115Articles
9Categories
2026-03-27Date
🚨 CISA KEV 2[−]
27 Mar KEVCISA Adds Critical Aquasecurity Trivy Scanner Vulnerability to KEV CatalogThe Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targ…GBHACKERS.COM
27 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 34[−]
27 MarISC Issues Critical Warning Over Kea DHCP Vulnerability That Could Remotely Crash ServicesThe Internet Systems Consortium (ISC) has released a critical security advisory addressing a high-severity vulnerability in its Kea DHCP server software.  Kea is a modern, high-performance DHCP server widely used by enterprise networks and internet service providers to manag…GBHACKERS.COM
27 MarWindows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM AccessMicrosoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper p…GBHACKERS.COM
27 MarCVE-2026-28753 NGINX ngx_mail_proxy_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-32647 NGINX ngx_http_mp4_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()Information published.MSRC.MICROSOFT.COM
27 MarCVE-2026-34085Information published.MSRC.MICROSOFT.COM
27 MarCVE-2026-33515 Squid has issues in ICP message handlingInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-32748 Squid has Denial of Service in ICP Response handlingInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-27654 NGINX ngx_http_dav_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-27784 NGINX ngx_http_mp4_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-28755 NGINX ngx_stream_ssl_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-23068 spi: spi-sprd-adi: Fix double free in probe error pathInformation published.MSRC.MICROSOFT.COM
27 MarCISA Flags Critical PTC Vulnerability That Had German Police MobilizedPolice in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek .SECURITYWEEK.COM
27 Mar KEVAttackers exploit critical Langflow RCE within hours as CISA sounds alarmAttackers have exploited a critical Langflow RCE within hours of disclosure, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to formally flag it for urgent remediation. The flaw, which allows running arbitrary code on vulnerable Langflow instances without…CSOONLINE.COM
27 MarRapid Exploitation of CVE-2026-21962 Hits Oracle WebLogic - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/critical-oracle-weblogic-rce/SH.ITJUST.WORKS
27 MarChromium: CVE-2026-4673 Heap buffer overflow in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4680 Use after free in FedCMThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4677 Out of bounds read in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4675 Heap buffer overflow in WebGLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4679 Integer overflow in FontsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4674 Out of bounds read in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4442 Heap buffer overflow in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 17[−]
27 MarGoogle: The quantum apocalypse is coming sooner than we thoughtGoogle isn’t just responsible for the encryption of a big chunk of the communications on the internet. It is also building its own quantum computers, so it’s well placed to evaluate how close the technology is to fruition. Until now, the company has been aligned with the NIST tim…CSOONLINE.COM
27 MarBreachForums Verion 5 - 339,778 breached accountsIn March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed . The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.HAVEIBEENPWNED.COM
27 MarRed Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized AccessRed Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility. Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentiall…GBHACKERS.COM
27 MarLangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI FrameworksCybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are…THEHACKERNEWS.COM
27 MarTeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt ProjectsThe FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artif…GBHACKERS.COM
27 Mar8 steps CISOs can take to empower their teamsMany leaders know empowered teams deliver better results, but not all leaders understand how to get there. It all starts with knowing what empowerment truly means. Put simply: Empowerment is the absence of micromanagement. Empowerment provides the foundation for people to develop…CSOONLINE.COM
27 MarCoruna iOS Exploit Kit Likely an Update to Operation TriangulationCoruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago. The post Coruna iOS Exploit Kit Likely an Update to Operation Triangulation appeared first on SecurityWeek .SECURITYWEEK.COM
27 Mar KEVCISA: New Langflow flaw actively exploited to hijack AI workflowssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/SH.ITJUST.WORKS
27 MarBIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash ServersThe Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9 Domain Name System (DNS) software suite. If left unpatched, remote attackers could exploit these weaknesses to bypass access control list…GBHACKERS.COM
