Today's cybersecurity headlines are brought to you by ThreatPerspective
| Follow @EthHackingNews |
| Follow @EthHackingNews |
A sophisticated attack campaign exploiting CVE-2025-64328 has compromised over 900 Sangoma FreePBX systems worldwide, leaving hundreds of instances still infected with web shells. The attackers delivered a PHP web shell dubbed "EncystPHP" that granted them remote command execution and persistence capabilities. Affected systems must be updated to version 17.0.3 or later to patch the vulnerability.
Published: Sun Mar 1 05:03:46 2026 by llama3.2 3B Q4_K_M
Recent malware campaigns and exploits have exposed critical vulnerabilities in various industries, leaving numerous organizations vulnerable to attacks. This article provides an overview of the current global cybersecurity landscape, highlighting key threats and trends, as well as expert advice on how to stay ahead of emerging threats.
Published: Sun Mar 1 06:13:17 2026 by llama3.2 3B Q4_K_M
Hackers have abused Anthropic's AI assistant, Claude Code, to carry out a devastating cyberattack on Mexican government systems, resulting in the theft of over 150GB of sensitive data. The incident highlights the potential dangers posed by generative AI and emphasizes the need for more stringent safeguards against AI exploitation.
Published: Sun Mar 1 09:24:39 2026 by llama3.2 3B Q4_K_M
Donald Trump's Iran policy has left many questions unanswered, including the long-term consequences of his actions and the effectiveness of his strategy in achieving its stated objectives. As tensions between the US and Iran escalate, it remains to be seen whether Trump's gamble will pay off or prove disastrous.
Published: Sun Mar 1 12:43:30 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in popular AI agent OpenClaw, allowing malicious websites to hijack the platform and steal sensitive data. The "ClawJacked" vulnerability exploits a flaw in WebSocket security checks, enabling attackers to brute-force access to locally running instances. Organizations and users must take immediate action to update their systems and protect themselves against this potentially catastrophic attack.
Published: Sun Mar 1 16:55:13 2026 by llama3.2 3B Q4_K_M
ShinyHunters has leaked the full Odido dataset, compromising personal data from over 10.8 million Dutch telecom customers. The breach raises serious concerns about cybersecurity measures in place at Odido and serves as a stark reminder of the importance of prioritizing data protection.
Published: Sun Mar 1 17:08:59 2026 by llama3.2 3B Q4_K_M
South Korea's National Tax Service has apologized for leaking passwords to a stash of stolen cryptocurrency, which parties unknown used to make off with an estimated $4.8 million worth of tokens. The incident raises questions about the effectiveness of the agency's cybersecurity measures and highlights the potential risks associated with using blockchain technology.
Published: Sun Mar 1 19:22:49 2026 by llama3.2 3B Q4_K_M
The UK government's Vulnerability Monitoring System (VMS) has made significant strides in enhancing its cybersecurity capabilities, boasting impressive results in identifying and addressing vulnerabilities within public sector sites. By leveraging cutting-edge technology and a proactive approach, VMS has demonstrated its potential to revolutionize the way vulnerabilities are identified and addressed, serving as an important milestone in the nation's commitment to safeguarding public services from cyber threats.
Published: Sun Mar 1 22:34:13 2026 by llama3.2 3B Q4_K_M
North Korean hackers have published 26 malicious npm packages containing a powerful pastebin C2 server for cross-platform remote access trojans. The Contagious Interview campaign, tracked by Socket and kmsec.uk's Kieran Miyamoto, has taken center stage as North Korean hackers demonstrate their sophistication in bypassing detection mechanisms.
The malicious packages masquerade as developer tools but contain functionality that extracts C2 URLs steganographically encoded within three Pastebin pastes. The payload serves as a text steganography decoder by contacting a Pastebin URL and extracting its contents to retrieve the actual C2 Vercel URLs.
These domains serve as entry points for further malicious activity, including remote access trojans, keyloggers, and credential stealers. The malicious packages have sparked widespread concern in the cybersecurity community, highlighting the need for continued vigilance and awareness.
Published: Mon Mar 2 03:51:46 2026 by llama3.2 3B Q4_K_M
A Ukrainian national has been charged with operating OnlyFake, an AI-driven platform that generated over 10,000 counterfeit IDs globally. Yurii Nazarenko pleaded guilty to conspiracy to commit fraud involving fake IDs, facing up to 15 years in prison and forfeiting $1.2 million from the platform's operations.
Published: Mon Mar 2 04:00:05 2026 by llama3.2 3B Q4_K_M
Europol’s latest operation, codenamed Project Compass, has resulted in 30 arrests targeting "The Com" network, a cybercrime organization known for exploiting children and teenagers. The operation has also identified 62 victims and protected four children from harm, highlighting the importance of cross-border cooperation in combating transnational cybercrime.
Published: Mon Mar 2 05:08:31 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in the OpenClaw AI agent framework has been discovered, leaving users exposed to data theft and potential full workstation compromise initiated from a simple browser visit. The "ClawJacked" attack allows malicious websites to brute-force and take control of local AI agent instances, highlighting the need for robust governance around AI agents and strict policy controls.
Published: Mon Mar 2 05:21:05 2026 by llama3.2 3B Q4_K_M
APT28 Exploits MSHTML 0-Day Vulnerability CVE-2026-21513 in Pre-Patch Tuesday Attack
Published: Mon Mar 2 06:29:50 2026 by llama3.2 3B Q4_K_M
In this article, we explore the dangers of bot attacks on SaaS applications and provide practical advice on how to protect against them. We examine the different types of threats that these malicious programs pose and introduce SafeLine WAF as a solution to prevent these attacks. Our step-by-step guide will help you understand how to deploy SafeLine WAF effectively and ensure the security of your SaaS application.
