notice: please create a custom view template for the cybersec class view-cybersec.html
DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
A lot of the information seen on DShield honeypots [1] is repeated bot traffic, especially when looking at the Cowrie [2] telnet and SSH sessions. However, how long a session lasts, how many commands are run per session and what the last commands run before a session disconnects can vary. Some of this information could help indicate whether a session is automated and if a honeypot was fingerprinted. This information can also be used to find more interesting honeypot sessions.
12:10 am, March 30, 2026
guid
https://isc.sans.edu/diary/rss/32840
source_url
https://isc.sans.edu/diary/rss/32840
id: 406
uid: bepzh
insdate: 2026-03-30 00:10:06
title: DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
additional:
category: Cybersecurity
md5:
guid: https://isc.sans.edu/diary/rss/32840
source_url: https://isc.sans.edu/diary/rss/32840
updated:
image:
author_name:
author_link:
uid: bepzh
insdate: 2026-03-30 00:10:06
title: DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
additional:
A lot of the information seen on DShield honeypots [1] is repeated bot traffic, especially when looking at the Cowrie [2] telnet and SSH sessions. However, how long a session lasts, how many commands are run per session and what the last commands run before a session disconnects can vary. Some of this information could help indicate whether a session is automated and if a honeypot was fingerprinted. This information can also be used to find more interesting honeypot sessions.
category: Cybersecurity
md5:
guid: https://isc.sans.edu/diary/rss/32840
source_url: https://isc.sans.edu/diary/rss/32840
updated:
image:
author_name:
author_link:
Add Comment
AI Testing
Page Views
This page has been viewed 3 times.
Search cybersec
Category List cybersec
- Cybersecurity
- $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
- 'NoVoice' Android malware on Google Play infected 2.3 million devices
- /proxy/ URL scans with IP addresses, (Mon, Mar 16th)
- 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
- 13-year-old bug in ActiveMQ lets hackers remotely execute commands
- 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
- 2026 Browser Data Reveals Major Enterprise Security Blind Spots
- 3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
- 3 SOC Process Fixes That Unlock Tier 1 Productivity
- 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
- 5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
- 54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
- 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
- 7 Ways to Prevent Privilege Escalation via Password Resets
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
- A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
- A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
- AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
- AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
- AI-generated Slopoly malware used in Interlock ransomware attack
- APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
- APT28 hackers deploy customized variant of Covenant open-source tool
- APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
- Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
- Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
- Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
- Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
- Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
- AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
- Ajax football club hack exposed fan data, enabled ticket hijack
- Alabama man pleads guilty to hacking, extorting hundreds of women
- Amazon: Drone strikes damaged AWS data centers in Middle East
- Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
- Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
- Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
- Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
- Android Developer Verification Rollout Begins Ahead of September Enforcement
- Android gets patches for Qualcomm zero-day exploited in attacks
- Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
- Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
- Anti-piracy coalition takes down AnimePlay app with 5 million users
- Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
- Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
- Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
- Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
- Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
- Apple adds macOS Terminal warning to block ClickFix attacks
- Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
- Apple patches older iPhones and iPads against Coruna exploits
- Apple pushes first Background Security Improvements update to fix WebKit flaw
- Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)
- AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
- Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
- Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
- Aura confirms data breach exposing 900,000 marketing contacts
- Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
- Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
- Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
- Axios npm hack used fake Teams error fix to hijack maintainer account
- BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
- Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
- Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
- Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
- Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
- Betterleaks, a new open-source secrets scanner to replace Gitleaks
- Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
- Bitrefill blames North Korean Lazarus group for cyberattack
- Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
- Bitwarden adds support for passkey login on Windows 11
- Block the Prompt, Not the Work: The End of "Doctor No"
- Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
- Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
- Bubble AI app builder abused to steal Microsoft account credentials
- Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
- CERT-EU: European Commission hack exposes data of 30 EU entities
- CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
- CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
- CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
- CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
- CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
- CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
- CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks
- CISA flags Wing FTP Server flaw as actively exploited in attacks
- CISA orders feds to patch DarkSword iOS flaws exploited attacks
- CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
- CISA orders feds to patch Zimbra XSS flaw exploited in attacks
- CISA orders feds to patch actively exploited Citrix flaw by Thursday
- CISA orders feds to patch exploited Fortinet EMS flaw by Friday
- CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
- CISA orders feds to patch max-severity Cisco flaw by Sunday
- CISA orders feds to patch n8n RCE flaw exploited in attacks
- CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
- CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
- CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
- CISA: New Langflow flaw actively exploited to hijack AI workflows
- CISA: Recently patched Ivanti EPM flaw now actively exploited
- CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
- CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
- Can the Security Platform Finally Deliver for the Mid-Market?