27 MarA forensic intelligence suite for Matrix investigatorssubmitted by nemesis3856 to cybersecurity 1 points | 0 comments Source code and details: github.com/umutatalar/Sherlocked Sherlocked is a purpose-built forensic suite for Matrix investigators. It correlates invite events, message activity, and user relationships across rooms to s…SH.ITJUST.WORKS
27 MarOpen VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security ChecksCybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline …THEHACKERNEWS.COM
27 MarApple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based ExploitsApple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date …THEHACKERNEWS.COM
27 MarA Matrix forensic intelligence suite for investigatorssubmitted by nemesis3856 to cybersecurity 1 points | 0 comments Source code and details: github.com/umutatalar/Sherlocked Sherlocked correlates invite events, message activity, and user relationships across Matrix rooms to surface behavioural patterns that would otherwise require…SH.ITJUST.WORKS
27 MarCustom Fonts Can Trick AI Assistants Into Approving Phishing SitesResearchers at LayerX warn that custom fonts can fool AI web assistants into thinking phishing pages are benign, while the human user sees something completely different.KNOWBE4.COM
27 MarTrivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secretssubmitted by Kissaki to security 1 points | 0 comments https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines. Recent updates…PROGRAMMING.DEV
27 MarEuropean Commission data stolen in a cyberattack on the infrastructure hosting its web sitesThe European Commission is continuing to investigate the theft of data from its cloud infrastructure earlier this week. On Thursday, the Commission revealed there had been an attack on its Europa.eu platform, offering few details, then, on Friday, security news site Bleeping Comp…CSOONLINE.COM
27 MarSpot Scam Red Flags FastCommon scam indicators include unrealistic offers, unexpected charges, and pressure to act immediately without thinking. These tactics are designed to override judgment and push quick decisions. Slowing down, verifying with trusted sources (like your bank), and recognizing urgenc…YOUTUBE.COM
📢 SECURITY ADVISORIES 5[−]
🔥 INCIDENT REPORTING 22[−]
27 MarIran Targeted by Self-Propagating Malware in Supply-Chain Cyberattackssubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://circleid.com/posts/iran-targeted-by-self-propagating-malware-in-supply-chain-cyberattacksINFOSEC.PUB
27 MarAnonymous Tip System Breach May Expose TipstersAnonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wirele…CYBERSECURITYTODAY.LIBSYN.COM
27 MarDutch Police discloses security breach after phishing attackThe Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data. [...]BLEEPINGCOMPUTER.COM
27 MarSilver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing ScamsA threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to coincide with the country’s busy tax-filing and corporate restructuring season. The campaign focuses heavily on manufacturers and enterprises that are currentl…GBHACKERS.COM
27 MarBearlyfy Hits 70+ Russian Firms with Custom GenieLocker RansomwareA pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy …THEHACKERNEWS.COM
27 MarCyberangriff auf die LinkeDie Hackergruppe “Qilin” steht möglicherweise hinter dem Angriff. Studio-M – shutterstock.com Die Linke ist nach eigenen Angaben Opfer einer schweren Cyberattacke geworden und vermutet dahinter russischsprachige Hacker. Man habe am Donnerstag sofort reagiert und Teile der IT-Infr…CSOONLINE.COM
27 MarEuropean Commission investigating breach after Amazon cloud hackThe European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. [...]BLEEPINGCOMPUTER.COM
27 MarHightower Holding Data Breach Impacts 130,000 - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/hightower-holding-data-breach-impacts-130000/SH.ITJUST.WORKS
27 MarIn Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum DeadlineOther noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline appeared fir…SECURITYWEEK.COM
27 MarTeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)This is the second update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 001 covered developments through March 26. This update covers developments from March 26-27, 2026. ISC.SANS.EDU
27 MarApple says no one using Lockdown Mode has been hacked with spywareThe tech giant's claim that it has not seen any successful spyware attacks targeting Apple devices with Lockdown Mode enabled comes amid a leak of hacking tools targeting users running devices with older software.TECHCRUNCH.COM
27 MarIranian hackers claim breach of FBI director Kash Patel’s personal email accountHandala, a pro-Iranian hacking group allegedly working for Iran’s government, published emails it said were taken from the Gmail account of FBI director Kash Patel.TECHCRUNCH.COM
27 MarEuropean Commission investigating breach after Amazon cloud account hackThe European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. [...]BLEEPINGCOMPUTER.COM
