Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by…
Google Drive Expands AI Ransomware Detection, File Recovery to More Users
Google expands Drive ransomware detection and file recovery with its latest AI model, which detects 14 times more infections as the features move beyond beta. The post Google Drive Expands AI Ransomware Detection, File Recovery to More Users appeared first…
DeepLoad Malware Found Stealing Browser Data Using ClickFix
A contemporary cyber campaign is using a deceptive method known as ClickFix to distribute a previously undocumented malware loader called DeepLoad, raising fresh concerns about newly engineered attack techniques. Researchers from ReliaQuest report that the malware is designed with…
The US Military’s GPS Software Is an $8 Billion Mess
The GPS Next-Generation Operational Control System was due for completion in 2016. Ten years later, the software for controlling the military’s GPS satellites still doesn’t work. This article has been indexed from Security Latest Read the original article: The US…
North Korean hackers blamed for hijacking popular Axios open-source project to spread malware
A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack. This article has been indexed from Security News | TechCrunch Read the original article: North Korean hackers blamed for…
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions The post Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Axios…
2026 SANS Identity Threats Report: Why Attacks Still Work
SANS findings highlight the real issue, compromised credentials enable access long before traditional security controls detect a problem. The post 2026 SANS Identity Threats Report: Why Attacks Still Work appeared first on Security Boulevard. This article has been indexed from…
Delve Faces Allegations of Fake Compliance Reports and Security Gaps Amid Customer Backlash
A whistleblower-style article on Substack has thrust Delve into scrutiny, alleging it misrepresented its alignment with key privacy frameworks like GDPR and HIPAA. Though unverified, the claims suggest numerous clients were led to believe they met regulatory requirements when…
VRP 2025 Year in Review
Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team 2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉! Originally started in 2010, our vulnerability reward…
WhatsApp malware campaign delivers VBScript and MSI backdoors
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and cloud-hosted payloads to install MSI backdoors and maintain persistent access to compromised systems. The post WhatsApp malware…
Applying security fundamentals to AI: Practical advice for CISOs
Read actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered environment. The post Applying security fundamentals to AI: Practical advice for CISOs appeared first on Microsoft Security Blog. This article has been…
The threat to critical infrastructure has changed. Has your readiness?
Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now. The post The threat to critical infrastructure has changed. Has your readiness? appeared first on Microsoft…
Pondurance MDR Essentials uses autonomous SOC to tackle AI-driven attacks
Pondurance announced MDR Essentials, MDR Essentials, an MDR service providing an autonomous SOC that reduces the time from threat detection to containment by 90%. Threat actors today use AI to attack at machine-speed, making it difficult for traditional cybersecurity solutions…
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS…
PX4 Autopilot
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. The following versions of PX4 Autopilot are affected: Autopilot v1.16.0_SITL_latest_stable (CVE-2026-1579) CVSS Vendor Equipment…
Anritsu Remote Spectrum Monitor
View CSAF Summary Successful exploitation of this vulnerability could allow attackers with network access to alter operational settings, obtain sensitive signal data, or disrupt device availability. The following versions of Anritsu Remote Spectrum Monitor are affected: Remote Spectrum Monitor MS27100A…
Amazon sends AI agents into pen testing and DevOps
Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changing the way we secure and operate software. AWS Security Agent compresses penetration testing timelines from 2-6 weeks to…
AWS Security Agent on-demand penetration testing now generally available
AWS Security Agent on-demand penetration testing is now generally available, enabling you to run comprehensive security tests across all your applications, not only your most critical ones. This milestone transforms penetration testing from a periodic bottleneck into an on-demand capability…
Iran actors’ claims raise questions about larger cyber threat to US, allies
Questions are being raised about the veracity and tactics of Iran-linked actors, amid claims that a large trove of Lockheed Martin data is on the market. This article has been indexed from Cybersecurity Dive – Latest News Read the original…
Hacker hijacks Axios open-source project, used by millions, to push malware
A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack. This article has been indexed from Security News | TechCrunch Read the original article: Hacker hijacks Axios open-source project,…
The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust
Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. The post The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust appeared first on SecurityWeek. This article has been indexed…
Censys Raises $70 Million for Internet Intelligence Platform
The latest funding round brings the total venture capital investment in Censys to $149 million. The post Censys Raises $70 Million for Internet Intelligence Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
IT Security News Hourly Summary 2026-03-31 18h : 14 posts
14 posts were published in the last hour 16:4 : Latest Xloader Obfuscation Methods and Network Protocol 15:36 : Hackers Weaponize Legitimate Windows Tools to Disable Antivirus Before Ransomware Attacks 15:36 : Stolen Logins Are Fueling Everything From Ransomware to…
Beyond the Spectacle – RSAC 2026 and The 5 Layers of AI Security – FireTail Blog
Mar 31, 2026 – Jeremy Snyder – If you were at RSA Conference last year, you probably remember the goats. Or the puppies. Or the miniature petting zoos. It was a year of “over-the-top” spectacle. A bit of a circus,…