IT Security News Daily Summary 2025-03-26

183 posts were published in the last hour

• 22:13 : What VirusTotal Missed — Discover with Unknown Cyber
• 22:13 : Enhancing cloud security in AI/ML: The little pickle story
• 21:34 : New ReaderUpdate malware variants target macOS users
• 21:34 : Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat
• 21:14 : Security expert Troy Hunt hit by phishing attack
• 21:14 : Mike Waltz Left His Venmo Friends List Public
• 21:14 : Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware
• 21:14 : Broadcom Extends Scope of VMware vDefend Cybersecurity Platform
• 20:34 : Production Line Cameras Vulnerabilities Let Attackers Stop The Recordings
• 20:34 : US defense contractor cops to sloppy security, settles after infosec lead blows whistle
• 20:5 : IT Security News Hourly Summary 2025-03-26 21h : 14 posts
• 20:3 : Napster Sold And Will Return As Interactive Streaming Service
• 20:3 : SignalGate Isn’t About Signal
• 20:2 : CISA Adds Two Known Exploited Vulnerabilities to Catalog
• 20:2 : A New Tool to Detect Cellular Spying | EFFector 37.3
• 20:2 : OpenAI Offering $100K Bounties for Critical Vulnerabilities
• 20:2 : Winter 2024 SOC 1 report is now available with 183 services in scope
• 19:38 : Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats
• 19:38 : 2025-03-26: SmartApeSG traffic for fake browser update leads to NetSupport RAT and StealC
• 19:38 : BSidesLV24 – IATC – Difficult Conversations
• 19:38 : Effectively implementing resource control policies in a multi-account environment
• 19:12 : UK Proposes To Allow Satellites To Resolve UK Mobile Not-Spots
• 19:12 : Benefits and challenges of zero standing privileges
• 19:12 : SignalGate Isn’t About Signal
• 19:12 : How to Delete Your 23andMe Data
• 18:32 : Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication
• 18:32 : Has GetReal cracked the code on AI deepfakes? $18M and an impressive client list say yes
• 18:32 : Leaked data exposes a Chinese AI censorship machine
• 18:32 : CVE-2024-9956: Critical WebAuthentication Vulnerability in Google Chrome on Android
• 18:32 : Titan Security Keys now available in more countries
• 18:12 : Security Silos Are Failing: Why CTEM Is Key to Smarter Cyber Defense
• 18:12 : New npm Malware Attack Infects Popular Ethereum Library with Backdoor
• 18:12 : 5 best Linux distros for staying anonymous – when a VPN isn’t enough
• 18:12 : New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
• 18:12 : SectopRAT as Weaponized Cloudflare Turnstile Challenge Attacks Windows Users
• 17:39 : Why Healthcare Executives Should Prioritize Security Compliance
• 17:39 : Waymo Confirms Washington DC Robotaxi Plan For 2026
• 17:38 : Pakistan APT Hackers Weaponize malicious IndiaPost Site to Target Windows and Android Users
• 17:38 : B1ack’s Stash Marketplace Actors Set to Release 4 Million Stolen Credit Card Records for Free
• 17:38 : Hackers Exploit COM Objects for Fileless Malware and Lateral Movement
• 17:38 : Threat Actors Use “Atlantis AIO” Tool to Automate Credential Stuffing Attacks
• 17:38 : Files stolen from NSW court system, including restraining orders for violence
• 17:38 : What is a web application firewall (WAF)? WAF explained
• 17:38 : Making a case for the cybersecurity data fabric
• 17:38 : Introducing the Mend.io Value Dashboard: Measure and Showcase Your Security Impact
• 17:5 : IT Security News Hourly Summary 2025-03-26 18h : 18 posts
• 17:4 : Next.js Middleware Flaw Lets Attackers Bypass Authorization
• 17:4 : New IOCONTROL Malware Let Attackers Control Critical Infrastructure & Gain Remote Access
• 17:4 : YouTube Creators Under Attack via Brand Collaborators Requests Using Clickflix Technique
• 17:4 : Top 3 Cyber Attacks In March 2025
• 17:4 : AI Technology is Helping Criminal Groups Grow Stronger in Europe, Europol Warns
• 16:38 : Third-Party Data Breaches: The Hidden Threat Lurking in Vendor Networks
• 16:38 : Has GetReal cracked the code on AI deepfakes? $18M and an impressive client list says yes
• 16:38 : Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
• 16:38 : SecurityScorecard Observes Surge in Third-Party Breaches
• 16:38 : Effectively implementing resource controls policies in a multi-account environment
• 16:7 : Inaba Denki Sangyo CHOCO TEI WATCHER mini
• 16:7 : 3 in 4 Enterprise Users Upload Data to GenAI Including Passwords and Keys
• 16:7 : New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload
• 16:6 : How AI is Fueling ATOs & Fake Account Creation—And Why Bot Detection Needs to Evolve
• 16:6 : BSidesLV24 – IATC – Hungry, Hungry Hackers
• 16:6 : Western Alliance Bank Data Breach Exposes Nearly 22,000 Customers’ Personal Information
• 16:6 : Roman Encryption Employed In Nearly 9K Phishing Attacks
• 16:6 : FBI Warns Against Free Online File Converters as Potential Cybersecurity Threats
• 15:39 : The Importance of Secure Data Management Tools in Higher Education (+ 6 Best-Value Tools for Universities)
• 15:38 : TikTok to take help of Microsoft or Google to banish data security concerns
• 15:38 : Tesla Europe Sales Plummet, As Owners Return EVs At Record Levels
• 15:38 : US Adds 50 Chinese Firms To AI, Chip Blacklist
• 15:38 : Groq and PlayAI just made voice AI sound way more human — here’s how
