BuzzSec

This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud. The post Cloud Security: Tips and Resources for Securing the Cloud appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/cloud-security-tips-and-resources-for-securing-the-cloud/

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard. "Use-after-free in Dawn in Google Chrome prior from The Hacker News https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries, and legitimate admin utilities to move laterally, escalate privileges, and persist without raising alarms. Most from The Hacker News https://thehackernews.com/2026/04/3-reasons-attackers-are-using-your.html

With 320 million daily users on Microsoft Teams, the ability to connect with colleagues across the organization has never been more seamless… or more targeted. The shift isn’t just about where we talk; it's about how we are being attacked. Threat actors moving beyond phishing emails and are infiltrating into the trusted spaces where your employees feel safest.  Starting in 2023, hackers began shifting their focus to Microsoft Teams with massive success, exploiting a high-trust environment where users are significantly more likely to comply with deceptive, urgent requests. By 2025, threat actors introduced callback phishing and voice phishing (vishing) as preferred methods to manipulate employees directly through Microsoft Teams.  Because of the level of sophistication in these attacks, relying solely on native anti-phishing rules has proven risky. Recent logic errors in these heuristic systems have caused significant operational disruptions, mistakenly blocking thousand...

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update, from The Hacker News https://thehackernews.com/2026/03/trueconf-zero-day-exploited-in-attacks.html

Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment. According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI permission model can be misused from The Hacker News https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html

from Human Risk Management Blog https://blog.knowbe4.com/cyberheistnews-vol-16-13-the-urgency-trap-why-time-pressure-is-your-biggest-email-red-flag

The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining challenge of the new era of digital warfare: the weaponization of Artificial Intelligence. Threat actors from The Hacker News https://thehackernews.com/2026/03/the-ai-arms-race-why-unified-exposure.html

Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it’s largely unnecessary. I wrote up my thoughts back in 2008, in an <a href+https://www.schneier.com/essays/archives/2008/10/quantum_cryptography.html”>essay titled “Quantum Cryptography: As Awesome As It Is Pointless.” Back then, I wrote: While I like the science of quantum cryptography—my undergraduate degree was in physics—I don’t see any commercial value in it. I don’t believe it solves any security problem that needs solving. I don’t believe that it’s worth paying for, and I can’t imagine anyone but a few technophiles buying and deploying it. Systems that use it don’t magically become unbreakable, because the quantum part doesn’t address the weak points of the system. Security is a chain; it’s as strong as the weakest link. Mathematical ...

Every year on March 31st, World Backup Day rolls around with a simple but important message: Backup your data. from Human Risk Management Blog https://blog.knowbe4.com/world-backup-day-because-it-wont-happen-to-me-often-means-it-will

Researchers at SpyCloud warn that the number of stolen identity records on criminal forums rose to 65.7 billion in 2025, a 23% increase from the previous year. from Human Risk Management Blog https://blog.knowbe4.com/report-there-are-nearly-66-billion-stolen-identity-records-on-criminal-forums

A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai from The Hacker News https://thehackernews.com/2026/03/deepload-malware-uses-clickfix-and-wmi.html

Researchers at Malwarebytes warn that cybercriminals are peddling stolen tax documents for as low as $4 per identity, with freshly stolen forms selling for $20 each. These documents allow threat actors to conduct refund fraud, using stolen personal information to claim victims’ tax refunds. from Human Risk Management Blog https://blog.knowbe4.com/criminals-are-selling-stolen-tax-forms-for-cheap-on-the-dark-web

What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary escalations, and improve how the entire SOC responds under pressure from The Hacker News https://thehackernews.com/2026/03/3-soc-process-fixes-that-unlock-tier-1.html

Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year's findings reveal three core trends: AI has from The Hacker News https://thehackernews.com/2026/03/the-state-of-secrets-sprawl-2026-9.html

A thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording. The reason it’s tempting to think that a dedicated camera indicator light is more secure than an on-display indicator is the fact that hardware is generally more secure than software, because it’s harder to tamper with. With hardware, a dedicated hardware indicator light can be connected to the camera hardware such that if the camera is accessed, the light must turn on, with no way for software running on the device, no matter its privileges, to change that. With an indicator light that is rendered on the display, it’s not foolish to worry that malicious software, with sufficient privileges, could draw over the pixels on the display where the camera indicator is rendered, disguising that the camera is in use. If this were implemented simplistically, that concern would be completely valid. But Apple’s imp...

Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling from The Hacker News https://thehackernews.com/2026/03/russian-ctrl-toolkit-delivered-via.html

Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL from The Hacker News https://thehackernews.com/2026/03/three-china-linked-clusters-target.html

Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel "will now find his name among the list of successfully hacked victims." In a statement from The Hacker News https://thehackernews.com/2026/03/iran-linked-hackers-breach-fbi.html

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per from The Hacker News https://thehackernews.com/2026/03/citrix-netscaler-under-active-recon-for.html

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution. "When a from The Hacker News https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are from The Hacker News https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'" Koi from The Hacker News https://thehackernews.com/2026/03/open-vsx-bug-let-malicious-vs-code.html

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. "TikTok has been historically abused to distribute from The Hacker News https://thehackernews.com/2026/03/aitm-phishing-targets-tiktok-business.html

A finance employee receives an email that appears to come from the CFO requesting urgent payment approval. The message references a current project, uses the correct tone, and arrives at a plausible time. However, the email wasn’t written by a colleague — it was generated by AI. And it contains a malicious link. from Human Risk Management Blog https://blog.knowbe4.com/navigating-adaptive-email-security-in-the-age-of-ai-knowbe4

Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.  Introduction: One tech power to rule them all is a thing of the past  The relative safety, peace and prosperity that much of the world has enjoyed since 1945 was not accidental. It emerged from the ashes from The Hacker News https://thehackernews.com/2026/03/we-are-at-war.html

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon Russian businesses; from The Hacker News https://thehackernews.com/2026/03/bearlyfy-hits-70-russian-firms-with.html

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of from The Hacker News https://thehackernews.com/2026/03/langchain-langgraph-flaws-expose-files.html

In the financial services industry, a "security incident" is rarely just an IT ticket. It is a regulatory event. Whether you are a bank, a global investment firm, or a fintech startup, your email environment is the most targeted entry point for attackers and the most common exit point for sensitive data. from Human Risk Management Blog https://blog.knowbe4.com/why-financial-firms-are-outgrowing-traditional-email-security

Malwarebytes warns that a phishing campaign is using Google Calendar invites to send phony renewal notices for Malwarebytes subscriptions. The calendar invites contain a phone number that will connect the user with a scammer. from Human Risk Management Blog https://blog.knowbe4.com/scammers-abuse-calendar-invites-to-plant-phony-subscription-notices

Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery tricks, old problems coming back in slightly worse forms, shady infrastructure doing from The Hacker News https://thehackernews.com/2026/03/threatsday-bulletin-pqc-push-ai-vuln.html

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When Coruna was first reported, the public evidence wasn't sufficient to link its code to Triangulation — shared from The Hacker News https://thehackernews.com/2026/03/coruna-ios-kit-reuses-2023.html

In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequences on their deployment of AI, while undermining the efforts of consumers, advocates, and industry associations concerned about AI’s harms who have spent years pushing for state regulation. Trump’s actions have clarified the ideological alignments around AI within America’s electoral factions. They set down lines on a new playing field for the midterm elections, prompting members of his party, the opposition, and all of us to consider where we stand in the debate over how and where to let AI transform our lives. In a May 2025 survey of likely voters nationwide, more than 70% favored state and federal regulators having a hand in AI policy. A December 2025 poll by Navigator Research found si...

