A sprawling network of fake shops, all built for one purpose: to steal your payment details and personal data. This article has been indexed from Malwarebytes Read the original article: Inside a network of 20,000+ fake shops
Cayosoft adds AI identity visibility and incident response for hybrid environments
Cayosoft has announced updates to its Cayosoft Guardian platform. Cayosoft Guardian will now bring AI agent identities into existing identity threat detection and response (ITDR) workflows, giving security teams visibility, reporting, alerting, and automated rollback, without adding another dashboard. Cayosoft…
1Password Users API for Partners helps automate identity response during incidents
1Password has announced the public preview of Users API for Partners, which allows security teams to respond to incidents faster during active security events. Launch partners like CrowdStrike, in addition to BlinkOps, Elastic, Sumo Logic, Tines, and Torq enable mutual…
Linux Foundation secures $12.5 million to strengthen open source security and support maintainers
The Linux Foundation has announced a total of $12.5 million in grants from Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen the security of the open source software ecosystem. The funding will be managed by Alpha-Omega and…
Oppo Updates Foldable With ‘Imperceptible’ Crease
New Oppo Find N6 features improved technology to reduce screen crease, but prices rise as memory becomes ‘more expensive than gold’ This article has been indexed from Silicon UK Read the original article: Oppo Updates Foldable With ‘Imperceptible’ Crease
Vidar Stealer 2.0 Spreads via Fake Game Cheats Shared on GitHub and Reddit
Large‑scale campaigns abusing GitHub and Reddit to spread Vidar Stealer 2.0 through fake “free game cheats,” targeting players of popular online titles across the board. The operation shows how the takedown of other infostealers has shifted criminal demand toward Vidar,…
Delegated Trust Is Becoming the Largest Attack Surface in Modern Security
Over the next decade, the way we define security failures is going to change. No longer will it begin with an unpatched server or a careless employee clicking the wrong link. The root cause will be something far more ordinary,…
ManageEngine expands Endpoint Central with EDR and secure access
ManageEngine has announced the expansion of its unified endpoint management and security (UEMS) platform, Endpoint Central, to include endpoint detection and response (EDR) and secure private access capabilities. The additions bolster Endpoint Central’s endpoint security capabilities by enabling AI-powered threat…
Virtue AI brings continuous stress testing to enterprise AI agents
Virtue AI has announced Agent ForgingGround with built-in Red-Teaming Agents, the first enterprise-scale testing ground designed to continuously evaluate and stress-test AI agents (including multi-agent systems) before, during, and after deployment. As organizations adopt large-scale AI agents, many enterprises are…
Police To Deploy Live Facial Recognition In Norwich
Live facial recognition van to be stationed in Norwich city centre on Sunday, amid government plans to expand tech’s use This article has been indexed from Silicon UK Read the original article: Police To Deploy Live Facial Recognition In Norwich
Cyberattacks Soar 245% as War Triggers Global Digital Offensive
Since the outbreak of the Middle East conflict on 28 February 2026, Akamai has seen a surge of 245% in cyberattacks against key businesses and institutions in North America, Europe, and some Asian Pacific countries. One group in particular, Handala (widely believed to have…
UK’s Companies House exposed data linked to millions of firms
Companies House, the UK’s official registrar of companies, has disclosed a security flaw in its WebFiling service that exposed sensitive data tied to more than five million registered businesses. The issue traces back to a system update rolled out in October 2025 and went unnoticed for five months…
IT Security News Hourly Summary 2026-03-18 09h : 12 posts
12 posts were published in the last hour 7:36 : Boggy Serpens Hits Diplomats, Critical Infrastructure in Espionage Waves 7:36 : Iran’s cyberattack against med tech firm is ‘just the beginning’ 7:36 : ‘CrackArmor’ Exposes Nine Vulnerabilities in Linux AppArmor 7:36…
Boggy Serpens Hits Diplomats, Critical Infrastructure in Espionage Waves
Boggy Serpens, also known as MuddyWater, has escalated its cyberespionage operations over the past year, focusing on diplomats and critical infrastructure organizations in a coordinated, multi-wave campaign. Boggy Serpens has moved beyond its earlier noisy, high-volume phishing style to prioritize…
Iran’s cyberattack against med tech firm is ‘just the beginning’
Even without a navy, or air power, ‘They’ll still have the ability to hack’ Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.… This article has been indexed from The Register…
‘CrackArmor’ Exposes Nine Vulnerabilities in Linux AppArmor
The Qualys Threat Research Unit (TRU) has identified nine vulnerabilities in AppArmor, a Linux Security Module. The vulnerability has been present since 2017 (version v4.11). AppArmor is the default mandatory access control system for Ubuntu, Debian, SUSE, and several cloud platforms. Its presence in all…
Aura – 903,080 breached accounts
In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected.…
Ubuntu Desktop Systems Vulnerability Enables Attackers to Gain Full Root Access
A Local Privilege Escalation (LPE) vulnerability in default installations of Ubuntu Desktop 24.04 and later allows an unprivileged local attacker to gain full root access. Tracked as CVE-2026-3888, uncovered by The Qualys Threat Research Unit, the flaw exploits an unintended…
Cybercriminals scale up, government sector hit hardest
Government agencies faced the highest volume of cyberattack campaigns in 2025, according to new findings from HPE Threat Labs, which tracked 1,186 active campaigns over the course of the year. The data covers activity observed between January 1 and December…
Tufin introduces AI agents to take on network security work
Tufin is launching a new collection of AI agents designed to take on network security tasks for teams that are already stretched thin. This helps free up scarce expertise to focus on higher-level risks, critical decisions, and defending the enterprise.…
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in…
Energy strategy, scammer accord, font-rendering attack
Energy Department to release first cyber strategy Tech giants sign on to fight scammers Font-rendering hides malicious commands from AI in plain sight Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-energy-strategy-scammer-accord-font-rendering-attack/ Huge thanks to our episode sponsor,…
Over one billion customer records belonging to IDMerit users left unprotected online
Cyber researchers discovered more than one billion unprotected IDMerit customer records online. The records included details of people from all over the world, with hundreds… The post Over one billion customer records belonging to IDMerit users left unprotected online appeared…
Researchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM Access
Researchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as “RegPwn”. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how Windows handles registry configurations for…