theoretical and real attacks there are involving AI. There are attacks committed by AI and attacks committed agsinst AI, and I’m not sure which category is bigger.KNOWBE4.COM
17 MarAI Spicy Mode, Steam, Glassworm, Samsung, Stryker, Waymo, Cole Porter, and More - SWN #564AI Spicy Mode, Steam, Glassworm, Samsung, Stryker, Waymo, Cole Porter, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-564YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
17 MarAI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study FindsA majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, …THEHACKERNEWS.COM
17 MarGlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSXThe GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 7[−]
17 MarMicrosoft: Enabling Teams Meeting add-in breaks Outlook ClassicMicrosoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in. [...]BLEEPINGCOMPUTER.COM
17 MarNew Windows 11 hotpatch fixes Bluetooth device visibility issueMicrosoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. [...]BLEEPINGCOMPUTER.COM
17 MarNew font-rendering trick hides malicious commands from AI toolsA new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. [...]BLEEPINGCOMPUTER.COM
17 MarTop 5 Things CISOs Need to Do Today to Secure AI AgentsAI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. [...]BLEEPINGCOMPUTER.COM
17 MarResearchers disclose vulnerabilities in IP KVMs from four manufacturersInternet-exposed devices that give BIOS-level access? What could possibly go wrong?ARSTECHNICA.COM
17 MarHow World ID wants to put a unique human identity on every AI agentIris-scan backed tokens could help stop agent swarms from overwhelming online systems.ARSTECHNICA.COM
17 MarAWS completes the second GDV community audit with participant insurers in GermanyWe’re excited to announce that Amazon Web Services (AWS) has completed its second GDV (German Insurance Association) community audit with 36 members from the Germany insurance industry participating, corresponding to over 63% coverage of the German market in terms of insurance pr…AWS.AMAZON.COM