In the first half of March 2026 I collected 95 events (6.34 events/day) with a threat landscape dominated by malware once ahead of account takeovers and ransomware. from HACKMAGEDDON https://www.hackmageddon.com/2026/03/26/1-15-march-2026-cyber-attacks-timeline/

Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data," Sansec said in a report published this week. The attack, from The Hacker News https://thehackernews.com/2026/03/webrtc-skimmer-bypasses-csp-to-steal.html

The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating and managing a criminal site that allowed stolen from The Hacker News https://thehackernews.com/2026/03/leakbase-admin-arrested-in-russia-over.html

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs. "It logs keystrokes, dumps cookies and session tokens, captures screenshots, and from The Hacker News https://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.html

Real-world account of how insecure databases and an AI chatbot left customer data exposed and how it could have been prevented. The post Lessons From A Chatbot Incident appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/lessons-from-a-chatbot-incident/

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign leverages from The Hacker News https://thehackernews.com/2026/03/device-code-phishing-hits-340-microsoft.html

Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the context of Rudd being unwilling to agree to basic constitutional limitations on NSA surveillance. But that’s just a jumping off point ahead of Section 702’s upcoming reauthorization deadline. Buried in the speech is a passage that should set off every alarm bell: There’s another example of secret law related to Section 702, one that directly affects the privacy rights of Americans. For years, I have asked various administrations to declassify this matter. Thus far they have all refused, although I am still waiting for a response from DNI Gabbard. I strongly believe that this matter can and should be declassified and that Congress needs to debate it openly before Section 702 is reauthorized. In fact, when it ...

The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of from The Hacker News https://thehackernews.com/2026/03/fcc-bans-new-foreign-made-routers-over.html

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared from The Hacker News https://thehackernews.com/2026/03/hackers-use-fake-resumes-to-steal.html

On March 9th, Codewall.ai disclosed how it had hacked McKinsey & Company’s AI platform called Lilli, a purpose-built system for 43,000+ employees to analyze documents, chat, and access decades of proprietary research. The researchers unleashed an AI agent which quickly scanned 200 endpoints, identified 22 that did not require authentication, and one that wrote user search queries into a database including non-parameterized JSON keys which were concatenated directly into SQL. from Human Risk Management Blog https://blog.knowbe4.com/best-practices-for-implementing-ai-agents

On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position from The Hacker News https://thehackernews.com/2026/03/5-learnings-from-first-ever-gartner.html

Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai , illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It is harnessed to root out corruption, instead of serving as a cash cow for campaign donations. Imagine an election where every voter has the opportunity to opine directly to politicians on precisely the issues they care about. They’re not expected to spend hours becoming policy experts. Instead, an AI Interviewer walks them through the subject, answering their questions, interrogating their experience, even challenging their thinking. Voters get immediate feedback on how their individual point of view matches—or doesn’t—a party’s platform, and they can see whether and how the party adopts their feedback. This isn’t like an opinion poll that politicians use for calculating short-term electoral tactics. It’s...

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security from The Hacker News https://thehackernews.com/2026/03/teampcp-hacks-checkmarx-github-actions.html

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user from The Hacker News https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target. When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint from The Hacker News https://thehackernews.com/2026/03/we-found-eight-attack-vectors-inside.html

The old rules for spotting a phishing email are changing. Remember looking for bad grammar and clumsy spelling? Thanks to AI, hackers' emails are increasingly polished and hard to spot. But a new poll from KnowBe4 reveals the modern worker's most reliable alarm bell for a cyberattack isn't a typo; it's a sense of manufactured urgency. from Human Risk Management Blog https://blog.knowbe4.com/the-urgency-trap-why-time-pressure-is-your-biggest-email-red-flag

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients into opening from The Hacker News https://thehackernews.com/2026/03/microsoft-warns-irs-phishing-hits-29000.html

It’s an impressive feat , over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn’t ‘see’ into the Xbox One, so had to develop new hardware introspection tools. Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data. As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security proc...

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library. "New image tags 0.69.5 and from The Hacker News https://thehackernews.com/2026/03/trivy-hack-spreads-infostealer-via.html

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It's from The Hacker News https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday. "The campaign from The Hacker News https://thehackernews.com/2026/03/fbi-warns-russian-hackers-target-signal.html

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0. "This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully from The Hacker News https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html

Last week, our KnowBe4 Leeds office opened its doors to a group of security professionals for an immersive, full-day deep dive into the evolving landscape of human risk. from Human Risk Management Blog https://blog.knowbe4.com/inside-our-human-risk-in-person-experience-in-leeds

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in from The Hacker News https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html

