notice: please create a custom view template for the cybersec class view-cybersec.html
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.
Cisco Talos has attributed the operation to a threat cluster it tracks as
9:10 pm, April 2, 2026
guid
https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
source_url
https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
id: 483
uid: H7LEA
insdate: 2026-04-02 21:10:10
title: Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
additional: A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.
Cisco Talos has attributed the operation to a threat cluster it tracks as
category: Cybersecurity
md5:
guid: https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
source_url: https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
updated:
image:
author_name:
author_link:
uid: H7LEA
insdate: 2026-04-02 21:10:10
title: Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
additional: A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.
Cisco Talos has attributed the operation to a threat cluster it tracks as
category: Cybersecurity
md5:
guid: https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
source_url: https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
updated:
image:
author_name:
author_link:
Add Comment
AI Testing
Page Views
This page has been viewed 6 times.
Search cybersec
Category List cybersec
- Cybersecurity
- $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
- 'NoVoice' Android malware on Google Play infected 2.3 million devices
- /proxy/ URL scans with IP addresses, (Mon, Mar 16th)
- 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
- 13-year-old bug in ActiveMQ lets hackers remotely execute commands
- 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
- 2026 Browser Data Reveals Major Enterprise Security Blind Spots
- 3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
- 3 SOC Process Fixes That Unlock Tier 1 Productivity
- 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
- 5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
- 54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
- 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
- 7 Ways to Prevent Privilege Escalation via Password Resets
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
- A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
- A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
- AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
- AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
- AI-generated Slopoly malware used in Interlock ransomware attack
- APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
- APT28 hackers deploy customized variant of Covenant open-source tool
- APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
- Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
- Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
- Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
- Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
- Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
- AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
- Ajax football club hack exposed fan data, enabled ticket hijack
- Alabama man pleads guilty to hacking, extorting hundreds of women
- Amazon: Drone strikes damaged AWS data centers in Middle East
- Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
- Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
- Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
- Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
- Android Developer Verification Rollout Begins Ahead of September Enforcement
- Android gets patches for Qualcomm zero-day exploited in attacks
- Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
- Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
- Anti-piracy coalition takes down AnimePlay app with 5 million users
- Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
- Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
- Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
- Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
- Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
- Apple adds macOS Terminal warning to block ClickFix attacks
- Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
- Apple patches older iPhones and iPads against Coruna exploits
- Apple pushes first Background Security Improvements update to fix WebKit flaw
- Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)
- AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
- Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
- Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
- Aura confirms data breach exposing 900,000 marketing contacts
- Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
- Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
- Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
- Axios npm hack used fake Teams error fix to hijack maintainer account
- BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
- Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
- Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
- Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
- Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
- Betterleaks, a new open-source secrets scanner to replace Gitleaks
- Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
- Bitrefill blames North Korean Lazarus group for cyberattack
- Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
- Bitwarden adds support for passkey login on Windows 11
- Block the Prompt, Not the Work: The End of "Doctor No"
- Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
- Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
- Bubble AI app builder abused to steal Microsoft account credentials
- Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
- CERT-EU: European Commission hack exposes data of 30 EU entities
- CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
- CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
- CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
- CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
- CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
- CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
- CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks
- CISA flags Wing FTP Server flaw as actively exploited in attacks
- CISA orders feds to patch DarkSword iOS flaws exploited attacks
- CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
- CISA orders feds to patch Zimbra XSS flaw exploited in attacks
- CISA orders feds to patch actively exploited Citrix flaw by Thursday
- CISA orders feds to patch exploited Fortinet EMS flaw by Friday
- CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
- CISA orders feds to patch max-severity Cisco flaw by Sunday
- CISA orders feds to patch n8n RCE flaw exploited in attacks
- CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
- CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
- CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
- CISA: New Langflow flaw actively exploited to hijack AI workflows
- CISA: Recently patched Ivanti EPM flaw now actively exploited
- CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
- CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
- Can the Security Platform Finally Deliver for the Mid-Market?