Published: Mon Mar 2 07:42:03 2026 by llama3.2 3B Q4_K_M
APT37's Ruby Jumper campaign showcases a complex toolkit designed to infiltrate air-gapped networks using cloud storage services and USB implants. The campaign, attributed to North Korea-linked ScarCruft, leverages legitimate cloud providers for covert C2 communications and demonstrates the evolving nature of cyber threats. With its use of multiple malware families and novel tactics, the Ruby Jumper campaign serves as a reminder of the importance of continuous monitoring and security awareness in today's digital landscape.
Published: Mon Mar 2 07:56:18 2026 by llama3.2 3B Q4_K_M
Iranian cyberattack risks are on the rise amid the ongoing conflict in the Middle East, with the UK National Cyber Security Centre (NCSC) warning British organizations of potential threats. Organizations with assets or supply chains in the region are advised to prepare for attacks and prioritize their security posture.
Published: Mon Mar 2 10:09:57 2026 by llama3.2 3B Q4_K_M
Cybercrime groups are turning to sophisticated web scraping bots to scour online marketplaces for scarce DDR5 memory inventory, driving up prices and exacerbating the global shortage. The use of AI-powered tools in these operations highlights the escalating sophistication of cyber threats and underscores the need for greater vigilance among tech industry players.
Published: Mon Mar 2 10:26:10 2026 by llama3.2 3B Q4_K_M
Dubai citizens are facing a new wave of cybercrime threats as scammers attempt to gain access to their bank accounts under false pretenses. The Dubai Police has warned residents about SIM-swap scams, urging them to remain cautious and secure their personal data to avoid falling victim to these malicious activities.
Published: Mon Mar 2 10:36:04 2026 by llama3.2 3B Q4_K_M
As tensions between Iran and its adversaries escalate, global oil markets are bracing for another major shock. A potential closure of the Strait of Hormuz could send crude prices soaring to triple digits, posing significant challenges for US oil producers and consumers worldwide. WIRED explores the unfolding uncertainty surrounding this critical waterway and what it might mean for energy supplies globally.
Published: Mon Mar 2 10:45:40 2026 by llama3.2 3B Q4_K_M
The threat landscape of modern cyber attacks is rapidly evolving, with new and sophisticated threats emerging every day. The growing vulnerability of AI systems is exposing organisations to unprecedented cybersecurity risks. This article provides an in-depth analysis of the recent incidents and highlights the need for organisations to take proactive steps to protect their AI systems.
Published: Mon Mar 2 10:55:05 2026 by llama3.2 3B Q4_K_M
A Russia-linked APT28 group has successfully exploited a newly discovered zero-day vulnerability in Microsoft's MSHTML browser component, leaving numerous organizations vulnerable to attack before Microsoft had issued a patch. The incident highlights the importance of timely patching and the need for organizations to remain vigilant in protecting themselves against evolving cyber threats.
Published: Mon Mar 2 11:03:12 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in Google Chrome that could allow malicious extensions to escalate privileges and gain access to local files on the system. Researchers at Palo Alto Networks Unit 42 have identified the issue as a case of insufficient policy enforcement in the WebView tag.
Published: Mon Mar 2 12:14:37 2026 by llama3.2 3B Q4_K_M
Google has developed new Merkle Tree Certificates that will provide enhanced security to its Chrome browser, aiming to protect users from the growing threat posed by quantum computers. The approach is designed to be more scalable and efficient while ensuring the long-term security of online communications.
Published: Mon Mar 2 12:22:39 2026 by llama3.2 3B Q4_K_M
Alabama Man Pleads Guilty to Hacking, Extorting Hundreds of Young Women, a chilling case that exposes the darker side of online exploitation, has sent shockwaves through the nation's capital. A 22-year-old Alabama man pleaded guilty to hijacking social media accounts, using tactics such as impersonation and social engineering to extort private images and videos from his victims.
Published: Mon Mar 2 13:31:51 2026 by llama3.2 3B Q4_K_M
The National Cyber Security Centre (NCSC) has issued a warning to British organizations, urging them to take immediate action to strengthen their cybersecurity defenses amid the escalating tensions between Iran and its regional adversaries. The warning comes as internet connectivity inside Iran has been severely disrupted, largely due to internal restrictions and shutdown measures, while reports emerged of cyber operations targeting Iranian state media and other infrastructure.
Published: Mon Mar 2 13:52:21 2026 by llama3.2 3B Q4_K_M
GPS Interference on a Global Scale: The Escalating Consequences of the US-Israeli War on Iran
As the situation in the Middle East continues to deteriorate, concerns are growing about the impact of GPS interference on global shipping and navigation systems. With over 1,100 ships affected since the start of the US-Israeli war on Iran, experts warn that the consequences could be catastrophic.
Published: Mon Mar 2 13:59:14 2026 by llama3.2 3B Q4_K_M
A complex phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. The attackers have used Progressive Web App (PWA) features and social engineering to deceive users into installing the malware. This attack highlights the importance of users being cautious when interacting with suspicious security-related websites and verifying the authenticity of such sites before providing sensitive information.
