CISA has warned that a memory corruption flaw in Qualcomm chipsets is being exploited in attacks, urging organizations to promptly apply vendor-provided mitigations. The issue, tracked as CVE-2026-21385, impacts multiple Qualcomm chipsets and was added to CISA’s catalog on 2026-03-03 with…
Trusted Azure Utility AzCopy Turned into Data Exfiltration Tool in Active Ransomware Campaigns
The cybersecurity landscape has taken a sharp and dangerous turn. Ransomware operators, long associated with using suspicious tools to steal data, have begun turning to the same software IT teams rely on every day. Microsoft’s AzCopy, a legitimate command-line utility…
Escalating Iranian APT Threats Against Critical Infrastructure Amid Geopolitical Conflict
A dangerous new chapter in Middle Eastern geopolitics has unfolded following the outbreak of open conflict between Iran, Israel, and the United States. Last week, U.S. and Israeli forces launched Operation Lion’s Roar, a coordinated military strike targeting Iranian military…
Stolen Gemini API Key Turned $180 Bill to $82000 in Two Days
A three-person development team in Mexico is facing bankruptcy after a stolen Google Cloud API key generated $82,314.44 in unauthorized charges over just 48 hours. Between February 11 and 12, attackers heavily abused the team’s credentials to access the “Gemini…
VoidLink Malware Framework Attacking Kubernetes and AI Workloads
In December 2025, Check Point Research disclosed one of the most carefully engineered cloud-native malware frameworks ever studied — VoidLink. Unlike most threats that are ported from older Windows tools, VoidLink was built from scratch to target Linux-based cloud and…
Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively
A Belgian national, De Ceukelaire’ did not set out to be a hacker. Like many hackers he was born with the potential to become one and only gradually realized he is one. The post Hacker Conversations: Inti De Ceukelaire, Raging…
Top SCIM Providers for B2B SaaS Apps: Automated User Provisioning Platforms
Compare the top SCIM providers for B2B SaaS apps. Learn how SCIM provisioning automates user lifecycle management and integrates with enterprise identity providers. Alternative version (slightly stronger for click-through): Discover the top SCIM providers for B2B SaaS platforms. Learn how…
Rocket Software Research Highlights Data Security and AI Infrastructure Gaps in Enterprise IT Modernization
Stress is rising among IT decision-makers as organizations accelerate technology upgrades and introduce AI into hybrid infrastructure. Data security now leads modernization concerns, with nearly 70 percent identifying it as their primary pressure point. As transformation speeds up, safeguarding…
Microsoft Copilot Bug Exposes Confidential Outlook Emails
A critical bug in Microsoft 365 Copilot, tracked as CW1226324, allowed the AI assistant to access and summarize confidential emails in Outlook’s Sent Items and Drafts folders, bypassing sensitivity labels and Data Loss Prevention (DLP) policies. Microsoft first detected…
Tufin’s AI-powered tools simplify network security operations
Tufin announced its latest AI-powered innovations, enabling customers to utilize its Unified Control Plane to accelerate issue resolution, reduce operational friction, and limit risk – even as network complexity continues to grow. Security teams face pressure to move faster while…
Digital.ai expands post-build protection for Android and iOS applications
Software security has reached an inflection point as AI development tools increase the volume and velocity of software releases, while AI is also powering the next generation of threat actors driving attack volume and sophistication to new heights. For security…
Surge in Attacks on Surveillance Cameras Linked to Iranian Hackers
Increased attempts to compromise surveillance cameras linked to Iran during Middle East conflict This article has been indexed from www.infosecurity-magazine.com Read the original article: Surge in Attacks on Surveillance Cameras Linked to Iranian Hackers
Kaspersky dismisses claims Coruna iPhone exploit kit is connected to NSA-linked operation
Follows suggestions iPhone-pwning toolset bears hallmarks of zero-days that targeted Russian diplomats Russian cybersecurity outfit Kaspersky is waving away claims that an iPhone exploit kit recently uncovered by Google was developed by the same people who were behind a group…
Invisible Threats: Source Code Exfiltration in Google Antigravity – FireTail Blog
Mar 04, 2026 – Viktor Markopoulos – Invisible Threats: Source Code Exfiltration in Google AntigravityTL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions inside seemingly empty C++ comments, threat actors…
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
Google said it identified a “new and powerful” exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits,…
Multi-Stage “BadPaw” Malware Campaign Targets Ukraine
Malware campaign uses Ukrainian email service for credibility, deploying “BadPaw” to execute attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Multi-Stage “BadPaw” Malware Campaign Targets Ukraine
Does the UK really want to ban VPNs? And can it be done?
Reports of a “Great British Firewall” are exaggerated. And even if they wanted to, here’s why it would be virtually impossible. This article has been indexed from Malwarebytes Read the original article: Does the UK really want to ban VPNs?…
The Whitelist Illusion – When Your Trusted List Becomes a Billion Dollar Attack Path
Your whitelist is not a wall. For nation-state attackers, it’s a map, showing exactly who to compromise to get to your assets. $1,788,000,000 STOLEN FROM INSTITUTIONS WITH WHITELISTS, MULTISIGS, AND HARDWARE WALLETS IN PLACE TL;DR When you hold significant assets…
2025 Security Awareness Report: Why Training Works and Where Organizations Still Fall Short
The 2025 Security Awareness and Training Global Research Report shows how security awareness training reduces incidents, how AI is reshaping cyber risk, and why employee readiness still needs work. This article has been indexed from Industry Trends & Insights…
Qualcomm Zero Day Among 129 Issues Fixed in Android Security Push
With its latest security bulletin, Google has taken steps to address a broad range of Android vulnerabilities, releasing patches for 129 vulnerabilities spanning core platform components and third party modules. These vulnerabilities include ten that are rated critical, and…
Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)
A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized access to exposed unpatched servers. According to the Shadowserver Foundation, there are currently over 1,200 internet-facing instances that…
Webinar: The True State of Security 2026
AI has become the most popular scapegoat in security. While the risk is real, the obsession is costly. Most security failures don’t start with AI. They start with people, access, and security workflows that don’t scale. This webinar aims to…
IT Security News Hourly Summary 2026-03-04 15h : 17 posts
17 posts were published in the last hour 13:34 : Facebook Hit By Global Service Outage 13:34 : LexisNexis Confirms Data Breach 13:34 : Mobile Man Pleads Guilty To Cyber Crimes 13:34 : Iranian Strikes Expose Cloud Vulnerability 13:34 :…
Facebook Hit By Global Service Outage
Users across the globe were unable to access their Facebook accounts following a significant technical disruption that began in the late afternoon. This article has been indexed from CyberMaterial Read the original article: Facebook Hit By Global Service Outage