A newly discovered critical vulnerability in Nginx UI allows unauthenticated attackers to download and decrypt full system backups. Tracked as CVE-2026-27944, this flaw is categorized as CWE-306 and CWE-311, carrying a maximum CVSS score of 9.8. It affects all versions…
IT Security News Hourly Summary 2026-03-09 15h : 17 posts
17 posts were published in the last hour 14:5 : UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source 13:34 : Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets 13:34 : Why AI Security Is Emerging as…
ClipXDaemon Emerges as C2-Less Linux Clipboard Hijacker, Targeting Crypto Wallets in X11 Sessions
A newly discovered Linux malware named ClipXDaemon has emerged as a direct financial threat to cryptocurrency users in X11-based desktop environments. Unlike conventional malware that depends on command-and-control (C2) servers for instructions, ClipXDaemon operates entirely on its own — silently…
UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source
New UK Online Crime Centre will combine expertise from a range of sources to takedown online channels cyber-scammers rely on This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Launches New Crackdown Unit to Tackle Cyber-Fraud at…
Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets
Hackers are abusing a fake CleanMyMac download page to infect macOS users with SHub Stealer. This powerful infostealer drains crypto wallets and hijacks sensitive data. Instead of offering a standard installer, the page shows an “advanced” installation step telling users to…
Why AI Security Is Emerging as the Fourth Pillar of Cybersecurity
For decades, cybersecurity strategy has been built around three familiar pillars: endpoint security, network security, and cloud security. These domains have shaped how security teams are organised, where budgets are allocated, and how risks are understood across the enterprise. Each…
Quiz sites trick users into enabling unwanted browser notifications
The quiz is just bait. The real goal is to win permission to send browser notifications that can later be used for ads, scams, or shady promotions. This article has been indexed from Malwarebytes Read the original article: Quiz sites…
Fake Claude Code install pages hit Windows and Mac users with infostealers
Researchers uncovered fake Claude Code install pages spreading infostealers that steal passwords and browser sessions. This article has been indexed from Malwarebytes Read the original article: Fake Claude Code install pages hit Windows and Mac users with infostealers
Dutch cops warn 100 alleged scammers: Turn yourselves in or we tell Grandma
Two-week deadline to fraudsters to fess up or have their faces plastered across every screen in the country Dutch national police are taking a novel stand against scammers – 100 suspects now have less than two weeks to hand themselves…
Secure agentic AI for your Frontier Transformation
Learn how Microsoft Agent 365 and Microsoft 365 E7 can help secure your Frontier Transformation. The post Secure agentic AI for your Frontier Transformation appeared first on Microsoft Security Blog. This article has been indexed from Microsoft Security Blog Read…
AI Security Startups Dominate New Cyber Innovation Awards
Over one in five winners of IT-Harvest’s 2026 Cyber 150 are AI security companies This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Security Startups Dominate New Cyber Innovation Awards
Russian cybercrims phish their way into officials’ Signal and WhatsApp accounts
Dutch spies flag large-scale campaign to hijack secure messaging accounts Russian-linked hackers are trying to break into the Signal and WhatsApp accounts of government officials, journalists, and military personnel globally – not by cracking encryption, but by simply tricking people…
ClickFix Attack Uses Windows Terminal to Evade Detection
Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. The post ClickFix Attack Uses Windows Terminal to Evade Detection appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
An AI-Powered Poly-Crisis Is Here, and It Is Rewriting Cyber Postures. Are You Breach Ready Yet?
Unless you have been living under a rock over the past few days, you would have seen that AI-powered adversaries are significantly altering how we view cyberattacks and breaches. We are no longer just fighting human adversaries; we are fighting…
iProov secures hiring, access, and recovery by verifying the human behind every login
iProov the iProov Workforce Solution Suite, designed to protect enterprises from deepfakes and other identity attacks while improving operational efficiency. It enables organizations to verify genuine human presence and stop attackers. The suite supports remote hiring and onboarding, shared device…
No more soft play, President Trump warns in new cyber strategy
The White House released “President Trump’s Cyber Strategy for America,” a policy framework outlining the administration’s priorities for maintaining U.S. leadership in cyberspace. The seven-page cyber strategy commits to a coordinated, government-wide response to cyber threats that extends beyond cyberspace…
Children’s Council SF Breach Probe
The Children’s Council of San Francisco recently experienced a significant cyberattack where unauthorized users infiltrated their network and accessed sensitive personal information. This article has been indexed from CyberMaterial Read the original article: Children’s Council SF Breach Probe
HungerRush Breach Exposes 28M Users
HungerRush, a cloud-based point-of-sale platform catering to pizza and fast-casual chains, is reportedly the victim of a significant data breach. This article has been indexed from CyberMaterial Read the original article: HungerRush Breach Exposes 28M Users
Russian Hackers Target Dutch Messaging
Dutch intelligence agencies warned on Monday that Russian state hackers are targeting Signal and WhatsApp accounts belonging to government officials, military staff, and journalists to bypass secure communications. This article has been indexed from CyberMaterial Read the original article: Russian…
Claude AI Finds 22 Firefox Bugs
Anthropic utilized the Claude Opus 4.6 AI model to identify 22 security vulnerabilities within the Firefox browser, many of which were categorized as high severity. This article has been indexed from CyberMaterial Read the original article: Claude AI Finds 22…
Banks Must Refund Phishing Victims
Athanasios Rantos, the Advocate General of the Court of Justice of the EU, has issued a legal opinion stating that banks should immediately refund victims of unauthorized transactions even if the customer’s negligence is suspected. This article has been indexed…
BoryptGrab Malware Abuses GitHub to Steal Browser and Crypto Wallet Data
A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular utilities. The malware focuses on stealing browser data, cryptocurrency wallet information, and system details, while…
Internet Infrastructure TLD .arpa Abused in Phishing Attacks
Abusing DNS record management controls, the threat actor hides the location of malicious content via Cloudflare. The post Internet Infrastructure TLD .arpa Abused in Phishing Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Chrome Extension Goes Rogue After Sale
Two Chrome extensions, QuickLens and ShotBird, recently transitioned to new ownership and were subsequently updated with malicious code. This article has been indexed from CyberMaterial Read the original article: Chrome Extension Goes Rogue After Sale