Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. [...]
Intelligence Feed
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Items
140
Last update
Mar 27, 2026, 11:45 PM (UTC)
No matching results
Try a different keyword, or switch the source filter back to “All sources”.
Who’s Who In Domain Security: 10 Companies To Watch In 2026
Resource guide for CISOs and MSSPs – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Mar. 27, 2026 Domain security unexpectedly and repeatedly came up in Cybercrime Magazine’s discussions with chief information security officers (CISOs) and managed security…
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks ta…
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python P…
Fake VS Code alerts on GitHub spread malware to developers
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. [...]
Pro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account
The group that it was making available for download emails and other documents from Patel’s account. The post Pro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account appeared first on SecurityWeek.
New Wave of AiTM Phishing Targets TikTok for Business
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline
Other noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum D…
Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. [...]
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the regi…
OpenAI Launches Bug Bounty Program for Abuse and Safety Risks
Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm. The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared first on SecurityWeek.
Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google
‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration
Security As A Service: 7 Ways Coworking Spaces Can Upgrade Digital Trust In 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 27, 2026 –Read the full story from CANOPY Cybercrime damage was on pace to hit $10.5 trillion in 2025, according to Cybersecurity Ventures. A single U.S. data breach av…
European Commission investigating breach after Amazon cloud account hack
The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to the Commission's Amazon cloud environment. [...]
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target,…
UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
TP-Link Patches High-Severity Router Vulnerabilities
The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek.
We Are At War
Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it. Introduction: One tech power to rule them all is a thing of the past The rel…
RSAC 2026 Conference Announcements Summary (Days 3-4)
A summary of the announcements made by vendors on the third and fourth days of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Days 3-4) appeared first on SecurityWeek.
Anti-piracy coalition takes down AnimePlay app with 5 million users
The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. [...]
Coruna iOS Exploit Kit Likely an Update to Operation Triangulation
Coruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago. The post Coruna iOS Exploit Kit Likely an Update to Operation Triangulation appeared first on SecurityWeek.
Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed Gen…
CISA Flags Critical PTC Vulnerability That Had German Police Mobilized
Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek.
Windows 11 KB5079391 update rolls out Smart App Control improvements
Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. [...]
Dutch Police discloses security breach after phishing attack
The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data. [...]
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source…
Ajax football club hack exposed fan data, enabled ticket hijack
Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. [...]
CISA: New Langflow flaw actively exploited to hijack AI workflows
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]
China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access me…
Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code
Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
UK sanctions Xinbi marketplace linked to Asian scam centers
The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. [...]
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
TikTok for Business accounts targeted in new phishing campaign
Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [...]
Hightower Holding Data Breach Impacts 130,000
The holdings company says hackers stole names, Social Security numbers, and driver’s license numbers from its environment. The post Hightower Holding Data Breach Impacts 130,000 appeared first on SecurityWeek.
WhatsApp rolls out more AI features, iOS multi-account support
WhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts on iOS, and chat history transfer between iOS and Android devices. [...]
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. [...]
BIND Updates Patch High-Severity Vulnerabilities
Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns
PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s wh…
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that…
Coruna iOS exploit framework linked to Triangulation attacks
The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. [...]
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek.
Russia arrests suspected owner of LeakBase cybercrime forum
Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. [...]
Who’s Who In Domain Security: CISOs And MSSPs at RSAC 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 26, 2026 The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos was released on the first day of the RSAC Conference in San Francisco earlier this…
OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing of…
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everyth…
Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks
The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings fro…
Iran-Linked Pay2Key Ransomware Group Re-Emerges
Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns
The National Crime Agency has warned construction firms about surging invoice fraud
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses…
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a reside…
Cloud Phones Linked to Rising Financial Fraud Threat
Cloud Android phones fuel financial fraud, evading detection and enabling dropper accounts
Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extensio…
Investors Want To Know: Is Cybersecurity A Growth Sector Or A Cost Center?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 25, 2026 – Read the full story from StocksToday.com This past weekend, Stocks today.com shared an economic observation about physical constraints—blocked shipping lanes…
US: FCC Bans Foreign-Made Routers Over National Security Concerns
The US Federal Communications Commission has placed all “consumer-grade” internet routers produced outside the US on its “covered list”
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
The Kill Chain Is Obsolete When Your AI Agent Is the Threat
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance,…
Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Ange…
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was fi…
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Expel has warned of malicious Chrome extensions stealing users’ AI conversations
Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown
UK police trumpet success of Operation Henhouse as they seize and freeze over £27m in suspected fraud proceeds
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying…
RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards
The head of the UK’s NCSC is calling the cybersecurity industry to “seize the disruptive vibe coding opportunity” to make software more secure
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent bac…
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security pr…