Digital Cleanup Day might be seen as a digital chore: delete old files, clear the inbox, reduce your carbon footprint. It’s framed as a technical exercise. But digital cleanup isn't only about your hard drive; it’s also about your mind. from Human Risk Management Blog https://blog.knowbe4.com/digital-cleanup-its-not-just-your-files-its-your-brain

Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to from The Hacker News https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html

404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment information related to a particular account—but still important knowledge. This sort of thing happens, even to privacy-centric companies like Proton Mail. from Schneier on Security https://www.schneier.com/blog/archives/2026/03/proton-mail-shared-user-information-with-the-police.html

Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result, from The Hacker News https://thehackernews.com/2026/03/the-importance-of-behavioral-analytics.html

I am very proud of our customer community here at KnowBe4. It is a place where customers can discuss our products amongst each other and interface with KnowBe4’s developers and product managers. from Human Risk Management Blog https://blog.knowbe4.com/our-knowbe4-community-is-one-of-our-greatest-strengths

ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well it lands. Other bits feel a little too practical, like they’re already closer to real-world use than anyone from The Hacker News https://thehackernews.com/2026/03/threatsday-bulletin-fortigate-raas.html

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more flexible and capable platform" for compromising Android devices through dropper apps distributed from The Hacker News https://thehackernews.com/2026/03/new-perseus-android-banking-malware.html

Security teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is now running across engineering organizations at scale. It reads files, executes shell commands, calls external APIs, from The Hacker News https://thehackernews.com/2026/03/how-ceros-gives-security-teams.html

Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that . from Schneier on Security https://www.schneier.com/blog/archives/2026/03/hacking-a-robot-vacuum.html

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit, codenamed DarkSword from The Hacker News https://thehackernews.com/2026/03/darksword-ios-exploit-kit-uses-6-flaws.html

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass destruction (WMD) programs. "The North Korean from The Hacker News https://thehackernews.com/2026/03/ofac-sanctions-dprk-it-worker-network.html

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to from The Hacker News https://thehackernews.com/2026/03/interlock-ransomware-exploits-cisco-fmc.html

Learn how to transform boring, meeting-style security tabletop exercises into engaging real-world scenario simulations. The post How to Lead Effective Tabletops appeared first on Black Hills Information Security, Inc. . from Black Hills Information Security, Inc. https://www.blackhillsinfosec.com/how-to-lead-effective-cybersecurity-tabletops/

Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow from The Hacker News https://thehackernews.com/2026/03/9-critical-ip-kvm-flaws-enable.html

Security teams today are not short on tools or data. They are overwhelmed by both.  Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context:  Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable attack paths to crown jewels? Even the most mature security teams can’t answer that from The Hacker News https://thehackernews.com/2026/03/product-walkthrough-how-mesh-csma.html

Surprising no one, Meta’s new AI glasses are a privacy disaster . I’m not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby. from Schneier on Security https://www.schneier.com/blog/archives/2026/03/metas-ai-glasses-and-privacy.html

A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system. "This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access from The Hacker News https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells from The Hacker News https://thehackernews.com/2026/03/ai-flaws-in-amazon-bedrock-langsmith.html

The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials from The Hacker News https://thehackernews.com/2026/03/leaknet-ransomware-uses-clickfix-via.html

from Human Risk Management Blog https://blog.knowbe4.com/cyberheistnews-vol-16-11-9-must-know-best-practices-for-email-security

A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how organizations are securing AI infrastructure and highlights critical gaps tied to skills shortages and from The Hacker News https://thehackernews.com/2026/03/ai-is-everywhere-but-cisos-are-still.html

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. "Initial access was achieved through a spear-phishing email disguised as a from The Hacker News https://thehackernews.com/2026/03/konni-deploys-endrat-through-spear.html

An expensive mistake : Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth 8.1 billion won (currently approximately $5.6 million). When announcing the success of the operation, the agency released photos of a Ledger device, a popular hardware wallet for crypto storage and management. However, the images also showed a handwritten note of the wallet recovery phrase, which serves as the master key that allows restoring the assets to another device. The authorities failed to redact that info, allowing anyone to transfer into their account the assets in the cold wallet. Reportedly, shortly after the press release was published, 4 million Pre-Retogeum (PRTG) tokens, worth approximately $4...

