Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of…
Discord Delays Global Age Verification After Privacy Backlash
Discord has postponed the global rollout of its new age verification system following backlash from users who raised privacy concerns, including objections tied Thank you for being a Ghacks reader. The post Discord Delays Global Age Verification After Privacy Backlash…
Wireshark 4.6.4 Released to Patch Multiple Security Vulnerabilities
Wireshark has released version 4.6.4, delivering security and stability fixes that address several denial‑of‑service risks and multiple crashes in protocol dissectors and tools. The update is recommended for all users, especially analysts working with untrusted capture files or live traffic…
Marquis Takes Legal Action Against SonicWall Over Ransomware Attack from Backup Breach
Marquis Software Solutions has filed a lawsuit against cybersecurity firm SonicWall, claiming a vulnerability in SonicWall’s cloud backup service led directly to a ransomware attack on its network. Filed in a Texas federal court, the complaint highlights a massive failure…
Zoom Update Scam Infects 1,437 Users in 12 Days to Deploy Surveillance Tools
A dangerous new scam is targeting Zoom users by exploiting their trust in video meeting invites. Over just twelve days, 1,437 Windows users unknowingly installed a malicious version of the Teramind monitoring agent after visiting a fake Zoom meeting page designed to trigger silent…
SMBs Struggle to Translate Cybersecurity Investment into Real-World Resilience, Study Finds
Small and medium-sized businesses (SMBs) continue to face significant cyber risk despite growing investment in cybersecurity tools and training, according to new research from privacy company Proton AG. The company’s SMB Cybersecurity Report 2026, based on a survey of 3,000…
Scattered Lapsus$ Hunters auditioning female voices to sharpen social engineering
Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its social engineering success.… This article has been indexed from…
Gambit Security Emerges From Stealth With $61 Million in Funding
The seed and Series A investment will enable the startup to accelerate product development and expand sales and customer success teams. The post Gambit Security Emerges From Stealth With $61 Million in Funding appeared first on SecurityWeek. This article has…
What is Polymorphic Malware?
Malware continues to evolve, becoming more sophisticated and harder to detect. One of the most challenging types is polymorphic malware — malicious software that constantly changes its code to evade detection by traditional security systems. In a world where cyber…
Google Disrupts China-Linked UNC2814 Cyber Espionage Network Targeting 70+ Countries
Google on Wednesday revealed that it collaborated with industry partners to dismantle the digital infrastructure of a suspected China-aligned cyber espionage group known as UNC2814, which compromised at least 53 organizations spanning 42 countries. “This prolific, elusive actor has…
Scattered Lapsus$ Hunters seeks women for vishing attacks
The Scattered Lapsus$ Hunters (SLH) hacking collective has launched a recruitment push aimed specifically at women, offering cash payments for participating in voice-phishing (vishing) attacks. A few days ago, threat intelligence firm Dataminr detected posts on a public Telegram channel…
Google Disrupts ‘Prolific’ and ‘Elusive’ China-Linked Global Hacking Campaign
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Disrupts ‘Prolific’ and ‘Elusive’ China-Linked Global Hacking Campaign
OpenAI Confirms Chinese Hackers Used ChatGPT in Cyberattack Campaign
OpenAI has confirmed that Chinese-linked operators misused ChatGPT as part of a broader campaign that blended cyber operations, online harassment, and covert influence tactics, according to its latest threat report “Disrupting malicious uses of AI.” While the models were not…
OAuth Gone Wrong: The Hidden Token Issue That Brought Down Our Login System
Imagine deploying a Node.js/TypeScript backend for user authentication that works flawlessly in development, only to watch users get mysteriously logged out or unable to log in shortly after launching to production. Everything ran fine on your local machine, but in…
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager…
LLMs Generate Predictable Passwords
LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices…
OpenAI Confirms that Chinese Hackers Used ChatGPT to Launch Cyberattacks
OpenAI has officially confirmed that a ChatGPT account linked to an individual associated with Chinese law enforcement was used to plan and document large-scale covert cyberattack campaigns. The revelation, published in OpenAI’s February 2026 threat disruption report, marks one of…
Zyxel Patches Critical Vulnerability in Many Device Models
The issue impacts the UPnP function of multiple device models and could be exploited for remote code execution. The post Zyxel Patches Critical Vulnerability in Many Device Models appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
MCP security: The current situation
The Model Context Protocol (MCP) is an open protocol designed to standardize how large language models (LLMs) connect to external tools, APIs, and data sources. Rather than relying on ad hoc, model-specific integrations, MCP defines a structured client–server architecture that…
The Conduent breach; from 10 million to 25 million (and counting)
A third-party breach at Conduent now affects 25 million Americans—many never knew their data flowed through its systems. This article has been indexed from Malwarebytes Read the original article: The Conduent breach; from 10 million to 25 million (and counting)
Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover
A rare joint alert from all five spy agencies means serious business The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.… This article has been indexed from The Register –…
Zyxel Vulnerabilities Allow Remote Attackers to Execute Commands via Command Injection
Zyxel has rolled out critical security patches for multiple vulnerabilities affecting its 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, Security Routers, and Wireless Extenders. The flaws range from null pointer dereferences causing Denial-of-Service (DoS) to severe command injections allowing…
Malicious Ads Bypass Google Ads Screening via New Campaign Platform Exploit
A sophisticated cloaking platform called 1Campaign, designed to help attackers run malicious Google Ads campaigns while evading detection. The service acts as a full‑service infrastructure for malvertising, filtering out researchers and automated scanners to keep phishing and cryptocurrency drainer sites…
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net,…