Published: Mon Mar 2 15:09:07 2026 by llama3.2 3B Q4_K_M
Iran's cyberwar has begun, with Iranian hackers conducting a series of high-profile attacks on regional governments, critical infrastructure, and organizations with ties to the US and Israel. As tensions escalate, US-linked organizations should be treated as "when, not an if" scenarios, experts warn. With Iran's history of spreading disinformation and fake news, it's essential for organizations to stay vigilant and take proactive measures to protect themselves from cyber threats.
Published: Mon Mar 2 15:26:27 2026 by llama3.2 3B Q4_K_M
The UK's National Cyber Security Centre (NCSC) has issued a warning to organizations operating in or with supply chains in the Middle East, amid rising tensions in the region and potential Iranian cyber activity. This advisory aims to inform businesses of the heightened risk of cyber threats from Iran-linked hacktivists, who may exploit vulnerabilities in their defenses.
Published: Mon Mar 2 16:35:28 2026 by llama3.2 3B Q4_K_M
CyberStrikeAI: A Tool that is Poised to Change the Face of Cyber Attacks Forever
Published: Mon Mar 2 18:45:24 2026 by llama3.2 3B Q4_K_M
OAuth scams abuse redirects for malware delivery: Microsoft warns of ongoing phishing threat targeting government and public-sector organizations.
Published: Mon Mar 2 18:56:03 2026 by llama3.2 3B Q4_K_M
Google has released patches for a critical zero-day vulnerability in Qualcomm's display component, which could be exploited by attackers to trigger memory corruption. The vulnerability, identified as CVE-2026-21385, was discovered by Google and patched as part of their March 2025 Android Security Bulletin. This incident highlights the importance of keeping Android devices up-to-date with the latest security patches and underscores the need for manufacturers to be more proactive in identifying and addressing vulnerabilities in their products.
Published: Tue Mar 3 03:11:05 2026 by llama3.2 3B Q4_K_M
Gamers are furious after Cloud Imperium, a British games studio behind Star Citizen, quietly admitted to a data breach, sparking concerns over personal data exposure. The company's handling of the incident has been criticized by many in the gaming community, who feel that they should have received more detailed information about what went wrong and how the studio plans to prevent such incidents in the future.
Published: Tue Mar 3 03:21:57 2026 by llama3.2 3B Q4_K_M
A new high-severity vulnerability in an open-source Qualcomm component has been exploited in Android devices, raising concerns about the potential for widespread attacks. With a CVSS score of 7.8, this vulnerability could potentially grant malicious actors extensive access to device resources.
Published: Tue Mar 3 03:34:18 2026 by llama3.2 3B Q4_K_M
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
The threat actor SloppyLemming has been linked to a series of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh, using dual malware chains that include the BurrowShell backdoor and a Rust-based keylogger. This latest campaign marks an evolution in the threat actor's tooling, with the use of the Rust programming language representing a significant shift from traditional compiled languages.
Published: Tue Mar 3 03:47:14 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in Google's Gemini Live AI assistant integrated into Chrome has been discovered by researchers at Palo Alto Networks. This finding highlights the risks associated with overly permissive extension access and the potential for malicious actors to exploit these vulnerabilities for nefarious purposes. The vulnerability, tracked as CVE-2026-0628, was patched in early January 2026, but it is essential for users and developers to be aware of its existence to avoid similar exploits in the future.
Published: Tue Mar 3 03:55:36 2026 by llama3.2 3B Q4_K_M
Cloud Imperium Games has disclosed a significant data breach affecting users' personal information. The breach, which was discovered in January 2026, has raised concerns about the security of user data. With over 700 employees and five game studios under its umbrella, CIG has access to vast amounts of sensitive data. The company's response to the breach has been met with skepticism by some, who argue that a more transparent and proactive approach would have mitigated the damage. As the gaming industry continues to evolve, we can expect to see more data breaches like this in the future.
Published: Tue Mar 3 05:04:44 2026 by llama3.2 3B Q4_K_M
The University of Hawaii Cancer Center has suffered one of its most devastating data breaches in history, leaving nearly 1.2 million individuals' sensitive information compromised. A ransomware gang stole the UHCC's Epidemiology Division records, causing widespread concern among those affected.
Published: Tue Mar 3 05:13:30 2026 by llama3.2 3B Q4_K_M
The French health ministry has fallen victim to a significant data breach, with attackers stealing sensitive information pertaining to approximately 1.2 million individuals. The breach highlights the ongoing threat landscape in the cybersecurity realm and underscores the critical importance of robust cybersecurity measures and data sovereignty in protecting sensitive information.
Published: Tue Mar 3 05:29:24 2026 by llama3.2 3B Q4_K_M
As the situation in the Middle East continues to escalate, cybersecurity experts are warning UK businesses of the potential risks associated with indirect digital spillover. Organizations linked to the region through offices or supply chains are particularly vulnerable, and must take steps to bolster their security posture to mitigate this threat.
Published: Tue Mar 3 05:35:44 2026 by llama3.2 3B Q4_K_M
In Iran, journalists, activists, and ordinary citizens are fighting a desperate battle for information as the government tightens its grip on digital surveillance. With internet blackouts and restrictions in place, those trying to document what is happening on the ground face immense challenges. This story explores the human cost of Iran's digital surveillance machine and the lengths to which journalists will go to bring attention to the situation.
Published: Tue Mar 3 05:46:07 2026 by llama3.2 3B Q4_K_M
Microsoft has issued a warning about phishing campaigns that use OAuth redirect mechanisms to bypass conventional phishing defenses and deliver malware to government targets. The attackers are using manipulated parameters and associated malicious applications to redirect users to attacker-controlled landing pages, resulting in the download of malware on infected devices.
