The OWASP Zed Attack Proxy (ZAP) just received a massive upgrade for testing modern web applications. The release of the ZAP PTK Add-on 0.3.0, working alongside OWASP PenTest Kit (PTK) 9.8.0, now converts browser-based security findings directly into native ZAP…
FBI Warns Chinese Mobile Apps Could Expose User Data to Cyberattacks
The Federal Bureau of Investigation (FBI) has issued a public warning about potential data security risks associated with foreign-developed mobile applications, particularly those developed by companies based in China. While the advisory focuses on apps widely used in the United…
The European Commission confirms attack on its Europa web platform
The European Commission has confirmed a cyberattack affecting its Europa.eu web platform, with initial reports indicating that the attackers accessed the data from the cloud infrastructure provided by AWS. The incident was detected on 24 March, with the commission stating that the attack was contained while the investigation…
Apple Releases iOS 18.7.7 Update to Extend DarkSword Exploit Protection to More iPhones and iPads
Apple has expanded the availability of iOS 18. Thank you for being a Ghacks reader. The post Apple Releases iOS 18.7.7 Update to Extend DarkSword Exploit Protection to More iPhones and iPads appeared first on gHacks. This article has been…
New iOS patches over DarkSword, FBI: surveillance hack is major incident, Cisco code stolen in Trivy-linked breach
Apple pushes new patches over DarkSword FBI: US surveillance hack is major incident Cisco code stolen in Trivy-linked breach Get the show notes here: https://cisoseries.com/cybersecurity-news-apple-pushes-new-patches-over-darksword-fbi-us-surveillance-hack-is-major-incident-cisco-code-stolen-in-trivy-linked-breach/ Huge thanks to our sponsor, ThreatLocker Detection-based security assumes you’ll catch an attack in time.…
North Korean Attackers Compromise Popular Web Tool
Hackers suspected of working for North Korea compromise Axios open-source software, push out remote-access Trojans to developers This article has been indexed from Silicon UK Read the original article: North Korean Attackers Compromise Popular Web Tool
TA416 Broadens Europe Spy Campaign With Web Bugs and Malware
China-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, combining web bug reconnaissance with constantly evolving malware delivery chains that culminate in a customized PlugX backdoor. From mid-2025, TA416…
Critical PX4 Autopilot Vulnerability Let Attackers Gain Control of Drones
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. This critical flaw could allow malicious actors to completely take over unmanned aerial vehicles (UAVs) and drones used across…
Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution
Cisco has released a high-priority security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. The flaw, tracked as CVE-2026-20160, carries a near-maximum CVSS severity score of 9.8 out of 10. If exploited, it enables…
Enterprise AI security: weighing the benefits and risks in 2026
The integration of artificial intelligence into core business systems, better known as enterprise AI, is moving fast, along with the threats around it. Security teams are confronting AI-powered cyberattacks, tightening global regulations, and facing a growing expectation that cyber defenses…
Top 20 Best Digital Forensic Tools in 2026
Digital forensic tools are specialized software designed to analyze, recover, and investigate data from digital devices. They help uncover crucial evidence in cybercrime investigations and legal proceedings. These tools can extract data from various sources, including computers, smartphones, and storage…
10 Best VPN For Privacy In 2026
When it comes to privacy-focused VPNs, several providers stand out in 2026. NordVPN, based in Panama, offers robust security features including Double VPN, Onion over VPN, and an independently audited no-logs policy. Proton VPN, founded by CERN scientists and based…
Starbucks Breach – Attacks Allegedly Claim 10GB of Stolen Source Code
The threat group ShadowByt3s has claimed responsibility for a new cyberattack on Starbucks, allegedly stealing 10GB of proprietary source code and operational firmware. The data was reportedly scraped from a misconfigured Amazon S3 bucket named “sbux-assets” as part of a…
IT Security News Hourly Summary 2026-04-02 09h : 1 posts
1 posts were published in the last hour 6:34 : Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech and Banks
Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech and Banks
Bank Negara Malaysia’s updated RMiT framework introduces stricter authentication rules for banks and fintech apps. Learn how passkeys, adaptive MFA, device binding, and risk-based authentication help meet compliance. The post Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech…
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access through unsigned MSI installers. The campaign starts with WhatsApp messages carrying VBS attachments that appear benign but…
Trust, friction, and ROI: A CISO’s take on making security work for the business
In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs reduce friction in sales cycles and M&A processes, and how trust is…
Remcos RAT Attack Uses Obfuscated Scripts, Trusted Windows Tools
Remcos RAT operators are abusing obfuscated scripts and trusted Windows binaries to deliver a stealthy, largely fileless infection chain that runs almost entirely in memory and evades traditional defenses. The attack starts with a phishing email carrying a ZIP archive…
Cisco Warns of Critical IMC Vulnerability Enabling Authentication Bypass
Cisco has published an urgent security advisory for CVE-2026-20093, a critical 9.8-severity authentication bypass vulnerability affecting its Integrated Management Controller (IMC) software. This high-risk flaw enables unauthenticated remote attackers to overwrite administrative passwords and gain full control over vulnerable Cisco…
NSFOCUS Monthly APT Insights – January 2026
Regional APT Threat Situation In January 2026, the global threat hunting system of Fuying Lab detected a total of 26 APT attack activities. These activities were primarily concentrated in regions including East Asia, South Asia, and Eastern Europe, as shown…
Symantec DLP Agent Flaw Exposed Systems to Privilege Escalation Attacks
A high-severity vulnerability in the Symantec Data Loss Prevention (DLP) Agent for Windows could allow low-privileged attackers to take complete control of affected machines. Tracked as CVE-2026-3991, this Local Privilege Escalation (LPE) flaw carries a CVSS score of 7.8. It…
Microsoft adds high-volume email sending to Exchange Online
Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll notifications, IT alerts, and security advisories, without running into the sending limits designed for person-to-person email.…
Tracking drones with the 5G tower down the street
Drone detection in cities is expensive. Dedicated radar installations are cost-prohibitive at scale, cameras have limited range and stop working well at night, and LiDAR systems have the same cost problem as radar. A group of researchers at the University…
Linx Security Raises $50 Million for Identity Security and Governance
The company will accelerate product development, scale go-to-market efforts, and expand its global footprint. The post Linx Security Raises $50 Million for Identity Security and Governance appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…