European Commission data stolen in a cyberattack on the infrastructure hosting its web sites

Fri Mar 27 2026

The European Commission is continuing to investigate the theft of data from its cloud infrastructure earlier this week.

CSO Online

Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s

Fri Mar 27 2026

Plus: Apple makes big claims about the effectiveness of its Lockdown Mode anti-spyware feature, Russia moves to implement homegrown encryption for 5G, and more.

Wired

Lloyds Bank reveals how IT bug exposed transaction data

Fri Mar 27 2026

Lloyds Banking Group has identified the glitch that led to some of its customers being able to see details of other customers’ transactions on March 12.

CSO Online

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Fri Mar 27 2026

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone," the...

The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Fri Mar 27 2026

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are...

The Hacker News

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Fri Mar 27 2026

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'" Koi...

The Hacker News

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Fri Mar 27 2026

Attackers have exploited a critical Langflow RCE within hours of disclosure, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to formally flag it for urgent remediation.

CSO Online

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Fri Mar 27 2026

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. "TikTok has been historically abused to distribute...

The Hacker News

We Are At War

Fri Mar 27 2026

Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.  Introduction: One tech power to rule them all is a thing of the past  The relative safety, peace and prosperity that much of the world has enjoyed since 1945 was not accidental. It emerged from the ashes...

The Hacker News

Cyberangriff auf die Linke

Fri Mar 27 2026

Die Hackergruppe “Qilin” steht möglicherweise hinter dem Angriff.

CSO Online

Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware

Fri Mar 27 2026

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon Russian businesses;...

The Hacker News

8 steps CISOs can take to empower their teams

Fri Mar 27 2026

Many leaders know empowered teams deliver better results, but not all leaders understand how to get there.

CSO Online

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Fri Mar 27 2026

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of...

The Hacker News

Was ist Social Engineering?

Fri Mar 27 2026

Mit Social-Engineering-Techniken manipulieren Cyberkriminelle die menschliche Psyche.

CSO Online

Google: The quantum apocalypse is coming sooner than we thought

Fri Mar 27 2026

Google isn’t just responsible for the encryption of a big chunk of the communications on the internet.

CSO Online

How Trump’s Plot to Grab Iran's Nuclear Fuel Would Actually Work

Thu Mar 26 2026

Experts say that an American ground operation targeting nuclear sites in Iran would be incredibly complicated, put troops’ lives at great risk—and might still fail.

Wired

The CISO’s guide to responding to shadow AI

Thu Mar 26 2026

Move over shadow IT; shadow AI is the new risk on the scene.

CSO Online

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

Thu Mar 26 2026

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that's also tracked as Earth Bluecrow,...

The Hacker News

A $20 Billion Crypto Scam Market Faces a New Government Crackdown

Thu Mar 26 2026

The Telegram-based Xinbi Guarantee black market sells services that help prop up scam operations. British officials just hit the highly lucrative marketplace with sweeping sanctions.

Wired

Using a VPN May Subject You to NSA Spying

Thu Mar 26 2026

US lawmakers are pressing Tulsi Gabbard to reveal whether using a VPN can strip Americans of their constitutional protections against warrantless surveillance.

Wired

[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks

Thu Mar 26 2026

Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule is active, so it’s expected to catch something. But very...

The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Thu Mar 26 2026

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the user wrote them," Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. "No clicks, no...

The Hacker News

Databricks pitches Lakewatch as a cheaper SIEM — but is it really?

Thu Mar 26 2026

Databricks has previewed a new open agentic Security Information and Event Management software (SIEM) named Lakewatch that signals its first deliberate step beyond data warehousing into security analy

CSO Online

Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception

Thu Mar 26 2026

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso, Matisse, and Renoir to unsuspecting collectors and renowned museums. Over the next several decades,...

The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

Thu Mar 26 2026

Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery tricks, old problems coming back in slightly worse forms, shady infrastructure doing...

The Hacker News

GitHub phishers use fake OpenClaw tokens to drain crypto wallets

Thu Mar 26 2026

Threat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens.

CSO Online

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks

Thu Mar 26 2026

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When Coruna was first reported, the public evidence wasn't sufficient to link its code to Triangulation — shared...

The Hacker News

Anduril Wants to Own the Future of War Tech. Mishaps, Delays, and Challenges Abound

Thu Mar 26 2026

From drones to missiles to submarines, the $30.5 billion defense startup wants to transform how the tools of war are made. It’s not all going as planned.

Wired

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

Thu Mar 26 2026

Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data," Sansec said in a report published this week. The attack,...

The Hacker News

10 essenzielle Maßnahmen für physische Sicherheit

Thu Mar 26 2026

Wenn physische Security nur immer so simpel umzusetzen wäre… Foto: Leremy | shutterstock.

CSO Online

New critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expert

Wed Mar 25 2026

A new critical vulnerability that is similar to the widely-exploited CitrixBleed and CitrixBleed2 holes should be patched in NetScaler devices immediately, say experts.

CSO Online

Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service

Wed Mar 25 2026

Cisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be chained to cause a denial-of-service outage, infrastructure security company

CSO Online

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

Wed Mar 25 2026

The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating and managing a criminal site that allowed stolen...