27 MarTeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV FilesTeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) …THEHACKERNEWS.COM
27 MarLloyds Bank reveals how IT bug exposed transaction dataLloyds Banking Group has identified the glitch that led to some of its customers being able to see details of other customers’ transactions on March 12. It revealed the information in a letter to the UK Parliament’s Treasury Committee , setting out the details of the incident and…CSOONLINE.COM
27 MarEuropean Commission confirms cyberattack after hackers claim data breachThe European Union's top executive body has confirmed a cyberattack after hackers reportedly stole reams of data from the European Commission's cloud storage.TECHCRUNCH.COM
27 MarThe telnyx packages on PyPI have been compromisedsubmitted by cm0002 to cybersecurity 2 points | 0 comments https://lwn.net/Articles/1065059/ The SafeDep blog reports that compromised versions of the telnyx package have been found in the PyPI repository: Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, …INFOSEC.PUB
27 MarCompromised telnyx on PyPI: WAV Steganography and Credential Theftsubmitted by Kissaki to security 1 points | 0 comments https://safedep.io/malicious-telnyx-pypi-compromise/ Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 mi…PROGRAMMING.DEV
27 MarBackdoored Telnyx PyPI package pushes malware hidden in WAV audioTeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. [...]BLEEPINGCOMPUTER.COM
27 MarIranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email accountsubmitted by Innerworld to cybersecurity 2 points | 0 comments https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/INFOSEC.PUB
27 MarIranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email accountsubmitted by Innerworld to security 1 points | 0 comments https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/PROGRAMMING.DEV
27 MarIranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email accountsubmitted by Innerworld to cybersecurity 2 points | 0 comments https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 24[−]
27 MarISC Stormcast For Friday, March 27th, 2026 https://isc.sans.edu/podcastdetail/9868, (Fri, Mar 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 MarOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
27 MarFake Cloudflare CAPTCHA Pages Deliver Infiniti Stealer Malware on macOSA newly discovered macOS infostealer dubbed Infiniti Stealer is being actively distributed through deceptive Cloudflare-style CAPTCHA pages, marking a notable evolution in social engineering attacks targeting Apple users. Initially tracked as “NukeChain” during threat hunting eff…GBHACKERS.COM
27 MarHackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent AccessA China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor. …GBHACKERS.COM
27 MarPhishing ZIP Files Used to Deploy PXA Stealer Targeting Financial FirmsA sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware families such as Lumma, Rhadama…GBHACKERS.COM
27 MarHackers Deploy USB Malware, RATs, and Stealers in Southeast Asian Government AttacksA multi-cluster cyberespionage operation in which attackers used USB-propagated malware, multiple RATs, loaders, and a custom stealer to target a Southeast Asian government organization between June and August 2025. Analysts initially observed USB-borne malware dubbed USBFect (al…GBHACKERS.COM
27 MarHackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER AttacksA South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side‑loaded keylogger known as BRUSHLOGGER. The attackers relied on a backdoor initially named paint.exe and a keylogger masquerading as libcurl.…GBHACKERS.COM
27 MarRSAC 2026 Conference Announcements Summary (Days 3-4)A summary of the announcements made by vendors on the third and fourth days of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Days 3-4) appeared first on SecurityWeek .SECURITYWEEK.COM
27 MarTP-Link Patches High-Severity Router VulnerabilitiesThe security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
27 MarHow Adaptive Email Security Helps Navigate Threats in the Age of AIA finance employee receives an email that appears to come from the CFO requesting urgent payment approval. The message references a current project, uses the correct tone, and arrives at a plausible time. However, the email wasn’t written by a colleague — it was generated by AI. …KNOWBE4.COM
27 MarInvoice Fraud Costs UK Construction Sector Millions, NCA Warns - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/invoice-fraud-uk-construction/SH.ITJUST.WORKS
27 MarAitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile EvasionThreat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weap…THEHACKERNEWS.COM
27 MarNYC Health Notifying Patients of 2 Third-Party Hackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bankinfosecurity.in/nyc-health-notifying-patients-2-third-party-hacks-a-31214SH.ITJUST.WORKS