Published: Tue Mar 3 05:56:38 2026 by llama3.2 3B Q4_K_M
Android devices have been hit by an exploited Qualcomm flaw, identified as CVE-2026-21385. This vulnerability affects an open-source component used in various Android devices and can lead to memory corruption. To protect your device, ensure you stay up-to-date with the latest software updates and use a reputable antivirus app.
Published: Tue Mar 3 06:05:13 2026 by llama3.2 3B Q4_K_M
Google's Gemini Live AI panel has been compromised by a high-severity bug that exposes malicious extensions to system resources, providing unprecedented access to sensitive files, webcams, and microphones.
Published: Tue Mar 3 07:20:13 2026 by llama3.2 3B Q4_K_M
The Rise of AI-Powered Identity Dark Matter: How Model Context Protocol (MCP) Agents Threaten Enterprise Security
Summary:
A recent report by Citizen Lab highlights a critical vulnerability in the adoption of Model Context Protocol (MCP) agents, which are being used to automate various tasks across enterprises. As these AI-powered agents become increasingly ubiquitous, they pose significant risks to enterprise security due to their ability to bypass traditional identity management systems and exploit "dark matter" identities. This article delves into the world of MCP agents and explores the implications of their widespread adoption on enterprise security.
Published: Tue Mar 3 07:28:26 2026 by llama3.2 3B Q4_K_M
Starkiller Phishing Suite Utilizes AitM Reverse Proxy to Bypass Multi-Factor Authentication
New phishing suite leverages AitM reverse proxy technique to bypass even the most robust MFA protections, marking a significant development in evolving cyber threats.
Published: Tue Mar 3 07:40:42 2026 by llama3.2 3B Q4_K_M
OAuth phishing campaigns: a new layer of deception in cyber warfare.
A recent phishing campaign has been discovered that exploits OAuth redirections to bypass defenses and deliver malware to unsuspecting victims. Microsoft researchers have warned of the threat, highlighting the need for organizations to tightly govern OAuth applications and implement strong identity protection measures.
Published: Tue Mar 3 07:50:33 2026 by llama3.2 3B Q4_K_M
Perplexity's Comet browser has been found to have a significant security vulnerability that allows attackers to steal sensitive user data and gain unauthorized access to users' local file systems through calendar invitations. The discovery of this vulnerability highlights the importance of security awareness and the need for users to be vigilant when using AI-powered solutions like Comet browser.
Published: Tue Mar 3 09:15:55 2026 by llama3.2 3B Q4_K_M
Compromised cPanel credentials have become a hot commodity in cybercrime markets due to their versatility and ease of use. Organizations must take proactive measures to protect themselves against these types of threats by enabling MFA on all hosting control panel accounts, enforcing strong passwords, and restricting administrative access.
Published: Tue Mar 3 09:30:22 2026 by llama3.2 3B Q4_K_M
In this article, we delve into the details of the Coruna exploit kit, a malicious tool designed specifically for exploiting vulnerabilities in Apple's iOS operating system. With its unique features and capabilities, this tool poses a significant threat to user security, particularly those running vulnerable versions of iOS.
Discover how the Coruna exploit kit works, its components, and its potential use cases, including cryptocurrency theft and sensitive information exfiltration.
Read on for an in-depth look at this sophisticated exploitation tool and its implications for user security.
Published: Tue Mar 3 09:43:39 2026 by llama3.2 3B Q4_K_M
According to a new analysis of publicly announced law enforcement actions between 2021 and mid-2025, middle-aged adults are the primary culprits behind serious cybercrime, shattering the long-held notion that these crimes are perpetrated by teenagers. The study highlights significant shifts in the types of crime and age demographics involved, suggesting a more sophisticated and experience-driven approach to addressing this complex issue.
Published: Tue Mar 3 09:52:36 2026 by llama3.2 3B Q4_K_M
The cybersecurity landscape is constantly evolving, with new threats emerging every day. In order to stay ahead of these threats, security operations centers (SOCs) must be equipped with the right tools and personnel. One critical component of any SOC is Tier 1 analysts, who are responsible for processing high volumes of alerts and making quick decisions about whether or not they require further investigation. However, many Tier 1 analysts lack the necessary training, experience, and resources to perform their jobs effectively.
To address these issues, The Hacker News (THN) has outlined three steps for building a high-impact Tier 1:
1. Trustworthy Cybersecurity News Platform
2. Core Engine Room: Monitoring and Triage as Business-Critical Workflows
3. Intelligence as Oxygen: The Foundation of Tier 1 Effectiveness
By following these steps, organizations can build a high-impact Tier 1 that is capable of detecting and responding to security threats in real-time, improving the performance of the SOC and reducing business risk.
Published: Tue Mar 3 10:03:45 2026 by llama3.2 3B Q4_K_M
Recent research has highlighted the growing threat of AI-assisted cyber attacks, with a suspected Russian-speaking threat actor deploying an open-source AI-native security testing platform called CyberStrikeAI to execute attacks on Fortinet FortiGate appliances across 55 countries. The use of AI-powered tools like CyberStrikeAI is becoming increasingly common and poses a significant threat to global network security.
Published: Tue Mar 3 10:16:47 2026 by llama3.2 3B Q4_K_M
LexisNexis has confirmed that it suffered a significant data breach, resulting in the theft of approximately 2GB of customer and business information. The breach, which occurred on February 24, was caused by hackers exploiting an unpatched React frontend app hosted on AWS. This incident highlights the importance of proactive security measures and regular software updates to prevent such incidents from occurring.
