China-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, combining web bug reconnaissance with constantly evolving malware delivery chains that culminate in a customized PlugX backdoor. From mid-2025, TA416…
Critical PX4 Autopilot Vulnerability Let Attackers Gain Control of Drones
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. This critical flaw could allow malicious actors to completely take over unmanned aerial vehicles (UAVs) and drones used across…
Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution
Cisco has released a high-priority security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. The flaw, tracked as CVE-2026-20160, carries a near-maximum CVSS severity score of 9.8 out of 10. If exploited, it enables…
Enterprise AI security: weighing the benefits and risks in 2026
The integration of artificial intelligence into core business systems, better known as enterprise AI, is moving fast, along with the threats around it. Security teams are confronting AI-powered cyberattacks, tightening global regulations, and facing a growing expectation that cyber defenses…
Top 20 Best Digital Forensic Tools in 2026
Digital forensic tools are specialized software designed to analyze, recover, and investigate data from digital devices. They help uncover crucial evidence in cybercrime investigations and legal proceedings. These tools can extract data from various sources, including computers, smartphones, and storage…
10 Best VPN For Privacy In 2026
When it comes to privacy-focused VPNs, several providers stand out in 2026. NordVPN, based in Panama, offers robust security features including Double VPN, Onion over VPN, and an independently audited no-logs policy. Proton VPN, founded by CERN scientists and based…
Starbucks Breach – Attacks Allegedly Claim 10GB of Stolen Source Code
The threat group ShadowByt3s has claimed responsibility for a new cyberattack on Starbucks, allegedly stealing 10GB of proprietary source code and operational firmware. The data was reportedly scraped from a misconfigured Amazon S3 bucket named “sbux-assets” as part of a…
IT Security News Hourly Summary 2026-04-02 09h : 1 posts
1 posts were published in the last hour 6:34 : Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech and Banks
Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech and Banks
Bank Negara Malaysia’s updated RMiT framework introduces stricter authentication rules for banks and fintech apps. Learn how passkeys, adaptive MFA, device binding, and risk-based authentication help meet compliance. The post Bank Negara Malaysia RMiT Update: New Authentication Rules for Fintech…
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access through unsigned MSI installers. The campaign starts with WhatsApp messages carrying VBS attachments that appear benign but…
Trust, friction, and ROI: A CISO’s take on making security work for the business
In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs reduce friction in sales cycles and M&A processes, and how trust is…
Remcos RAT Attack Uses Obfuscated Scripts, Trusted Windows Tools
Remcos RAT operators are abusing obfuscated scripts and trusted Windows binaries to deliver a stealthy, largely fileless infection chain that runs almost entirely in memory and evades traditional defenses. The attack starts with a phishing email carrying a ZIP archive…
Cisco Warns of Critical IMC Vulnerability Enabling Authentication Bypass
Cisco has published an urgent security advisory for CVE-2026-20093, a critical 9.8-severity authentication bypass vulnerability affecting its Integrated Management Controller (IMC) software. This high-risk flaw enables unauthenticated remote attackers to overwrite administrative passwords and gain full control over vulnerable Cisco…
NSFOCUS Monthly APT Insights – January 2026
Regional APT Threat Situation In January 2026, the global threat hunting system of Fuying Lab detected a total of 26 APT attack activities. These activities were primarily concentrated in regions including East Asia, South Asia, and Eastern Europe, as shown…
Symantec DLP Agent Flaw Exposed Systems to Privilege Escalation Attacks
A high-severity vulnerability in the Symantec Data Loss Prevention (DLP) Agent for Windows could allow low-privileged attackers to take complete control of affected machines. Tracked as CVE-2026-3991, this Local Privilege Escalation (LPE) flaw carries a CVSS score of 7.8. It…
Microsoft adds high-volume email sending to Exchange Online
Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll notifications, IT alerts, and security advisories, without running into the sending limits designed for person-to-person email.…
Tracking drones with the 5G tower down the street
Drone detection in cities is expensive. Dedicated radar installations are cost-prohibitive at scale, cameras have limited range and stop working well at night, and LiDAR systems have the same cost problem as radar. A group of researchers at the University…
Linx Security Raises $50 Million for Identity Security and Governance
The company will accelerate product development, scale go-to-market efforts, and expand its global footprint. The post Linx Security Raises $50 Million for Identity Security and Governance appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Your customer passed authentication. So why are they sending money to a scammer?
In this Help Net Security video, Lenny Gusel, Head of Fraud Solutions in North America at Feedzai, explains how customer identity and access management has converged with digital fraud detection, and why treating them as separate systems creates real risk.…
Microsoft to Remove EXIF Data for Images Shared on Teams
In a significant move to enhance corporate privacy and operational security, Microsoft has announced an important update for its Teams platform. As part of the March 2026 feature rollout, Microsoft Teams will now automatically remove EXIF metadata from all images…
Public PoC Exploit Released for Nginx-UI Backup Restore Vulnerability
A critical security flaw has been disclosed in the Nginx-UI backup restore mechanism, tracked as CVE-2026-33026. This vulnerability allows threat actors to tamper with encrypted backup archives and inject malicious configurations during the restoration process. With a public Proof-of-Concept (PoC)…
Vim Modeline Bypass Vulnerability Let Attackers Execute Arbitrary OS Commands
A newly discovered high-severity vulnerability in the popular Vim text editor exposes users to arbitrary command execution on the operating system. Tracked as CVE-2026-34982, the flaw relies on a modeline sandbox bypass that triggers when a victim opens a specially…
IT Security News Hourly Summary 2026-04-02 06h : 1 posts
1 posts were published in the last hour 3:13 : News Alert: TAC Security surpasses 10,000 customers, scaling global VM and AppSec platform
News Alert: TAC Security surpasses 10,000 customers, scaling global VM and AppSec platform
NEW YORK, Apr. 1, 2026, CyberNewswire—TAC Infosec, a global leader in cybersecurity (NSE: TAC), with presence across 100+ countries, announced a historic milestone by crossing 10,000 clients – 6,500+ of TAC Security and 3,500+ of CyberScope, since April … (more…)…