The Hacker News

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Wed Mar 25 2026

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs. "It logs keystrokes, dumps cookies and session tokens, captures screenshots, and...

The Hacker News

When Satellite Data Becomes a Weapon

Wed Mar 25 2026

As war reshapes the Gulf, the satellite infrastructure the world relies on to see conflict clearly is being delayed, spoofed, and privately controlled—and nobody is sure who is responsible.

Wired

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

Wed Mar 25 2026

What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised.

CSO Online

The Kill Chain Is Obsolete When Your AI Agent Is the Threat

Wed Mar 25 2026

In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed. This incident is worrying, but there's a scenario that should...

The Hacker News

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

Wed Mar 25 2026

The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases "milan" and "okart," is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka...

The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Wed Mar 25 2026

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign leverages...

The Hacker News

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

Wed Mar 25 2026

PyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware for large language models, LiteLLM, were bri

CSO Online

6 key trends reshaping the IAM market

Wed Mar 25 2026

The identity and access management (IAM) market has shifted its focus from traditional “login and MFA” mechanisms toward treating identity as a security control plane.

CSO Online

Iranians Don’t Have a Missile Alert System, So Volunteers Built Their Own Warning Map

Wed Mar 25 2026

The crowdsourced website and app Mahsa Alert provides citizens in Iran with crucial information amid the country’s ongoing war with the US and Israel—and an internet blackout.

Wired

AI is breaking traditional security models — Here’s where they fail first

Wed Mar 25 2026

Traditionally, enterprise security operating models operated a fixed and regular cycle: Findings surfaced through periodic scans, security teams triaged results and remediation followed through ticket

CSO Online

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

Wed Mar 25 2026

The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of...

The Hacker News

Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance

Wed Mar 25 2026

CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten.

CSO Online

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Tue Mar 24 2026

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on March...

The Hacker News

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

Tue Mar 24 2026

A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (...

The Hacker News

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents

Tue Mar 24 2026

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position...

The Hacker News

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Tue Mar 24 2026

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared...

The Hacker News

DDoS-Angriffe haben sich verdoppelt

Tue Mar 24 2026

srcset="https://b2b-contenthub.

CSO Online

HP launches TPM Guard to help defeat physical TPM attacks

Tue Mar 24 2026

The Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11.

CSO Online

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

Tue Mar 24 2026

Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not...

The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Tue Mar 24 2026

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below - react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader...

The Hacker News

New ‘StoatWaffle’ malware auto‑executes attacks on developers

Tue Mar 24 2026

A newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campaign.

CSO Online

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Tue Mar 24 2026

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security...

The Hacker News

Your Body Is Betraying Your Right to Privacy

Tue Mar 24 2026

Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get worse.

Wired

‘Get Down! Get Down! They’re Gonna See Us!’: Six Months of Hiding From ICE

Tue Mar 24 2026

A family in Chicago has been terrified to leave their apartment. Agents could be anywhere.

Wired

Autonomous AI adoption is on the rise, but it’s risky

Tue Mar 24 2026

Two AI releases early this year are prompting users to give up control and let autonomous agentic tools complete tasks on their behalf.

CSO Online

ICE Is Paying Salaries and More for This Town’s Entire Police Force

Tue Mar 24 2026

Under a Homeland Security program, police departments around the US are signing up to assist in immigration enforcement. The cops of Carroll, New Hampshire, are going all in—and they’re likely not alone.

Wired

Streamline physical security to enable data center growth in the era of AI

Tue Mar 24 2026

AI is the new space race for data centers, and consistency at speed is the rocket fuel that colocation and hyperscale providers need to reach orbit.

CSO Online

Why CISOs should embrace AI honeypots

Tue Mar 24 2026

The nightmare begins with our protagonist trying to find a way inside to get to the firm’s files, but every door is bolted shut.

CSO Online

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

Tue Mar 24 2026

A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware attacks across the...

The Hacker News

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Tue Mar 24 2026

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user...

The Hacker News

ISO und ISMS: Darum gehen Security-Zertifizierungen schief

Tue Mar 24 2026

Mit einer ISO 27001-Zertifizierung weisen Unternehmen nach, dass sie ein wirksames Informationssicherheits-Managementsystems (ISMS) betreiben.

CSO Online

Palo Alto updates security platform to discover AI agents

Tue Mar 24 2026

As CISOs worry about AI agent sprawl, Palo Alto Networks has announced an update to its Prisma AIRS security platform and enterprise browser to include the ability to discover AI agents, models, and c

CSO Online

A Mysterious Numbers Station Is Broadcasting Through the Iran War

Mon Mar 23 2026

First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany—but its purpose and its operator remain unclear.

Wired

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

Mon Mar 23 2026

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks...

The Hacker News

Faster attacks and ‘recovery denial’ ransomware reshape threat landscape

Mon Mar 23 2026

Mandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasingly focusing on the systems organizations re

CSO Online

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Mon Mar 23 2026

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks...

The Hacker News

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

Mon Mar 23 2026

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint...

The Hacker News

Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies

Mon Mar 23 2026

A new infostealer is bypassing Chrome’s Application-Bound Encryption (ABE), using a debugger-based technique researchers say hasn’t been seen in the wild before.

CSO Online

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Mon Mar 23 2026

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients into opening...

The Hacker News