- Canadian retail giant Loblaw notifies customers of data breach
- Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
- ChatGPT rolls out new $100 Pro subscription to challenge Claude
- China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
- China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
- China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
- China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
- Chinese state hackers target telcos with new malware toolkit
- Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
- Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
- Cisco flags more SD-WAN flaws as actively exploited in attacks
- Cisco source code stolen in Trivy-linked dev environment breach
- Cisco warns of max severity Secure FMC flaws giving root access
- Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
- Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
- Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
- Citrix urges admins to patch NetScaler flaws as soon as possible
- Claude AI finds Vim, Emacs RCE bugs that trigger on file open
- Claude Code Security and Magecart: Getting the Threat Model Right
- Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
- Claude Code leak used to push infostealer malware on GitHub
- Claude Code source code accidentally leaked in NPM package
- Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
- ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
- Cognizant TriZetto breach exposes health data of 3.4 million patients
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets
- ConnectWise patches new flaw allowing ScreenConnect hijacking
- Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
- Coruna iOS exploit framework linked to Triangulation attacks
- Critical Cisco IMC auth bypass gives attackers Admin access
- Critical Citrix NetScaler memory flaw actively exploited in attacks
- Critical Fortinet Forticlient EMS flaw now exploited in attacks
- Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
- Critical Marimo pre-auth RCE flaw now under active exploitation
- Critical Microsoft SharePoint flaw now exploited in attacks
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
- Critical flaw in wolfSSL library enables forged certificate use
- Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
- Crunchyroll probes breach after hacker claims to steal 6.8M users' data
- CyberStrikeAI tool adopted by hackers for AI-powered attacks
- DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
- DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
- DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
- DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
- DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
- Detecting IP KVMs, (Tue, Mar 24th)
- Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
- Device code phishing attacks surge 37x as new kits spread online
- Die Linke German political party confirms data stolen by Qilin ransomware
- Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
- DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
- Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
- Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
- Drift $280M crypto theft linked to 6-month in-person operation
- Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
- Drift loses $280 million North Korean hackers seize Security Council powers
- Drift loses $280 million as hackers seize Security Council powers
- Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
- Dutch Finance Ministry takes treasury banking portal offline after breach
- Dutch Ministry of Finance discloses breach affecting employees
- Dutch Police discloses security breach after phishing attack
- Dutch govt warns of Signal, WhatsApp account hijacking attacks
- EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
- EU court adviser says banks must immediately refund phishing victims
- Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
- England Hockey investigating ransomware data breach
- Ericsson US discloses data breach after service provider hack
- Eurail says December data breach impacts 300,000 individuals
- Europe sanctions Chinese and Iranian firms for cyberattacks
- European Commission confirms data breach after Europa.eu hack
- European Commission investigating breach after Amazon cloud account hack
- European Commission investigating breach after Amazon cloud hack
- European Gym giant Basic-Fit data breach affects 1 million members
- Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
- Europol-coordinated action disrupts Tycoon2FA phishing platform
- Evolution of Ransomware: Multi-Extortion Ransomware Attacks
- Ex-data analyst stole company data in $2.5M extortion scheme
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
- FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
- FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
- FBI arrests suspect linked to $46M crypto theft from US Marshals
- FBI confirms hack of Director Patel's personal email inbox
- FBI investigates breach of surveillance and wiretap systems
- FBI links Signal phishing attacks to Russian intelligence services
- FBI seeks victims of Steam games used to spread malware
- FBI seizes Handala data leak site after Stryker cyberattack
- FBI seizes LeakBase cybercrime forum, data of 142,000 members
- FBI takedown of W3LL phishing service leads to developer arrest
- FBI warns against using Chinese mobile apps due to privacy risks
- FBI warns of Handala hackers using Telegram in malware attacks
- FBI warns of phishing attacks impersonating US city, county officials
- FBI: Americans lost a record $21 billion to cybercrime last year
- FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