Published: Tue Mar 3 11:24:01 2026 by llama3.2 3B Q4_K_M
The US military has officially acknowledged the key role that cyber operations played in its attacks on Iran, marking a new era of hybrid warfare. This shift marks a significant escalation of the profile of cyber operations and highlights the growing importance of non-kinetic effects in modern military conflicts.
Published: Tue Mar 3 12:42:48 2026 by llama3.2 3B Q4_K_M
Oracle EBS 2025 campaign impacts Madison Square Garden, exposing sensitive data from over 100 organizations worldwide, including the renowned multi-purpose indoor arena.
Published: Tue Mar 3 12:59:00 2026 by llama3.2 3B Q4_K_M
In a shocking revelation, a highly advanced iPhone hacking toolkit known as Coruna has emerged from the shadows, its origins shrouded in mystery but its impact undeniable. With capabilities rivaling those of the NSA's Operation Triangulation, Coruna poses a significant threat to global security, highlighting the need for greater accountability and oversight in the world of zero-day exploit brokers.
Published: Tue Mar 3 14:09:37 2026 by llama3.2 3B Q4_K_M
Ariomex, an Iran-based crypto exchange platform, has suffered a data leak exposing user and transaction data from 2022 to 2025. The leaked database contains sensitive information about end users, their transactions, and the context surrounding their operations, covering the period from 2022 to 2025. This incident highlights the importance of robust cybersecurity measures and the need for exchange platforms to prioritize the security of their customer support channels.
Published: Tue Mar 3 14:22:19 2026 by llama3.2 3B Q4_K_M
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers, ultimately spreading malware among government and public-sector organizations. Microsoft researchers have warned that these attacks use parameters such as scope or prompt=none to force silent error redirects, exploiting a vulnerability in the OAuth framework.
Published: Tue Mar 3 15:30:21 2026 by llama3.2 3B Q4_K_M
Data brokers are selling access to sensitive personal data captured during chatbot conversations, raising concerns about user privacy and security. A recent report highlights the potential risks of using free VPNs and other browser extensions that may be harvesting personal data, and calls for greater awareness and education among users. The industry's need for regulation and transparency has never been more pressing.
Published: Tue Mar 3 15:41:28 2026 by llama3.2 3B Q4_K_M
CISA has flagged a severe vulnerability in VMware Aria Operations, revealing that malicious actors have exploited this command injection flaw to access systems. The US Cybersecurity and Infrastructure Security Agency urges organizations using VMware Aria Operations to address the issue promptly and apply necessary security patches to prevent potential breaches.
Published: Tue Mar 3 17:52:09 2026 by llama3.2 3B Q4_K_M
AkzoNobel has confirmed that hackers breached its network at a U.S.-based site, compromising over 170GB of sensitive data. The leak, attributed to the Anubis ransomware gang, includes confidential agreements with prominent clients and internal technical specification sheets.
Published: Tue Mar 3 18:06:59 2026 by llama3.2 3B Q4_K_M
A $82K API Key Nightmare: The Great Gemini Heist - A developer's company has been left reeling after a stolen Google Gemini API key racked up massive usage costs over just 48 hours. With the incident highlighting the need for greater awareness about potential vulnerabilities in cloud-based services, it is essential that organizations take proactive steps to secure their API credentials.
Published: Tue Mar 3 18:20:27 2026 by llama3.2 3B Q4_K_M
A global outage has crippled Facebook, leaving millions of users unable to access their accounts. What triggered this widespread disruption, and what implications does it have for data security and social media platforms? Read more about the incident and its ongoing impact.
Published: Tue Mar 3 18:28:16 2026 by llama3.2 3B Q4_K_M
Gamers Unite: Cloud Imperium's Data Breach Exposed, Leaving Fans Fuming. British games studio Cloud Imperium has quietly admitted to a data breach that has left its fans reeling, with concerns about transparency and communication from the company on full display.
Published: Wed Mar 4 00:51:50 2026 by llama3.2 3B Q4_K_M
Cybersecurity Alert: Broadcom VMware Aria Operations Vulnerability Sparks Concern Over Remote Code Execution
A recently disclosed security flaw impacting Broadcom VMware Aria Operations has been added to the Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. This high-severity vulnerability poses significant risks for remote code execution and could be exploited by malicious actors. Federal agencies are required to apply patches by March 24, 2026. Organizations must prioritize timely patching, monitoring, and incident response measures to mitigate potential risks associated with this vulnerability.
Published: Wed Mar 4 01:07:00 2026 by llama3.2 3B Q4_K_M
A recent cyber attack has exposed sensitive personal information of over 1.2 million individuals at the University of Hawai ªi Cancer Center, highlighting the need for robust cybersecurity measures to protect sensitive data.
Published: Wed Mar 4 03:17:59 2026 by llama3.2 3B Q4_K_M
Recently discovered fake Laravel packages on Packagist have been found to deploy a remote access trojan (RAT) that can compromise Windows, macOS, and Linux systems. The malicious packages were found to contain PHP files that employ control flow obfuscation and encoded domain names to evade detection. This RAT allows an attacker to gain full remote access to infected hosts, putting the security of thousands of PHP-based applications at risk.
Published: Wed Mar 4 05:29:35 2026 by llama3.2 3B Q4_K_M
Recent additions to the Known Exploited Vulnerabilities (KEV) catalog highlight the growing threat landscape in the cybersecurity domain, emphasizing the need for organizations to prioritize cybersecurity and invest in robust defense mechanisms.