- Canadian retail giant Loblaw notifies customers of data breach
- Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
- ChatGPT rolls out new $100 Pro subscription to challenge Claude
- China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
- China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
- China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
- China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
- Chinese state hackers target telcos with new malware toolkit
- Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
- Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
- Cisco flags more SD-WAN flaws as actively exploited in attacks
- Cisco source code stolen in Trivy-linked dev environment breach
- Cisco warns of max severity Secure FMC flaws giving root access
- Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
- Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
- Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
- Citrix urges admins to patch NetScaler flaws as soon as possible
- Claude AI finds Vim, Emacs RCE bugs that trigger on file open
- Claude Code Security and Magecart: Getting the Threat Model Right
- Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
- Claude Code leak used to push infostealer malware on GitHub
- Claude Code source code accidentally leaked in NPM package
- Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
- ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
- Cognizant TriZetto breach exposes health data of 3.4 million patients
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets
- ConnectWise patches new flaw allowing ScreenConnect hijacking
- Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
- Coruna iOS exploit framework linked to Triangulation attacks
- Critical Cisco IMC auth bypass gives attackers Admin access
- Critical Citrix NetScaler memory flaw actively exploited in attacks
- Critical Fortinet Forticlient EMS flaw now exploited in attacks
- Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
- Critical Marimo pre-auth RCE flaw now under active exploitation
- Critical Microsoft SharePoint flaw now exploited in attacks
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
- Critical flaw in wolfSSL library enables forged certificate use
- Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
- Crunchyroll probes breach after hacker claims to steal 6.8M users' data
- CyberStrikeAI tool adopted by hackers for AI-powered attacks
- DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
- DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
- DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
- DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
- DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
- Detecting IP KVMs, (Tue, Mar 24th)
- Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
- Device code phishing attacks surge 37x as new kits spread online
- Die Linke German political party confirms data stolen by Qilin ransomware
- Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
- DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
- Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
- Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
- Drift $280M crypto theft linked to 6-month in-person operation
- Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
- Drift loses $280 million North Korean hackers seize Security Council powers
- Drift loses $280 million as hackers seize Security Council powers
- Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
- Dutch Finance Ministry takes treasury banking portal offline after breach
- Dutch Ministry of Finance discloses breach affecting employees
- Dutch Police discloses security breach after phishing attack
- Dutch govt warns of Signal, WhatsApp account hijacking attacks
- EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
- EU court adviser says banks must immediately refund phishing victims
- Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
- England Hockey investigating ransomware data breach
- Ericsson US discloses data breach after service provider hack
- Eurail says December data breach impacts 300,000 individuals
- Europe sanctions Chinese and Iranian firms for cyberattacks
- European Commission confirms data breach after Europa.eu hack
- European Commission investigating breach after Amazon cloud account hack
- European Commission investigating breach after Amazon cloud hack
- European Gym giant Basic-Fit data breach affects 1 million members
- Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
- Europol-coordinated action disrupts Tycoon2FA phishing platform
- Evolution of Ransomware: Multi-Extortion Ransomware Attacks
- Ex-data analyst stole company data in $2.5M extortion scheme
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
- FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
- FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
- FBI arrests suspect linked to $46M crypto theft from US Marshals
- FBI confirms hack of Director Patel's personal email inbox
- FBI investigates breach of surveillance and wiretap systems
- FBI links Signal phishing attacks to Russian intelligence services
- FBI seeks victims of Steam games used to spread malware
- FBI seizes Handala data leak site after Stryker cyberattack
- FBI seizes LeakBase cybercrime forum, data of 142,000 members
- FBI takedown of W3LL phishing service leads to developer arrest
- FBI warns against using Chinese mobile apps due to privacy risks
- FBI warns of Handala hackers using Telegram in malware attacks
- FBI warns of phishing attacks impersonating US city, county officials
- FBI: Americans lost a record $21 billion to cybercrime last year
- FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
- FCC bans new routers made outside the USA over security risks
- Facebook accounts unavailable in worldwide outage
- Fake Claude Code install guides push infostealers in InstallFix attacks
- Fake Google Security site uses PWA app to steal credentials, MFA codes
- Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
- Fake LastPass support email threads try to steal vault passwords
- Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
- Fake VS Code alerts on GitHub spread malware to developers
- Fake enterprise VPN downloads used to steal company credentials
- Fake enterprise VPN sites used to steal company credentials
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
- File read flaw in Smart Slider plugin impacts 500K WordPress sites
- Firefox now has a free built-in VPN with 50GB monthly data limit
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
- Florida woman imprisoned for massive Microsoft license fraud scheme
- Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
- FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
- Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