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what cl…
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documen…
Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage
Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage & phishing
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities
A critical vulnerability in Citrix’s NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory
New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data
Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe
Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience
Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security
Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index
The Global CISO Landscape: A Leadership Gap Too Large To Ignore
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 24, 2026 – Read the full story from Sophos The 2026 CISO Report, published by Cybersecurity Ventures in partnership with Sophos, highlights a critical imbalance in glob…
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, mis…
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all publis…
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by…
Russian Initial Access Broker Handed 81-Month Sentence
Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware
Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals
The FBI has warned that Iranian hacking group Handala has been targeting opponents of the regime since 2023
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organi…
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVS…
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS…
Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems
ISACA survey found that confusion over responsibility and lack of understanding around AI cyber-attacks makes containing them difficult
Tycoon2FA Phishing Service Resumes Activity Post-Takedown
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the…
Autonomous SOC: What It Is, Key Benefits and Core Challenges
Six Predictions for the AI-Driven SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 23, 2026 SOC Key Takeaways: What is Autonomous SOC solving? It addresses critical challenges in s…
High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports
High tech was the most frequently targeted industry in Mandiant investigations in 2025, overtaking financial services which led in 2023 and 2024
Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, lo…
35,000 Chief Information Security Officers Employed Globally in 2026
2026 CISO Report from Cybersecurity Ventures in partnership with Sophos Sausalito, Calif. – Mar. 23, 2026 – Read the Full Report MSPs and MSSPs, the force multiplier in security leadership, are positioned to provide SMBs with CISO services. The world’s small t…
We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also wh…
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages mas…
CISA Orders US Government to Patch Maximum Severity Cisco Flaw
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns
Operation Alice Takes Down 370,000+ Dark Web Sites
German-led policing effort against fraud operation disrupts countless CSAM and cybercrime sites
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3…
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, i…
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, th…
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out…
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed…
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026.…
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/t…
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS s…
Cybersecurity Ventures Will See You At RSAC Conference 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 20, 2026 If you’re making the pilgrimage to RSAC 2026 in San Francisco next week, then we might see you there. For the past five years, Cybersecurity Ventures has been…
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a de…
Hackers Exploit Critical Langflow Bug in Just 20 Hours
Sysdig details how threat actors exploited a critical CVE in Langflow in less than a day
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepf…
NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online
The National Crime Agency’s director general warns that technology is rapidly reshaping crime
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to th…
DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement opera…
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date…
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web camera…
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers a…
54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in…
Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation
Hastalamuerte leaks The Gentlemen RaaS ops: FortiGate exploits, BYOVD evasion, Qilin split tactics
Financial Brands Targeted in Global Mobile Banking Malware Surge
Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you…
Corporate Wifi Is A Major Target For AI-driven Cyberattacks
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 19, 2026 – Read the full story in Financial Express Corporate Wi-Fi networks, once considered a routine part of office infrastructure, are emerging as a growing cyberse…
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix,…
FCA Updates Cyber Incident and Third-Party Reporting Rules
The UK’s financial regulator has issued new rules to make incident and third-party reporting clearer
AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs
35% of security leaders working in the UK’s critical infrastructure said regulatory requirements are the primary influence on their security programs
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
CVE-2026-3888 Ubuntu snap flaw lets local users escalate to root via timing-based exploit
Crypto Scam "ShieldGuard" Dismantled After Malware Discovery
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data
AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
The Vidar 2.0 infostealers is deployed through fake free game cheats on GitHub and Reddit
AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner
Gartner has urged security teams to get involved in AI projects from the start to avoid costly incident response
CISO DEMO: Cybersecurity Vendors Pitch Chief Information Security Officers On YouTube
Security chiefs watch short videos produced by Cybercrime Magazine – Steve Morgan, Founder of Cybersecurity Ventures Sausalito, Calif. – Mar. 18, 2026 Around a year ago, Cybersecurity Ventures asked AI “Why use YouTube for marketing?” and it replied “YouTube i…
Android OS-Level Attack Bypasses Mobile Payment Security
Android’s LSPosed-based attack hijacks payment apps via runtime manipulation and SIM-binding bypass
'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment
CursorJack shows how malicious MCP deeplinks in Cursor IDE can trigger user-approved code execution
Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears
Armis reveals that “mutually assured disruption” is no longer preventing state-backed attacks
Average Number of Daily API Attacks Up 113% Annually
Akamai says 87% of organizations suffered an API-related security incident last year
UK Cyber Monitoring Centre Sets Its Sights on US Expansion One Year After Launch
The US Cyber Monitoring Center should be operational in 2027, said the UK CMC leadership
Researchers Warn of Global Surge in Fake Shipment Tracking Scams
Some of these campaigns are linked to Darcula, a Chinese-language phishing-as-a-service platform
CrackArmor Flaws Expose Linux Systems to Privilege Escalation
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data
FBI Calls for Help to Track Steam Malware Campaign
The FBI wants to hear from gamers who have downloaded Steam titles containing malware
UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters
An issue with the Companies House website has put the personal and corporate information of millions at risk
Page 1 of 1 0 results