27 MarOpenAI Launches Bug Bounty Program for Abuse and Safety RisksThrough the new program, OpenAI will reward reports covering design or implementation issues leading to material harm. The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared first on SecurityWeek .SECURITYWEEK.COM
27 MarThe Post-Quantum Visibility ProblemOrganizations are struggling to identify where cryptographic systems exist across their infrastructure, including TLS, APIs, SSH keys, and third-party integrations. Without visibility into where encryption is used, preparing for post-quantum cryptography becomes extremely difficu…YOUTUBE.COM
27 MarPro-Iranian Hacking group Claims Credit for Hack of FBI Director Kash Patel’s Personal AccountThe group that it was making available for download emails and other documents from Patel’s account. The post Pro-Iranian Hacking group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account appeared first on SecurityWeek .SECURITYWEEK.COM
27 MarHackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stopperssubmitted by Innerworld to cybersecurity 1 points | 0 comments https://san.com/cc/millions-of-anonymous-crime-tips-exposed-in-massive-crime-stoppers-hack-exclusive/INFOSEC.PUB
27 MarHackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stopperssubmitted by Innerworld to security 1 points | 0 comments https://san.com/cc/millions-of-anonymous-crime-tips-exposed-in-massive-crime-stoppers-hack-exclusive/PROGRAMMING.DEV
27 MarHackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stopperssubmitted by Innerworld to cybersecurity 1 points | 0 comments https://san.com/cc/millions-of-anonymous-crime-tips-exposed-in-massive-crime-stoppers-hack-exclusive/SH.ITJUST.WORKS
27 MarIntroducing Our KnowBe4 AI AgentsAlthough a rtificial intelligence (AI) seems relatively new to a lot of people, it was first officially created in 1956 and has been a large, improving branch of computer science ever since. The mass appeal of AI took off in late 2022 when OpenAI publicly released ChatGPT icial i…KNOWBE4.COM
27 MarFriday Squid Blogging: Bioluminescent Bacteria in SquidThe Hawaiian bobtail squid has bioluminescent bacteria .SCHNEIER.COM
27 MarHow Microsoft Defender protects high-value assets in real-world attack scenariosHigh-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in sophisticated attacks. Microsoft Defender applies asset-aware protection using Microsoft Security Exposure Management to detect and block threats against these critica…MICROSOFT.COM
27 MarScam Baiting, AI, and the New Grift Economy, Part 2 - Rinoa Poison - SWN #567In this two-part interview, Rinoa Poison explores the mechanics of modern scams, the role of AI in making them more convincing, and the growing world of scam baiting. She also discusses the tactics, technical setups, and safety considerations behind wasting scammers’ time. Visit …YOUTUBE.COM
27 MarRSAC 2026: No easy fixes for expanding AI attack surface, but a coordinated response is emergingSAN FRANCISCO — Forty-four thousand cybersecurity practitioners converged on Moscone Center this week with an urgent question: how do you secure a network when everything — the technology, the threats, the tools — is changing faster than anyone can govern … (more…) The post…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
27 MarFake VS Code alerts on GitHub spread malware to developersA large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. [...]BLEEPINGCOMPUTER.COM
27 MarElastic Security Labs uncovers BRUSHWORM and BRUSHLOGGERElastic Security Labs observed two custom malware components targeting a South Asian financial institution: a modular backdoor with USB-based spreading and a DLL-side-loaded keylogger.ELASTIC.CO
🎙️ PODCASTS 1[−]
27 MarSoap Box: Red teaming AI systems with SpecterOpsIn this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps. SpecterOps is the company behind attack path enumeration tool Bloodhound …RISKY.BIZ
📡 INFOSEC NEWS 8[−]
27 MarWindows 11 KB5079391 update rolls out Smart App Control improvements​Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. [...]BLEEPINGCOMPUTER.COM
27 MarAnti-piracy coalition takes down AnimePlay app with 5 million usersThe Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. [...]BLEEPINGCOMPUTER.COM
27 MarWe Are At WarRising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.  Introduction: One tech power to rule them all is a thing of the past  The relative sa…THEHACKERNEWS.COM
27 MarAgentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. [...]BLEEPINGCOMPUTER.COM
27 MarMost notable supply-chain attacks of 2025 | Kaspersky official blogA look at the most significant supply-chain attacks of 2025, and their impact on target organizations.KASPERSKY.COM
27 MarRSAC 2026 wrap-up – Week in security with Tony AnscombeThis year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up withWELIVESECURITY.COM
27 MarA cunning predator: How Silver Fox preys on Japanese firms this tax seasonSilver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening themWELIVESECURITY.COM