- From VMware to what’s next: Protecting data during hypervisor migration
- GIGABYTE Control Center vulnerable to arbitrary file write flaw
- GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
- German authorities identify REvil and GandCrab ransomware bosses
- German authorities identify REvil and GangCrab ransomware bosses
- Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
- Ghanain man pleads guilty to role in $100 million fraud ring
- Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
- GitHub adds AI-powered bug detection to expand security coverage
- GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
- GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
- GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
- GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
- GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
- Going the Extra Mile: Travel Rewards Turn into Underground Currency.
- Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
- Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
- Google Chrome adds infostealer protection against session cookie theft
- Google Chrome shifts to two-week release cycle for increased stability
- Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
- Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
- Google Drive ransomware detection now on by default for paying users
- Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
- Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
- Google adds ‘Advanced Flow’ for safe APK sideloading on Android
- Google fixes fourth Chrome zero-day exploited in attacks in 2026
- Google fixes two new Chrome zero-days exploited in attacks
- Google now allows you to change your @gmail.com address
- Google paid $17.1 million for vulnerability reports in 2025
- Google rolls out Gmail end-to-end encryption on mobile devices
- Google says 90 zero-days were exploited in attacks last year
- Google: Cloud attacks exploit flaws more than weak credentials
- Google: New UNC6783 hackers steal corporate Zendesk support tickets
- HPE warns of critical AOS-CX flaw allowing admin password resets
- Hacker charged with stealing $53 million from Uranium crypto exchange
- Hacker mass-mails HungerRush extortion emails to restaurant patrons
- HackerOne discloses employee data breach after Navia hack
- Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
- Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
- Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
- Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
- Hackers compromise Axios npm package to drop cross-platform malware
- Hackers exploit React2Shell in automated credential theft campaign
- Hackers exploit TrueConf zero-day to push malicious software updates
- Hackers exploit critical flaw in Ninja Forms WordPress plugin
- Hackers exploiting Acrobat Reader zero-day flaw since December
- Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
- Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
- Hackers use pixel-large SVG trick to hide credit card stealer
- Healthcare IT solutions provider ChipSoft hit by ransomware attack
- Healthcare tech firm CareCloud says hackers stole patient data
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
- Hims & Hers warns of data breach after Zendesk support ticket breach
- Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
- How AI Assistants are Moving the Security Goalposts
- How CISOs Can Survive the Era of Geopolitical Cyberattacks
- How Ceros Gives Security Teams Visibility and Control in Claude Code
- How Deepfakes and Injection Attacks Are Breaking Identity Verification
- How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
- How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
- How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
- How to Categorize AI Agents and Prioritize Risk
- How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
- How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
- How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
- INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
- IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
- ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
- ISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)
- ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)
- ISC Stormcast For Friday, March 27th, 2026 https://isc.sans.edu/podcastdetail/9868, (Fri, Mar 27th)
- ISC Stormcast For Friday, March 6th, 2026 https://isc.sans.edu/podcastdetail/9838, (Fri, Mar 6th)
- ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)
- ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
- ISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)
- ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)
- ISC Stormcast For Monday, March 30th, 2026 https://isc.sans.edu/podcastdetail/9870, (Mon, Mar 30th)
- ISC Stormcast For Monday, March 9th, 2026 https://isc.sans.edu/podcastdetail/9840, (Mon, Mar 9th)
- ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)
- ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
- ISC Stormcast For Thursday, March 12th, 2026 https://isc.sans.edu/podcastdetail/9846, (Thu, Mar 12th)
- ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)
- ISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866, (Thu, Mar 26th)
- ISC Stormcast For Thursday, March 5th, 2026 https://isc.sans.edu/podcastdetail/9836, (Thu, Mar 5th)
- ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)
- ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
- ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)
- ISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)
- ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862, (Tue, Mar 24th)
- ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
- ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)
- ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)
- ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)
- ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
- ISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)
- ISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)
- ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)
- Infinite Campus warns of breach after ShinyHunters claims data theft
- Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
- Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
- Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
- International joint action disrupts world’s largest DDoS botnets
- Investigating a New Click-Fix Variant
- Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
- Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
- Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
- Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
- Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
- Is a $30,000 GPU Good at Password Cracking?
- JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
- KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
- Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
- Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
- LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
- LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
- LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
- LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks
- LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
- LexisNexis confirms data breach as hackers leak stolen files
- LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
- LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
- Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
- Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
- Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
- Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
- Man admits to locking thousands of Windows devices in extortion plot
- Manager of botnet used in ransomware attacks gets 2 years in prison
- Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
- Marquis: Ransomware gang stole data of 672K people in cyberattack
- Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
- Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
- Max severity Flowise RCE vulnerability now exploited in attacks
- Max severity Ubiquiti UniFi flaw may allow account takeover
- Mazda discloses security breach exposing employee and partner data
- Medtech giant Stryker fully operational after data-wiping attack
- Medtech giant Stryker offline after Iran-linked wiper malware attack
- Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
- Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools
- Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
- Microsoft 365 Backup to add file-level restore for faster recovery
- Microsoft Azure Monitor alerts abused for callback phishing attacks
- Microsoft Azure Monitor alerts abused in callback phishing campaigns
- Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
- Microsoft Exchange Online outage blocks access to mailboxes
- Microsoft Exchange Online service change causes email access issues
- Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
- Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
- Microsoft Patch Tuesday, March 2026 Edition
- Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
- Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
- Microsoft Teams phishing targets employees with A0Backdoor malware
- Microsoft Teams phishing targets employees with backdoors
- Microsoft Teams will tag third-party bots trying to join meetings
- Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
- Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
- Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
- Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys
- Microsoft fixes Classic Outlook bug causing email delivery issues
- Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
- Microsoft fixes bug causing Classic Outlook sync issues with Gmail
- Microsoft investigates classic Outlook sync and connection issues
- Microsoft links Classic Outlook issue to email delivery problems
- Microsoft links Medusa ransomware affiliate to zero-day attacks
- Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
- Microsoft pulls KB5079391 Windows update over install issues
- Microsoft pulls Samsung app blocking Windows C: drive from Store
- Microsoft releases Windows 10 KB5078885 extended security update
- Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
- Microsoft removes Support and Recovery Assistant from Windows
- Microsoft rolls out fix for broken Windows Start Menu search
- Microsoft shares fix for Windows C: drive access issues on Samsung PCs
- Microsoft still working to fix Exchange Online mailbox access issues
- Microsoft still working to fix Windows Explorer white flashes
- Microsoft stops force-installing the Microsoft 365 Copilot app
- Microsoft suspends dev accounts for high-profile open source projects
- Microsoft to enable Windows hotpatch security updates by default
- Microsoft: Canadian employees targeted in payroll pirate attacks
- Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
- Microsoft: Hackers abuse OAuth error flows to spread malware
- Microsoft: Hackers abusing AI at every stage of cyberattacks
- Microsoft: March Windows updates break Teams, OneDrive sign-ins
- Microsoft: Windows 11 users can't access C: drive on some Samsung PCs
- Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
- Mississippi medical center reopens clinics hit by ransomware attack
- More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
- Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
- Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
- Musician admits to $10M streaming royalty fraud using AI bots
- N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
- Navia discloses data breach impacting 2.7 million people