• 15:38 : Credible nerd says stop using atop, doesn’t say why, everyone panics
• 15:38 : BlackLock Ransomware Targeted by Cybersecurity Firm
• 15:38 : AMTSO Releases Sandbox Evaluation Framework
• 15:38 : Enemies with benefits: RansomHub and rival gangs share EDRKillShifter tool
• 15:9 : Generative AI In Business: Managing Risks in The Race for Innovation
• 15:9 : Don’t Respond to Ransomware Attackers With AI, Experts Say
• 15:9 : Island Banks $250M Series E for Enterprise Browser
• 15:9 : GitHub Action Security Breach Raises Concerns Over Supply Chain Risks
• 15:8 : Oscilar AI Agent improves risk analysis and fraud prevention
• 15:8 : China-linked FamousSparrow APT group resurfaces with enhanced capabilities
• 14:37 : Production Line Camera Flaws Allow Hackers to Disable Recordings
• 14:37 : Windows 11 24H2 Update Breaks Connection to the Veeam Backup Server
• 14:37 : North Korean Kimsuky Hackers New Tactics & Malicious Scripts in Latest Attacks
• 14:37 : Your Smart TV May Bring Down the Entire Network
• 14:37 : Operation ForumTroll – APT Hackers Exploit Google Chrome Zero-Day To Bypass Sandbox Protections
• 14:37 : CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access
• 14:36 : Hackers Use Atlantis AIO Tool to Automate Account Takeover Attacks
• 14:36 : Whitepaper: Voice of Security 2025
• 14:36 : DeRISK Quantified Vulnerability Management evaluates cyber risks using business-level metrics
• 14:36 : If you think you’re immune to phishing attempts, you’re wrong!
• 14:36 : Threat Actors Abuse Trust in Cloud Collaboration Platforms
• 14:11 : YouTube Creators Targeted by Weaponized Brand Deals Using ‘Clickflix’ Attack Tactic
• 14:11 : 6 Best Password Managers (2025), Tested and Reviewed
• 14:11 : Clevo Devices Boot Guard Private Key Exposed Via Firmware Update Packages
• 14:11 : 200 Unique Domains Used by Raspberry Robin Unveiled
• 14:11 : Cloudflare Attributes Recent Service Outage to Password Rotation Error
• 14:11 : Critical NetApp SnapCenter Server Vulnerability Let Attackers Become an Admin User
• 14:11 : CodeQLEAKED – Public Secrets Exposure Leads to Supply Chain Attack on GitHub CodeQL
• 14:11 : EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
• 14:5 : IT Security News Hourly Summary 2025-03-26 15h : 15 posts
• 13:37 : Emissions Transparency: Moving Toward a More Rigorous Verification
• 13:37 : Windows MMC Framework Zero-Day Exploited to Execute Malicious Code
• 13:37 : Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists
• 13:36 : Rethinking SAP Security Without Maintenance Contracts
• 13:36 : Malware found on npm infecting local package with reverse shell
• 13:36 : Concentric AI’s UBDA feature identifies unusual user activity
• 13:36 : Malicious npm Packages Deliver Sophisticated Reverse Shells
• 13:9 : CrushFTP Warns of HTTP(S) Port Vulnerability Enabling Unauthorized Access
• 13:9 : Transforming Security Management with AI Agents and Assistants
• 13:9 : New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest
• 13:9 : AI Agents and API Security: The Hidden Risks Lurking in Your Business Logic
• 13:9 : The UK’s National Cyber Security Centre Presents Timeline and Roadmap for PQC Migration
• 13:9 : Blumira introduces Microsoft 365 threat response feature
• 13:9 : Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience
• 13:9 : Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks
• 12:35 : Cloudflare Attributes Service Outage to Faulty Password Rotation
• 12:35 : Windows 11 24H2 Update Disrupts Connection to Veeam Backup Server
• 12:35 : Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras
• 12:9 : Signal App In Spotlight Amid Secret Chat Controversy Of US Officials
• 12:9 : New Chrome Installer Breaks With Error “This App can’t Run on your PC” on Windows 10 & 11
• 12:8 : DrayTek Routers Vulnerability Exploited in the Wild – Possibly Links to Reboot Loop
• 12:8 : macOS Users Warned of New Versions of ReaderUpdate Malware
• 11:36 : DeepSeek users targeted with fake sponsored Google ads that deliver malware
• 11:36 : Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware
• 11:36 : AI Data Poisoning
• 11:36 : ETSI Publishes New Quantum-Safe Encryption Standards
• 11:9 : Crypto Heist Suspect “Wiz” Arrested After $243 Million Theft
• 11:9 : New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit
• 11:9 : APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections
• 11:9 : The default TV setting you should turn off ASAP – and why you shouldn’t wait to do it
• 11:9 : How to Build a Mature Vulnerability Management Program
• 11:9 : Implementing Privileged Access Workstations: A Step-by-Step Guide
• 11:9 : NCSC taps influencers to make 2FA go viral
• 11:9 : Critical Next.js Vulnerability in Hacker Crosshairs
• 11:9 : Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
• 11:8 : How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More
• 11:5 : IT Security News Hourly Summary 2025-03-26 12h : 9 posts
• 10:34 : New Chrome Installer Fails on Windows 10 & 11 With “This app can’t run on your PC” Error
• 10:34 : Security Firms Say Evidence Seems to Confirm Oracle Cloud Hack
• 10:34 : AI vs. Cybercriminals: Who Wins the Race in Next-Gen Threat Detection?
