Real-time Intelligence Feed for cybersecurity professionals.
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Try a different keyword, or switch the source filter back to “All sources”.
Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. [...]
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. [...]
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a reside…
Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts
The startup will invest in product development and go-to-market efforts as it expands into new sectors. The post Onit Security Raises $11 Million for Exposure Management Platform appeared first on SecurityWeek.
Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. [...]
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
Ilya Angelov was a member of the cybercrime group tracked as TA-551, Shathak, Gold Cabin, Monster Libra, and ATK236. The post Russian Cybercriminal Gets 2-Year Prison Sentence in US appeared first on SecurityWeek.
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extensio…
PwC finds AI is amplifying speed and scale of attacks, as identity theft evolves into a cybercriminal supply chain. The post AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link appeared first on SecurityWeek.
AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and resell premium AI access at scale. [...]
Apple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. The post iOS, macOS 26.4 Roll Out With Fresh Security Patches appeared first on SecurityWeek.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 25, 2026 – Read the full story from StocksToday.com This past weekend, Stocks today.com shared an economic observation about physical constraints—blocked shipping lanes…
The ban aligns with a White House determination that all routers produced abroad are a threat to national security. The post FCC Bans New Routers Made Outside the US Over National Security Risks appeared first on SecurityWeek.
Kali Linux 2026.1, the first release of the year, is now available for download, featuring 8 new tools, a theme refresh, and a new BackTrack mode for Kali-Undercover. [...]
The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”
A summary of the announcements made by vendors on the second day of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Day 2) appeared first on SecurityWeek.
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance,…
The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared first on SecurityWeek.
The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Ange…
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was fi…
TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. [...]
Expel has warned of malicious Chrome extensions stealing users’ AI conversations
UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds
Aleksei Volkov has been sentenced to 81 months in prison for his role in Yanluowang ransomware attacks. The post US Prisons Russian Access Broker for Aiding Ransomware Attacks appeared first on SecurityWeek.
A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. [...]
The cybersecurity firm said the personal information of hundreds of employees was stolen in the hacker attack targeting Navia. The post HackerOne Employee Data Exposed in Massive Navia Breach appeared first on SecurityWeek.
The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying…
PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. [...]
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. [...]
The head of the UK’s NCSC is calling the cybersecurity industry to “seize the disruptive vibe coding opportunity” to make software more secure
The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. [...]
CESER’s Project Armor is a five year initiative to harden the US critical energy infrastructure, including strengthening energy systems ‘to prevent and recover from wildfires and other hazards’. The post DoE Publishes 5-Year Energy Security Plan appeared first…
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent bac…
Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. [...]
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security pr…
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what cl…
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documen…
Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage & phishing
A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory
Microsoft has fixed a known issue causing Gmail and Yahoo email synchronization and connection problems for classic Outlook users. [...]
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
Passing MFA doesn't mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. [...]
Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. [...]
Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience
Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 24, 2026 – Read the full story from Sophos The 2026 CISO Report, published by Cybersecurity Ventures in partnership with Sophos, highlights a critical imbalance in glob…
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, mis…
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all publis…
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by…
Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware
The FBI has warned that Iranian hacking group Handala has been targeting opponents of the regime since 2023
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organi…
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVS…
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS…
ISACA survey found that confusion over responsibility and lack of understanding around AI cyber-attacks makes containing them difficult
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the…
Six Predictions for the AI-Driven SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 23, 2026 SOC Key Takeaways: What is Autonomous SOC solving? It addresses critical challenges in s…
High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, lo…
2026 CISO Report from Cybersecurity Ventures in partnership with Sophos Sausalito, Calif. – Mar. 23, 2026 – Read the Full Report MSPs and MSSPs, the force multiplier in security leadership, are positioned to provide SMBs with CISO services. The world’s small t…
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also wh…
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages mas…
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
German-led policing effort against fraud operation disrupts countless CSAM and cybercrime sites
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3…
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, i…
Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, th…
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out…
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026.…
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/t…
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS s…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 20, 2026 If you’re making the pilgrimage to RSAC 2026 in San Francisco next week, then we might see you there. For the past five years, Cybersecurity Ventures has been…
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a de…
Sysdig details how threat actors exploited a critical CVE in Langflow in less than a day
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepf…
The National Crime Agency’s director general warns that technology is rapidly reshaping crime
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to th…
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement opera…
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date…
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web camera…
Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers a…
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in…
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 19, 2026 – Read the full story in Financial Express Corporate Wi-Fi networks, once considered a routine part of office infrastructure, are emerging as a growing cyberse…
Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix,…
Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's…
The UK’s financial regulator has issued new rules to make incident and third-party reporting clearer
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, m…
35% of security leaders working in the UK’s critical infrastructure said regulatory requirements are the primary influence on their security programs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited…
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to def…
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS scor…
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked a…
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is…
Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span…
The Vidar 2.0 infostealers is deployed through fake free game cheats on GitHub and Reddit
Security teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context: Q: Which exposures, misconfigurations, and vulnerabil…
Gartner has urged security teams to get involved in AI projects from the start to avoid costly incident response
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control…
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue i…
Security chiefs watch short videos produced by Cybercrime Magazine – Steve Morgan, Founder of Cybersecurity Ventures Sausalito, Calif. – Mar. 18, 2026 Around a year ago, Cybersecurity Ventures asked AI “Why use YouTube for marketing?” and it replied “YouTube i…
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazo…
Android’s LSPosed-based attack hijacks payment apps via runtime manipulation and SIM-binding bypass
CursorJack shows how malicious MCP deeplinks in Cursor IDE can trigger user-approved code execution
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address no…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 17, 2026 – Read the full story in Eureka Street Mark Gaetani, National President of the St Vincent de Paul Society in Australia, recently read in Cybercrime Magazine th…
Armis reveals that “mutually assured disruption” is no longer preventing state-backed attacks
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senio…
Akamai says 87% of organizations suffered an API-related security incident last year
The US Cyber Monitoring Center should be operational in 2027, said the UK CMC leadership
Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 16, 2026 – Read the full Forbes story The cloud is home to a dizzying amount of data. According to Cybersecurity Ventures, nearly half of the world’s data exists in ext…
The FBI wants to hear from gamers who have downloaded Steam titles containing malware
An issue with the Companies House website has put the personal and corporate information of millions at risk
A new law enforcement operation against phishing and ransomware operators led to the takedown of 45,000 malicious IP addresses
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 13, 2026 – Read the full story in Forbes Cloud security has become the backbone of enterprise resilience, but the threat landscape has evolved faster than traditional s…
Operation Lightning sees international law enforcement partners shut down ‘SocksEscort,’ a major malicious proxy service used by cybercriminals worldwide
PixRevolution Android trojan hijacks Brazil’s PIX payments in real time using accessibility abuse
The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited
CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks
The ICO has fined Police Scotland after it shared the entire contents of a victim’s phone with her alleged attacker
The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker