Starbucks disclosed a breach after phishing attacks on its employee portal led to unauthorized access to Partner Central accounts, exposing staff data. Starbucks reported a data breach affecting hundreds of employees after phishing attacks targeted its Partner Central employee portal.…
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
China’s National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source and self-hosted autonomous artificial intelligence (AI) agent. In a post shared on…
Meta to Discontinue End-to-End Encrypted Chats on Instagram Come May 2026
Meta Platforms has confirmed that it will remove support for end-to-end encrypted messaging in Instagram direct messages beginning May 8, 2026. After this date, conversations that previously relied on this encryption feature will no longer be protected by the…
IT Security News Hourly Summary 2026-03-14 18h : 1 posts
1 posts were published in the last hour 16:36 : Upcoming Speaking Engagements
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT on Thursday, March 19, 2026. I’m speaking at RSAC…
USENIX Security ’25 (Enigma Track) – Zombie Devices Are Running Amuck!
Presenter: Stacey Higginbotham, Consumer Reports Our thanks to USENIX Security ’25 (Enigma Track) (USENIX ’25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security ’25 (Enigma Track) (USENIX ’25 content on the Organizations’ YouTube Channel. Permalink The post USENIX…
Shadow AI Risks Rise as Employees Use Generative AI Tools at Work Without Oversight
With speed surprising even experts, artificial intelligence now appears routinely inside office software once limited to labs. Because uptake grows faster than oversight, companies care less about who uses AI and more about how safely it runs. Research referenced…
Debunking the Myth of “Military‑Grade” Encryption
Military-grade encryption sounds impressive, but in reality it is mostly a marketing phrase used by VPN providers to describe widely available, well‑tested encryption standards like AES‑256 rather than some secret military‑only technology. The term usually refers to the Advanced…
Chinese Threat Actors Attack Southeast Asian Military Targets via Malware
A China-based cyber espionage campaign is targeting Southeast Asian military targets. The state-sponsored campaign started in 2020. Palo Alto Networks Unit 42 has been tracking the campaign under the name CL-STA-1087. Here, CL means cluster, and STA means state-backed motivation. …
Researchers Investigate AI Models That Can Interpret Fragmented Cognitive Signals
Despite being among the most complex and least understood systems in science for decades, the human brain continues to be one of the most complex and least understood. Advancements in brain-imaging technology have enabled researchers to observe neural activity…
CISA Reveals New Details on RESURGE Malware Exploiting Ivanti Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published fresh technical insights into RESURGE, a malicious implant leveraged in zero-day attacks targeting Ivanti Connect Secure appliances through the vulnerability tracked as CVE-2025-0282. The latest advisory highlights the implant’s…
IT Security News Hourly Summary 2026-03-14 15h : 1 posts
1 posts were published in the last hour 14:2 : GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a “significant escalation” in how it propagates through the Open VSX registry. “Instead of requiring every malicious listing to embed the loader directly, the threat…
ShinyHunters Claims 1 Petabyte Data Theft from Telecom Giant Telus
ShinyHunters claims it stole up to 1 petabyte of data from Telus Digital, including support recordings, code, and employee records after a breach. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is…
A Hacker Accidentally Broke Into the FBI’s Epstein Files
Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more. This article has been indexed from Security Latest Read the original article: A Hacker…
Critical HPE AOS-CX Vulnerability Allows Admin Password Resets
The vulnerability can be exploited remotely, without authentication, to circumvent existing authentication controls. The post Critical HPE AOS-CX Vulnerability Allows Admin Password Resets appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Critical HPE…
Malicious npm Packages Posing as Solara Executor Target Discord, Browsers, and Crypto Wallets
JFrog security researchers Guy Korolevski and Meitar Palas uncovered a sophisticated supply chain attack on the npm ecosystem on March 12, 2026, in which threat actors disguised an information-stealing malware as a legitimate Roblox script executor. The campaign, self-named Cipher…
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing,…
GlassWorm Campaign Uses 72 Malicious Open VSX Extensions to Broaden Reach
In a major escalation of supply chain attacks, the GlassWorm malware campaign has evolved to infect developer environments using transitive dependencies. On March 13, 2026, the Socket Research Team reported identifying at least 72 new malicious Open VSX extensions linked…
GlassWorm Spreads via 72 Malicious Open VSX Extensions Hidden in Transitive Dependencies
The GlassWorm malware campaign has evolved, significantly escalating its attacks on software developers. Instead of embedding malware directly into initial releases, the threat actors are now using transitive dependencies to sneak malicious code into developer environments. This stealthy approach allows…
Best 5 AI Pentesting Tools in 2026
Cyber threats are evolving at a pace that traditional security testing methods struggle to keep up with. Organizations today operate in highly complex digital environments with cloud platforms, APIs, microservices, and rapidly deployed applications. In such environments, manual security testing…
Authorities Crack Down on 45,000 Malicious IPs Powering Ransomware Attacks
In a massive international crackdown on cybercrime, law enforcement agencies from 72 countries have successfully dismantled over 45,000 malicious IP addresses and servers. Coordinated by INTERPOL, “Operation Synergia III” targeted the critical infrastructure behind devastating ransomware, malware, and phishing campaigns…
Critical LangSmith Account Takeover Vulnerability Puts Users at Risk
Miggo Security researchers have identified a critical vulnerability in LangSmith, tracked as CVE-2026-25750, that exposes users to potential token theft and complete account takeover. As a central hub for debugging and monitoring large language model data, LangSmith processes billions of…