• 10:34 : ENISA Probes Space Threat Landscape in New Report
• 10:12 : Raspberry Robin Unveils 200 Unique Domains Used by Threat Actors
• 10:11 : Critical NetApp SnapCenter Server Vulnerability Allows Attackers to Gain Admin Access
• 10:11 : North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
• 10:11 : New IOCONTROL Malware Attacking Critical Infrastructure to Gain Remote Access and Control
• 10:11 : FBI Issues new alert over phishing SMS scam targeting highway toll customers
• 9:35 : Clevo Devices Vulnerable as Boot Guard Private Key Leaks via Firmware Updates
• 9:34 : Chainguard VMs reduces risk and engineering complexity
• 9:34 : Sumsub launches Reusable Digital Identity product suite
• 9:34 : Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms
• 9:34 : UK Government’s New Fraud Strategy to Focus on Tech-Enabled Threats
• 9:8 : BrowserStack Private Devices helps organizations comply with stringent security requirements
• 8:34 : Safeguarding Data for the Quantum Era
• 8:34 : DrayTek Router Vulnerability Exploited in the Wild – Linked to Reboot Loop Issue
• 8:34 : Google fixed the first actively exploited Chrome zero-day since the start of the year
• 8:34 : New Windows 0-Day Vulnerability Let Remote Attackers Steal NTLM Credentials – Unofficial Patch
• 8:34 : CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS
• 8:34 : Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code
• 8:34 : Cyberhaven enhances Linea AI platform to improve data security
• 8:5 : IT Security News Hourly Summary 2025-03-26 09h : 3 posts
• 8:4 : Quantum-Proofing Enterprise Security: The Clock is Ticking
• 7:35 : Authentication bypass CVE-2025-22230 impacts VMware Windows Tools
• 7:35 : EncryptHub exploit, Copilot agents, PETs in government
• 7:4 : AI Datasets Reveal Human Values Blind Spots
• 7:4 : Google Chrome Zero-day Vulnerability Exploited by Hackers in the Wild
• 7:4 : Oracle Denies Hack Despite Hacker’s Evidence: Cyber Security Today for March 26, 2025
• 6:32 : Malaysia PM says NO to $10m demand of ransomware gang
• 6:32 : Motivations for Hackers to launch Cyber Attacks
• 6:31 : Appsmith Developer Tool Vulnerability Exposes Systems to Remote Code Execution
• 6:11 : Google Chrome Zero-Day Vulnerability Actively Exploited in the Wild
• 6:11 : Malwoverview: First response tool for threat hunting
• 6:11 : A CISO’s guide to securing AI models
• 5:31 : CISA Highlights Four ICS Flaws Being Actively Exploited
• 5:31 : How does your data end up on the dark web?
• 5:13 : New Windows Zero-Day Vulnerability Exposes NTLM Credentials – Unofficial Patch Available
• 5:13 : New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
• 5:13 : Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
• 2:11 : ISC Stormcast For Wednesday, March 26th, 2025 https://isc.sans.edu/podcastdetail/9380, (Wed, Mar 26th)
• 2:5 : IT Security News Hourly Summary 2025-03-26 03h : 1 posts
• 1:34 : War Plan Chat Includes Journalist
• 1:2 : Finally, an outdoor security camera with useful features and no monthly subscription fees
• 0:34 : [Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest, (Wed, Mar 26th)
• 23:7 : Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
• 23:5 : IT Security News Hourly Summary 2025-03-26 00h : 3 posts