Published: Wed Mar 4 05:39:22 2026 by llama3.2 3B Q4_K_M
The Unseen Threat of Side-Channel Attacks: A Growing Concern for Cybersecurity
US lawmakers Senator Ron Wyden and Representative Shontel Brown are calling for an investigation into side-channel attacks, a threat that has been present in computer security for over 80 years. These types of attacks involve exploiting electromagnetic and acoustic emanations from devices to gather sensitive information about their users. The US government must now consider how to mitigate this threat against the public, including mandating device manufacturers add countermeasures to their products.
Published: Wed Mar 4 06:57:42 2026 by llama3.2 3B Q4_K_M
The rise of AI governance marks a new era for cybersecurity leaders, who must navigate the complex landscape of AI-powered threats and implement effective measures to secure this rapidly evolving technology. The release of a new RFP Guide provides a comprehensive framework for evaluating AI usage control solutions, helping organizations take a proactive step towards securing their AI and protecting themselves against the growing threat of AI-powered attacks.
Published: Wed Mar 4 07:18:07 2026 by llama3.2 3B Q4_K_M
APT41's Silver Dragon Expands: Phishing, Google Drive C2, and Cobalt Strike
The threat landscape continues to evolve at a rapid pace, with new attack vectors and tactics emerging daily. In recent months, researchers have been tracking the activities of an APT group known as Silver Dragon, which has been linked to the China-linked APT41. This article will delve into the world of Silver Dragon, exploring how they expand their playbook, using phishing, Google Drive-based command-and-control (C2), and Cobalt Strike.
Published: Wed Mar 4 07:31:18 2026 by llama3.2 3B Q4_K_M
Coruna iPhone Exploit Kit: A Web of Suspicions Surrounding its Origins
Published: Wed Mar 4 08:41:24 2026 by llama3.2 3B Q4_K_M
A new and powerful exploit kit dubbed Coruna (aka CryptoWaters) has been identified, specifically targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The Coruna exploit kit features five full iOS exploit chains and a total of 23 exploits, making it one of the most significant examples of sophisticated spyware-grade capabilities proliferating from commercial surveillance vendors into the hands of nation-state actors and ultimately mass-scale criminal operations.
Published: Wed Mar 4 08:59:46 2026 by llama3.2 3B Q4_K_M
The University of Mississippi Medical Center has overcome a ransomware attack that crippled its IT systems and disrupted patient care services. Nine days after the cyberattack took hold, the medical center's clinics have resumed normal operations, leaving behind a trail of disruption and uncertainty for patients and staff alike.
Published: Wed Mar 4 10:09:17 2026 by llama3.2 3B Q4_K_M
A recent incident involving a brute-force attack on an exposed RDP server reveals the intricate web of deceit that cybercriminals use to operate at scale. The story highlights the importance of vigilance and continuous monitoring in preventing successful attacks.
Published: Wed Mar 4 10:22:43 2026 by llama3.2 3B Q4_K_M
LexisNexis Legal & Professional has confirmed a data breach that affected its customer records, with the cybercrime crew Fulcrumsec claiming responsibility for the hack. The incident reveals the scope of impact on customer information and highlights the importance of cybersecurity for organizations handling sensitive data.
Published: Wed Mar 4 10:32:23 2026 by llama3.2 3B Q4_K_M
LastPass has issued an urgent warning to its users about a sophisticated phishing campaign aimed at stealing master passwords by impersonating the company using display name spoofing techniques. The attack uses fake security alerts and links to collect users' credentials, emphasizing the importance of cybersecurity awareness and education.
Published: Wed Mar 4 10:42:46 2026 by llama3.2 3B Q4_K_M
The FBI has seized the LeakBase cybercrime forum, marking a significant victory in the ongoing battle against cybercrime. This operation highlights the importance of international cooperation and collaboration in combating transnational threats.
Published: Wed Mar 4 11:51:19 2026 by llama3.2 3B Q4_K_M
Europol-coordinated Action Disrupts Tycoon2FA Phishing Platform, Bringing an End to Tens of Millions of Phishing Messages
A global effort by Europol has resulted in the disruption of a notorious phishing-as-a-service (PhaaS) platform known as Tycoon2FA. The operation, carried out in collaboration with major technology companies and law enforcement agencies from several countries, had the effect of halting tens of millions of phishing messages each month.
Published: Wed Mar 4 12:03:59 2026 by llama3.2 3B Q4_K_M
A surge in hacktivist activity has been reported, with several groups claiming responsibility for breaching military networks, including Israel's Iron Dome missile defense system. The latest wave of attacks, which began after the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion, has left cybersecurity experts on high alert.
The hackers, who are believed to be primarily pro-Russian and pro-Iranian in nature, have been using a variety of tactics, including distributed denial-of-service (DDoS) attacks, data breaches, and malware. The attacks, which have targeted over 110 organizations across 16 countries, have caused significant disruption to critical infrastructure, including energy networks, government entities, and financial services.
The rise of hacktivist activity in recent days has been attributed to several factors, including the ongoing conflict in the Middle East and the increasing sophistication of these groups' tactics. The use of DDoS attacks, data breaches, and malware has made it increasingly difficult for organizations to defend themselves against these types of threats.
In response to this growing threat, cybersecurity experts are urging organizations to take immediate action to protect themselves. This includes activating continuous monitoring, updating threat intelligence signatures, reducing external attack surface, conducting comprehensive exposure reviews of connected assets, validating proper segmentation between information technology and operational technology networks, and ensuring proper isolation of IoT devices.