- FCC bans new routers made outside the USA over security risks
- Facebook accounts unavailable in worldwide outage
- Fake Claude Code install guides push infostealers in InstallFix attacks
- Fake Google Security site uses PWA app to steal credentials, MFA codes
- Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
- Fake LastPass support email threads try to steal vault passwords
- Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
- Fake VS Code alerts on GitHub spread malware to developers
- Fake enterprise VPN downloads used to steal company credentials
- Fake enterprise VPN sites used to steal company credentials
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
- File read flaw in Smart Slider plugin impacts 500K WordPress sites
- Firefox now has a free built-in VPN with 50GB monthly data limit
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
- Florida woman imprisoned for massive Microsoft license fraud scheme
- Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
- FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
- Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
- From VMware to what’s next: Protecting data during hypervisor migration
- GIGABYTE Control Center vulnerable to arbitrary file write flaw
- GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
- German authorities identify REvil and GandCrab ransomware bosses
- German authorities identify REvil and GangCrab ransomware bosses
- Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
- Ghanain man pleads guilty to role in $100 million fraud ring
- Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
- GitHub adds AI-powered bug detection to expand security coverage
- GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
- GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
- GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
- GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
- GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
- Going the Extra Mile: Travel Rewards Turn into Underground Currency.
- Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
- Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
- Google Chrome adds infostealer protection against session cookie theft
- Google Chrome shifts to two-week release cycle for increased stability
- Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
- Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
- Google Drive ransomware detection now on by default for paying users
- Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
- Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
- Google adds ‘Advanced Flow’ for safe APK sideloading on Android
- Google fixes fourth Chrome zero-day exploited in attacks in 2026
- Google fixes two new Chrome zero-days exploited in attacks
- Google now allows you to change your @gmail.com address
- Google paid $17.1 million for vulnerability reports in 2025
- Google rolls out Gmail end-to-end encryption on mobile devices
- Google says 90 zero-days were exploited in attacks last year
- Google: Cloud attacks exploit flaws more than weak credentials
- Google: New UNC6783 hackers steal corporate Zendesk support tickets
- HPE warns of critical AOS-CX flaw allowing admin password resets
- Hacker charged with stealing $53 million from Uranium crypto exchange
- Hacker mass-mails HungerRush extortion emails to restaurant patrons
- HackerOne discloses employee data breach after Navia hack
- Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
- Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
- Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
- Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
- Hackers compromise Axios npm package to drop cross-platform malware
- Hackers exploit React2Shell in automated credential theft campaign
- Hackers exploit TrueConf zero-day to push malicious software updates
- Hackers exploit critical flaw in Ninja Forms WordPress plugin
- Hackers exploiting Acrobat Reader zero-day flaw since December
- Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
- Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
- Hackers use pixel-large SVG trick to hide credit card stealer
- Healthcare IT solutions provider ChipSoft hit by ransomware attack
- Healthcare tech firm CareCloud says hackers stole patient data
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
- Hims & Hers warns of data breach after Zendesk support ticket breach
- Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
- How AI Assistants are Moving the Security Goalposts
- How CISOs Can Survive the Era of Geopolitical Cyberattacks
- How Ceros Gives Security Teams Visibility and Control in Claude Code
- How Deepfakes and Injection Attacks Are Breaking Identity Verification
- How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
- How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
- How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
- How to Categorize AI Agents and Prioritize Risk
- How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
- How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
- How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
- INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
- IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
- ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
- ISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)
- ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)
- ISC Stormcast For Friday, March 27th, 2026 https://isc.sans.edu/podcastdetail/9868, (Fri, Mar 27th)
- ISC Stormcast For Friday, March 6th, 2026 https://isc.sans.edu/podcastdetail/9838, (Fri, Mar 6th)
- ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)
- ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
- ISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)
- ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)
- ISC Stormcast For Monday, March 30th, 2026 https://isc.sans.edu/podcastdetail/9870, (Mon, Mar 30th)
- ISC Stormcast For Monday, March 9th, 2026 https://isc.sans.edu/podcastdetail/9840, (Mon, Mar 9th)
- ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)
- ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
- ISC Stormcast For Thursday, March 12th, 2026 https://isc.sans.edu/podcastdetail/9846, (Thu, Mar 12th)
- ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)
- ISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866, (Thu, Mar 26th)
- ISC Stormcast For Thursday, March 5th, 2026 https://isc.sans.edu/podcastdetail/9836, (Thu, Mar 5th)
- ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)
- ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
- ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)
- ISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)
- ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862, (Tue, Mar 24th)
- ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
- ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)
- ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)
- ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)
- ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
- ISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)
- ISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)
- ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)
- Infinite Campus warns of breach after ShinyHunters claims data theft
- Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
- Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
- Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
- International joint action disrupts world’s largest DDoS botnets
- Investigating a New Click-Fix Variant
- Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
- Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
- Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
- Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
- Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
- Is a $30,000 GPU Good at Password Cracking?
- JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
- KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
- Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
- Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
- LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
- LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
- LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
- LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks
- LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
- LexisNexis confirms data breach as hackers leak stolen files
- LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
- LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
- Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
- Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
- Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
- Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
- Man admits to locking thousands of Windows devices in extortion plot
- Manager of botnet used in ransomware attacks gets 2 years in prison
- Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
- Marquis: Ransomware gang stole data of 672K people in cyberattack
- Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
- Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
- Max severity Flowise RCE vulnerability now exploited in attacks
- Max severity Ubiquiti UniFi flaw may allow account takeover
- Mazda discloses security breach exposing employee and partner data
- Medtech giant Stryker fully operational after data-wiping attack
- Medtech giant Stryker offline after Iran-linked wiper malware attack
- Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
- Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools
- Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
- Microsoft 365 Backup to add file-level restore for faster recovery
- Microsoft Azure Monitor alerts abused for callback phishing attacks
- Microsoft Azure Monitor alerts abused in callback phishing campaigns
- Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
- Microsoft Exchange Online outage blocks access to mailboxes
- Microsoft Exchange Online service change causes email access issues
- Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
- Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
- Microsoft Patch Tuesday, March 2026 Edition
- Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
- Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
- Microsoft Teams phishing targets employees with A0Backdoor malware
- Microsoft Teams phishing targets employees with backdoors
- Microsoft Teams will tag third-party bots trying to join meetings
- Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
- Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
- Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
- Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys
- Microsoft fixes Classic Outlook bug causing email delivery issues
- Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
- Microsoft fixes bug causing Classic Outlook sync issues with Gmail
- Microsoft investigates classic Outlook sync and connection issues
- Microsoft links Classic Outlook issue to email delivery problems
- Microsoft links Medusa ransomware affiliate to zero-day attacks
- Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
- Microsoft pulls KB5079391 Windows update over install issues
- Microsoft pulls Samsung app blocking Windows C: drive from Store
- Microsoft releases Windows 10 KB5078885 extended security update
- Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