Integrated cloud email security (ICES) is a term coined by industry analyst, Gartner, in their 2021 Market Guide for Email Security. The guide was reissued in 2023 and stated that ‘by 2025, 20% of anti-phishing solutions will be delivered via API integration with the email platform, up from less than 5%” at the time of publication’. from Human Risk Management Blog https://blog.knowbe4.com/what-is-integrated-cloud-email-security-ices-guide

Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a good mix here: weird abuse of trusted stuff, quiet infrastructure ugliness, from The Hacker News https://thehackernews.com/2026/03/weekly-recap-chrome-0-days-router.html

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate the implications of running from The Hacker News https://thehackernews.com/2026/03/clickfix-campaigns-spread-macsync-macos.html

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware from The Hacker News https://thehackernews.com/2026/03/drillapp-backdoor-targets-ukraine.html

I’m skeptical about—and not qualified to review—this new result in factorization with a quantum computer, but if it’s true it’s a theoretical improvement in the speed of factoring large numbers with a quantum computer. from Schneier on Security https://www.schneier.com/blog/archives/2026/03/possible-new-result-in-quantum-factorization.html

Our Threat Intelligence team has observed an emerging obfuscation technique, specifically used to make Natural Language Processing (NLP) detection capabilities less effective. Broadly, malicious actors are adding additional characters, break lines, and legitimate links to the end of a phishing email in an attempt to disguise their malicious payloads amongst the noise and evade NLP detection. from Human Risk Management Blog https://blog.knowbe4.com/nlp-obfuscation-techniques-email-security-evasion

Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week. AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened from The Hacker News https://thehackernews.com/2026/03/android-17-blocks-non-accessibility.html

Sending an unsecured email can be likened to writing sensitive information on a sticky note and leaving it on someone else's desk: anybody can intercept and share that information. Fortunately, there are ways to ensure your emails are safe from the prying eyes of hackers through encryption, meaning your message — no matter how sensitive — is seen only by the intended recipient. from Human Risk Management Blog https://blog.knowbe4.com/how-do-i-send-a-secure-email-in-outlook

China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source and self-hosted autonomous artificial intelligence (AI) agent. In a post shared on WeChat, CNCERT noted that the platform's "inherently weak default security configurations," coupled with its from The Hacker News https://thehackernews.com/2026/03/openclaw-ai-agent-flaws-could-enable.html

This is a current list of where and when I am scheduled to speak: I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT on Thursday, March 19, 2026. I’m speaking at RSAC 2026 in San Francisco, California, USA, on Wednesday, March 25, 2026. I’m part of an event on “Canada and AI Sovereignty,” hosted by the University of Toronto’s Munk School of Global Affairs & Public Policy , which will be held online via Zoom at 4:00 PM ET on Monday, March 30, 2026. I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026. I’m speaking at the Nemertes [Next] Virtual Conference Spring 2026 , a virtual event, on April 29, 2026. I’m speaking at RightsCon 2026 in Lusaka, Zambia, on May 6 and 7, 2026. The list is maintained on this page . from Schneier on Security https://www.schneier.com/blog/a...

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive from The Hacker News https://thehackernews.com/2026/03/glassworm-supply-chain-attack-abuses-72.html

When we think about misdirected email , we often put ourselves in the shoes of the sender. After all, nobody wants to tell their manager that they might (however accidentally) be responsible for a data breach. But what you do when you’re on the other side of the inbox? from Human Risk Management Blog https://blog.knowbe4.com/received-someone-elses-confidential-email-heres-what-to-do

INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effort is part of an international law enforcement operation that involved 72 countries and territories. from The Hacker News https://thehackernews.com/2026/03/interpol-dismantles-45000-malicious-ips.html

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients from The Hacker News https://thehackernews.com/2026/03/storm-2561-spreads-trojan-vpn-clients.html

Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is intended for informational and preparedness purposes only. Read more blogs around threat from The Hacker News https://thehackernews.com/2026/03/investigating-new-click-fix-variant.html