The consequences of inaction can be severe, with significant disruptions to critical infrastructure, data breaches, and even physical harm to individuals. As the global cyber threat landscape continues to expand, it is essential that organizations take a proactive approach to protecting themselves against these types of threats.
Published: Wed Mar 4 12:30:21 2026 by llama3.2 3B Q4_K_M
A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. The Coruna kit contains five full iOS exploit chains leveraging non-public techniques and mitigation bypasses for iOS versions 13.0 through 17.2.1 (released in December 2023). Researchers from Google Threat Intelligence Group observed activity related to the Coruna exploit kit in February 2025, when they obtained a JavaScript delivery framework along with an exploit for CVE-2024-23222, a WebKit vulnerability that enables remote code execution on iOS 17.2.1.
Published: Wed Mar 4 13:41:14 2026 by llama3.2 3B Q4_K_M
Hacker Mass-Mails HungerRush Extortion Emails to Restaurant Patrons
A threat actor sent mass emails to HungerRush customers claiming that restaurant and customer data could be exposed unless the company responded to their demands. The emails used Twilio SendGrid, which passed authentication checks for the hungerrush.com domain. It is unclear if these stolen credentials are linked to the claimed breach at HungerRush or if they were used to send out the extortion emails.
Published: Wed Mar 4 13:48:53 2026 by llama3.2 3B Q4_K_M
A zero-click vulnerability has been discovered in the widely used helpdesk platform, FreeScout. This article delves into the details of this vulnerability, its severity, and the steps that organizations can take to protect themselves against potential attacks.
Published: Wed Mar 4 16:15:18 2026 by llama3.2 3B Q4_K_M
In an effort to reduce Mean Time to Remediate (MTTR), organizations must adopt a nuanced approach to automation and orchestration in their remediation processes. By understanding when to use each, security teams can create a streamlined process that reduces risk and shortens MTTR. Learn more about the distinction between automation and orchestration and how to implement an effective remediation structure.
Published: Wed Mar 4 16:23:38 2026 by llama3.2 3B Q4_K_M
Bitwarden has added support for passkey login on Windows 11, marking a significant shift towards phishing-resistant authentication. This new feature enhances user security by eliminating the need for password entry during the login process.
Published: Wed Mar 4 17:43:33 2026 by llama3.2 3B Q4_K_M
Cisco has issued a high-priority security advisory to address two critical vulnerabilities in its Secure Firewall Management Center (FMC) software, which could allow attackers to gain root access to managed firewalls. The vulnerabilities have been rated at 10.0 on the Common Vulnerability Scoring System (CVSS), indicating that they are highly critical and could have significant consequences for organizations that use Cisco FMC software.
Published: Wed Mar 4 17:52:22 2026 by llama3.2 3B Q4_K_M
Iran is ramping up its cyber warfare efforts, targeting surveillance cameras across Israel and other Middle Eastern countries with a series of sophisticated hacking attempts. The attack infrastructure used by Iranian hackers is believed to be a combination of commercial VPN exit nodes and virtual private servers. As a result, defenders are advised to take additional measures to secure their systems, such as isolating cameras on a dedicated VLAN with no lateral access to corporate or operational technology networks, and monitoring for repeated login failures or unexpected remote logins.
Published: Wed Mar 4 21:18:02 2026 by llama3.2 3B Q4_K_M
Europol has led an operation to dismantle a notorious phishing-as-a-service (PhaaS) toolkit known as Tycoon 2FA, which was used by thousands of cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale. The kit, described by Europol as one of the largest phishing operations worldwide, has been taken down in conjunction with a coalition of law enforcement agencies and security companies. Learn more about the impact of Tycoon 2FA on enterprises and the measures being taken to combat such threats.
Published: Thu Mar 5 01:30:36 2026 by llama3.2 3B Q4_K_M
The FBI and Europol have successfully dismantled LeakBase, a major dark web forum used to trade stolen credentials, dealing a significant blow to global cybercrime networks. This joint operation is seen as a major victory in the fight against cybercrime.
Published: Thu Mar 5 01:42:24 2026 by llama3.2 3B Q4_K_M
The Phobos Ransomware Administrator's Guilty Plea: A Delicate Web of Wire Fraud and Cybercrime
In a recent development, Evgenii Ptitsyn, a 43-year-old Russian national, has pleaded guilty to wire fraud conspiracy charges related to his role in administering the Phobos ransomware operation. The case highlights the cunning nature of this notorious cybercrime entity and serves as an important victory for law enforcement agencies worldwide who have been working tirelessly to dismantle the operation.
Published: Thu Mar 5 03:45:59 2026 by llama3.2 3B Q4_K_M
Google has uncovered a powerful new iOS exploit kit called Coruna that targets Apple iPhones running iOS 13–17.2.1 versions, but not the latest iOS release. The Coruna Exploit Kit includes five full exploit chains and 23 exploits, making it one of the most comprehensive and sophisticated iOS exploits ever discovered.
Published: Thu Mar 5 03:54:31 2026 by llama3.2 3B Q4_K_M
Cisco has identified two new security flaws in its Catalyst SD-WAN Manager software that have been actively exploited by remote attackers. Administrators are advised to upgrade their devices to the latest software releases as soon as possible to remediate these vulnerabilities.
Published: Thu Mar 5 05:03:41 2026 by llama3.2 3B Q4_K_M
A new Russian cyber campaign has been discovered utilizing two previously undocumented malware families named BadPaw and MeowMeow to compromise Ukrainian entities. The attack, attributed to the state-sponsored threat actor APT28, highlights the ongoing evolution of cyber threats and the need for robust cybersecurity measures to protect against them.