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
- New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
- New 'Zombie ZIP' technique lets malware slip past security tools
- New BeatBanker Android malware poses as Starlink app to hijack devices
- New Booking.com data breach forces reservation PIN resets
- New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
- New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
- New CrystalRAT malware adds RAT, stealer and prankware features
- New EvilTokens service fuels Microsoft device code phishing attacks
- New FortiClient EMS flaw exploited in attacks, emergency patch released
- New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
- New GPUBreach attack enables system takeover via GPU rowhammer
- New Infinity Stealer malware grabs macOS data via ClickFix lures
- New KB5085516 emergency update fixes Microsoft account sign-in
- New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
- New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
- New PhantomRaven NPM attack wave steals dev data via 88 packages
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks
- New RFP Template for AI Usage Control and AI Governance
- New RoadK1ll WebSocket implant used to pivot on breached networks
- New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
- New Torg Grabber infostealer malware targets 728 crypto wallets
- New VENOM phishing attacks steal senior executives' Microsoft logins
- New Windows 11 emergency update fixes preview update install issues
- New Windows 11 hotpatch fixes Bluetooth device visibility issue
- New font-rendering trick hides malicious commands from AI tools
- New macOS stealer campaign uses Script Editor in ClickFix attack
- New ‘BlackSanta’ EDR killer spotted targeting HR departments
- New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
- New ‘Perseus’ Android malware checks user notes for secrets
- New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
- New “Darksword” iOS exploit used in infostealer attack on iPhones
- Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
- Nordstrom's email system abused to send crypto scams to customers
- North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
- North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
- Number Usage in Passwords: Take Two, (Thu, Apr 9th)
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
- Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
- Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
- Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
- OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
- OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
- OpenAI rolls out ChatGPT Library to store your personal files
- OpenAI rotates macOS certs after Axios attack hit code-signing workflow
- OpenAI says ChatGPT ads are not rolling out globally for now
- OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
- Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
- Oracle pushes emergency fix for critical Identity Manager RCE flaw
- Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
- Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
- Over 20,000 crypto fraud victims identified in international crackdown
- PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
- Paid AI Accounts Are Now a Hot Underground Commodity
- Paint maker giant AkzoNobel confirms cyberattack on U.S. site
- Phobos ransomware admin pleads guilty to wire fraud conspiracy
- Poland's nuclear research centre targeted by cyberattack
- Police dismantles online gambling ring exploiting Ukrainian women
- Police sinkholes 45,000 IP addresses in cybercrime crackdown
- Police take down 373,000 fake CSAM sites in Operation Alice
- PolyShell attacks target 56% of all vulnerable Magento stores
- Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
- Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack
- Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders
- Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
- Proton launches new "Meet" privacy-focused conferencing platform
- Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
- Ransomware gang exploits Cisco flaw in zero-day attacks since January
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
- Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
- Residential proxies evaded IP reputation checks in 78% of 4B sessions
- Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
- Russia Hacked Routers to Steal Microsoft Office Tokens
- Russia arrests suspected owner of LeakBase cybercrime forum
- Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
- Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
- Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
- Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
- SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
- Scans for "adminer", (Wed, Mar 18th)
- Scans for EncystPHP Webshell, (Mon, Apr 13th)
- Shadow AI is everywhere. Here’s how to find and secure it.
