Threat researchers with various vendors for the past year have been tracking the efforts of a bad actor dubbed GlassWorm known for dropping malicious extensions in code registries like npm, Open VSX, PyPI, and Microsoft’s Visual Studio Marketplace with the…
AI supply chain attacks don’t even require malware…just post poisoned documentation
A proof-of-concept attack on Context Hub suggests there’s not much content santization A new service that helps coding agents stay up to date on their API calls could be dialing in a massive supply chain vulnerability.… This article has been…
Mirai Malware Evolves into Hundreds of Variants Driving Botnet Growth
Mirai malware evolves into hundreds of variants, driving botnet growth, including Aisuru and KimWolf, powering large-scale attacks, and increasing risks to vulnerable IoT devices worldwide. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
Mirai-Based Botnets Evolve Into Massive DDoS and Proxy Abuse Threat
The internet has seen a sharp rise in botnet-driven threats over the past year, with much of the activity tracing back to one of the most influential malware families in modern history — Mirai. First discovered in 2016, Mirai was…
Open Directory Malware Campaign Uses Obfuscated VBS, PNG Loaders and RAT Payloads
A sophisticated multi-stage malware campaign has surfaced, deploying obfuscated Visual Basic Script (VBS) files, PNG-embedded loaders, and remote access trojans (RATs) to target systems without leaving a trace on disk. What began as a routine endpoint detection in early 2026…
China-Linked Hackers Breach Southeast Asian Military Systems in Long-Running Spy Campaign
A sophisticated and long-running cyber espionage campaign, tracked as CL-STA-1087, has been quietly targeting military organizations across Southeast Asia since at least 2020. The operation, assessed with moderate confidence to be linked to a China-aligned threat actor, focuses on collecting strategic…
Scammers have virtual smartphones on speed dial for fraud
They cleverly mimic most traits of a real phone Smartphones have fast become the basis of our digital identities, securing payment systems and bank accounts. Now virtual devices that pretend to be real handsets have become a key tool for…
IT Security News Hourly Summary 2026-03-25 21h : 7 posts
7 posts were published in the last hour 20:3 : Jen Easterly, cybersecurity’s ‘relentless optimist,’ hopes feds come back to RSAC next year 20:3 : BSidesSLC 2025 – LLM-Powered Network Intrusion Detection 20:2 : When Your Scanner Becomes the Weapon:…
Jen Easterly, cybersecurity’s ‘relentless optimist,’ hopes feds come back to RSAC next year
Ex-CISA boss also says no reason to panic about AI and security RSAC 2026 “Everybody feels massive FOMO if they don’t get to RSAC,” Jen Easterly says.… This article has been indexed from The Register – Security Read the original…
BSidesSLC 2025 – LLM-Powered Network Intrusion Detection
Author, Creator & Presenter: -Taeyang Kim – Machine Learning Engineer at Pattern Inc. Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink The post BSidesSLC 2025 – LLM-Powered…
When Your Scanner Becomes the Weapon: From Trivy to LiteLLM
When Your Scanner Becomes the Weapon: From Trivy to LiteLLM The post When Your Scanner Becomes the Weapon: From Trivy to LiteLLM appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: When…
‘Do not shift budgets to AI’: How businesses should and shouldn’t respond to evolving threats
Experts said companies rushing to buy AI services risked letting their existing, still-vital defensive measures deteriorate. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: ‘Do not shift budgets to AI’: How businesses should…
Inside RSA 2026: Security Leaders Grapple With AI’s Growing Role and Risks
RSA Conference 2026 spotlights AI in cybersecurity, from SOC automation to governance challenges, as experts weigh trust, control, and risk. The post Inside RSA 2026: Security Leaders Grapple With AI’s Growing Role and Risks appeared first on TechRepublic. This article…
RSAC 2026 Proved the Industry Agrees on the Problem — Now Comes the Hard Part
Agentic AI dominated RSAC 2026, but security leaders warn governance is lagging. Here’s why discovery isn’t enough — and where control must evolve. The post RSAC 2026 Proved the Industry Agrees on the Problem — Now Comes the Hard Part…
Only Trump can decide when cyberwar turns into real war
Four former NSA bosses walk onto the stage at RSAC… rsac 2026 There’s a theoretical red line with cyber warfare. Cross it, and the US will respond with a physical attack like missile strikes. And that line “is whatever the…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-33017 Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant…
Linux Ransomware Pay2Key Attacking Organizations Ervers, Virtualization Hosts, and Cloud Workloads
Linux has long been considered a more secure operating system than Windows, but that reputation is being tested. A ransomware group known as Pay2Key, attributed to Iranian threat actors, has developed a Linux variant that is actively targeting organizational servers,…
“Unhackable” No More: Researcher Demonstrates Hardware-Level Exploit on Xbox One
For years, the Xbox One was widely viewed as one of the few gaming systems that had resisted successful hacking. That perception has now changed after a new hardware-based attack method was publicly demonstrated. At the RE//verse 2026 event, security…
2025 Talos Year in Review: Speed, scale, and staying power
The 2025 Talos Year in Review is available now. Understand evolving adversary playbooks and how to strengthen your organization’s defenses. This article has been indexed from Cisco Talos Blog Read the original article: 2025 Talos Year in Review: Speed, scale,…
Beers with Talos breaks down the 2025 Talos Year in Review
The Beers with Talos team unpack the biggest cybersecurity threats of 2025, from React2Shell to ransomware and identity abuse, and what it all means for defenders going forward. This article has been indexed from Cisco Talos Blog Read the original…
US Bans New Foreign-Made Home Routers Over National Security Fears
The FCC has officially added foreign-made consumer routers to its restricted Covered List, citing major cybersecurity risks. Find out what it means for your current devices. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and…
LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident…
SmartApeSG ClickFix Campaign Delivers Remcos, NetSupport RAT, StealC and Sectop RAT
A threat campaign known as SmartApeSG — also tracked under the names ZPHP and HANEYMANEY — has been observed pushing multiple strains of malware through a social engineering technique called ClickFix. The campaign, active as recently as March 24, 2026,…
macOS Threats Are the Biggest Security Gap in 2026: How SOC Teams Close It
macOS has become a standard part of modern business environments, especially across engineering, product, and leadership teams. That makes it a growing security concern: when a Mac used by a high-access employee is compromised, it can lead to stolen credentials,…