Published: Thu Mar 5 05:23:42 2026 by llama3.2 3B Q4_K_M
In a significant operation led by Europol, authorities from 14 countries dismantled the notorious LeakBase cybercrime forum, bringing down a platform used to trade hacking tools and stolen data. The FBI played a key role in the takedown, which highlights the importance of international collaboration in combating cybercrime.
Published: Thu Mar 5 05:34:51 2026 by llama3.2 3B Q4_K_M
Anthropic, a US-based artificial intelligence startup, is engaged in a last-ditch effort to salvage its deal with the Pentagon after being designated a "supply chain risk" due to concerns over national security risks. The controversy surrounding the company's relationship with the DoD has far-reaching implications for the AI industry as a whole.
Published: Thu Mar 5 06:41:58 2026 by llama3.2 3B Q4_K_M
A sophisticated online gambling ring that exploited war-displaced Ukrainian women has been dismantled by Spanish and Ukrainian law enforcement authorities, in collaboration with Europol. The operation, which utilized stolen identities from over 5,000 citizens across 17 different nationalities, generated an estimated 4,750,000 euros in illicit profits. This stark reminder of the ever-present threat of cybercrime highlights the need for continued vigilance and proactive efforts to combat these nefarious activities.
Published: Thu Mar 5 06:53:04 2026 by llama3.2 3B Q4_K_M
Iran-based threat actors have been linked to a sophisticated malware campaign targeting Iraqi officials. The Dust Specter campaign utilizes never-before-seen malware dubbed SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM to impersonate Iraq's Ministry of Foreign Affairs and exfiltrate sensitive data from compromised systems. The use of generative AI tools in the development of this malware suggests a significant escalation in the sophistication of Iranian hacking groups.
Published: Thu Mar 5 07:13:24 2026 by llama3.2 3B Q4_K_M
The current state of Windows security highlights a critical vulnerability that has been overlooked by many organizations: where multi-factor authentication (MFA) stops and credential abuse starts. This article delves into the intricate world of Windows authentication paths, revealing seven key vulnerabilities that attackers exploit to gain unauthorized access to systems.
Published: Thu Mar 5 07:20:42 2026 by llama3.2 3B Q4_K_M
A sophisticated Russian APT actor has been uncovered targeting Ukrainian entities with new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive, which launches an HTA file displaying a lure document written in Ukrainian concerning border crossing appeals. This initial step is followed by the download of BadPaw, a .NET-based loader that establishes command-and-control (C2) communication with a remote server. Researchers attribute the campaign with high confidence to a Russia-linked cyberespionage group, while attributing it with moderate confidence to the threat actor APT28.
Published: Thu Mar 5 09:40:10 2026 by llama3.2 3B Q4_K_M
Google's Zero-Day Vulnerability Report reveals 90 active exploits in attacks last year, with a significant increase in enterprise targets. Learn more about the growing threat of zero-day exploitation and how organizations can protect themselves.
Published: Thu Mar 5 11:13:59 2026 by llama3.2 3B Q4_K_M
The 2026 State of Browser Security Report reveals a shocking truth about the enterprise's most critical blind spot: its browser security. As AI-native browsers and embedded copilots become increasingly mainstream, the report highlights the dangers of adopting a "one-size-fits-all" approach to security, where traditional controls are often ineffective against modern threats.
Published: Thu Mar 5 11:23:27 2026 by llama3.2 3B Q4_K_M
The 2025 zero-day exploitation report paints a dire picture of the cybersecurity landscape, with big tech companies being the prime targets for malicious actors. As threat actors continue to adapt and innovate, defenders must do the same to stay ahead of the curve. With robust defensive measures in place, we can mitigate the risks associated with zero-day exploits and ensure a safer online environment for all.
Published: Thu Mar 5 11:36:42 2026 by llama3.2 3B Q4_K_M
Prime Video's hit series "The Boys" is coming to an end with its final season. With the showrunner expressing concerns about becoming the thing they've been satirizing for five years, fans are left wondering what this will mean for the future of the franchise.
Published: Thu Mar 5 11:45:51 2026 by llama3.2 3B Q4_K_M
Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild, highlighting the importance of keeping software up-to-date and applying patches in a timely manner. To learn more about this vulnerability and how to protect against it, please read our latest article on The Hacker News.
Published: Thu Mar 5 11:58:38 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in the User Registration & Membership plugin, which is widely used across over 60,000 WordPress sites. The vulnerability can be exploited by hackers to create administrator accounts without authentication, posing a significant risk to websites that rely on user registration and membership features.
Published: Thu Mar 5 13:10:48 2026 by llama3.2 3B Q4_K_M
An Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies' networks - including a bank, software firm, and airport - since the beginning of February, according to security researchers. The attackers used custom-made backdoors and Rclone to gain unauthorized access to the compromised networks.
Published: Thu Mar 5 13:42:04 2026 by llama3.2 3B Q4_K_M
Phobos Ransomware Admin Faces Up to 20 Years After Guilty Plea: A Closer Look at the Phosphorus-Infused Cybercrime Scheme. Russian national Evgenii Ptitsyn has pleaded guilty in the United States to his role in the Phobos ransomware operation, carrying a maximum penalty of 20 years in prison for wire fraud count.
Published: Thu Mar 5 13:51:18 2026 by llama3.2 3B Q4_K_M
| Follow @EthHackingNews |