- ShinyHunters claims ongoing Salesforce Aura data theft attacks
- ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
- Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
- Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
- Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
- SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
- Smart Slider updates hijacked to push malicious WordPress, Joomla versions
- SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)
- SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)
- Snowflake customers hit in data theft attacks after SaaS integrator breach
- Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
- Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
- Star Citizen game dev discloses breach affecting user data
- Starbucks discloses data breach affecting hundreds of employees
- Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
- Stolen Rockstar Games analytics data leaked by extortion gang
- Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
- Stryker attack wiped tens of thousands of devices, no malware needed
- Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
- Suspected RedLine infostealer malware admin extradited to US
- TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
- TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
- TP-Link warns users to patch critical router auth bypass flaw
- Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
- TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
- TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
- TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
- TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
- TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)
- TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)
- TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)
- TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
- TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
- TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
- TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
- TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
- Telus Digital confirms breach after hacker claims 1 petabyte data theft
- Termite ransomware breaches linked to ClickFix CastleRAT attacks
- The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
- The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
- The Hidden Cost of Recurring Credential Incidents
- The Hidden Security Risks of Shadow AI in Enterprises
- The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
- The Kill Chain Is Obsolete When Your AI Agent Is the Threat
- The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
- The New Turing Test: How Threats Use Geometry to Prove 'Humanness'
- The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
- The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
- The State of Trusted Open Source Report
- The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
- The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
- Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
- ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
- ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
- ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
- ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
- ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
- Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
- TikTok for Business accounts targeted in new phishing campaign
- Tool updates: lots of security and logic fixes, (Mon, Mar 23rd)
- Top 5 Things CISOs Need to Do Today to Secure AI Agents
- Traffic violation scams switch to QR codes in new phishing texts
- Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
- Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
- Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
- Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
- Trivy supply-chain attack spreads to Docker, GitHub repos
- Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
- TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
- Tycoon2FA phishing platform returns after recent police disruption
- U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
- UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
- UH Cancer Center data breach affects nearly 1.2 million people
- UK sanctions Xinbi marketplace linked to Asian scam centers
- UK warns of Iranian cyberattack risks amid Middle-East conflict
- UK’s Companies House confirms security flaw exposed business data
- UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
- UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
- UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
- US charges another ransomware negotiator linked to BlackCat attacks
- US disrupts SocksEscort proxy network powered by Linux malware
- US warns of Iranian hackers targeting critical infrastructure
- Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
- Varonis Atlas: Securing AI and the Data That Powers It
- Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
- Veeam warns of critical flaws exposing backup servers to RCE attacks
- Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
- VoidStealer malware steals Chrome master key via debugger trick
- Want More XWorm?, (Wed, Mar 4th)
- We Are At War
- We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
- Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
- WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
- Webinar: From noise to signal - What threat actors are targeting next
- What Boards Must Demand in the Age of AI-Automated Exploitation
- WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
- WhatsApp introduces parent-managed accounts for pre-teens
- WhatsApp rolls out more AI features, iOS multi-account support
- When attackers already have the keys, MFA is just another door to open
- When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)
- Where Multi-Factor Authentication Stops and Credential Abuse Starts
- Why Password Audits Miss the Accounts Attackers Actually Want
- Why Security Validation Is Becoming Agentic
- Why Simple Breach Monitoring is No Longer Enough
- Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
- Why Your Automated Pentesting Tool Just Hit a Wall
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages
- Windows 10 KB5075039 update fixes broken Recovery Environment
- Windows 11 KB5079391 update rolls out Smart App Control improvements
- Windows 11 KB5079473 & KB5078883 cumulative updates released
- WordPress membership plugin bug exploited to create admin accounts
- YARA-X 1.14.0 Release, (Sat, Mar 7th)
- Yanluowang ransomware access broker gets 81 months in prison
- Your MTTD Looks Great. Your Post-Alert Gap Doesn't
- Zero Trust: Bridging the Gap Between Authentication and Trust
- [Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
- [Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
- ‘CanisterWorm’ Springs Wiper Attack Targeting Iran
- ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
- ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
- ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
- ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
- ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
- ⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
- ⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More