- Microsoft removes Support and Recovery Assistant from Windows
- Microsoft rolls out fix for broken Windows Start Menu search
- Microsoft shares fix for Windows C: drive access issues on Samsung PCs
- Microsoft still working to fix Exchange Online mailbox access issues
- Microsoft still working to fix Windows Explorer white flashes
- Microsoft stops force-installing the Microsoft 365 Copilot app
- Microsoft suspends dev accounts for high-profile open source projects
- Microsoft to enable Windows hotpatch security updates by default
- Microsoft: Canadian employees targeted in payroll pirate attacks
- Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
- Microsoft: Hackers abuse OAuth error flows to spread malware
- Microsoft: Hackers abusing AI at every stage of cyberattacks
- Microsoft: March Windows updates break Teams, OneDrive sign-ins
- Microsoft: Windows 11 users can't access C: drive on some Samsung PCs
- Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
- Mississippi medical center reopens clinics hit by ransomware attack
- More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
- Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
- Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
- Musician admits to $10M streaming royalty fraud using AI bots
- N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
- Navia discloses data breach impacting 2.7 million people
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
- New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
- New 'Zombie ZIP' technique lets malware slip past security tools
- New BeatBanker Android malware poses as Starlink app to hijack devices
- New Booking.com data breach forces reservation PIN resets
- New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
- New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
- New CrystalRAT malware adds RAT, stealer and prankware features
- New EvilTokens service fuels Microsoft device code phishing attacks
- New FortiClient EMS flaw exploited in attacks, emergency patch released
- New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
- New GPUBreach attack enables system takeover via GPU rowhammer
- New Infinity Stealer malware grabs macOS data via ClickFix lures
- New KB5085516 emergency update fixes Microsoft account sign-in
- New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
- New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
- New PhantomRaven NPM attack wave steals dev data via 88 packages
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks
- New RFP Template for AI Usage Control and AI Governance
- New RoadK1ll WebSocket implant used to pivot on breached networks
- New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
- New Torg Grabber infostealer malware targets 728 crypto wallets
- New VENOM phishing attacks steal senior executives' Microsoft logins
- New Windows 11 emergency update fixes preview update install issues
- New Windows 11 hotpatch fixes Bluetooth device visibility issue
- New font-rendering trick hides malicious commands from AI tools
- New macOS stealer campaign uses Script Editor in ClickFix attack
- New ‘BlackSanta’ EDR killer spotted targeting HR departments
- New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
- New ‘Perseus’ Android malware checks user notes for secrets
- New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
- New “Darksword” iOS exploit used in infostealer attack on iPhones
- Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
- Nordstrom's email system abused to send crypto scams to customers
- North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
- North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
- Number Usage in Passwords: Take Two, (Thu, Apr 9th)
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
- Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
- Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
- Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
- OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
- OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
- OpenAI rolls out ChatGPT Library to store your personal files
- OpenAI rotates macOS certs after Axios attack hit code-signing workflow
- OpenAI says ChatGPT ads are not rolling out globally for now
- OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
- Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
- Oracle pushes emergency fix for critical Identity Manager RCE flaw
- Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
- Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
- Over 20,000 crypto fraud victims identified in international crackdown
- PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
- Paid AI Accounts Are Now a Hot Underground Commodity
- Paint maker giant AkzoNobel confirms cyberattack on U.S. site
- Phobos ransomware admin pleads guilty to wire fraud conspiracy
- Poland's nuclear research centre targeted by cyberattack
- Police dismantles online gambling ring exploiting Ukrainian women
- Police sinkholes 45,000 IP addresses in cybercrime crackdown
- Police take down 373,000 fake CSAM sites in Operation Alice
- PolyShell attacks target 56% of all vulnerable Magento stores
- Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
- Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack
- Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders
- Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
- Proton launches new "Meet" privacy-focused conferencing platform
- Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
- Ransomware gang exploits Cisco flaw in zero-day attacks since January
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
- Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
- Residential proxies evaded IP reputation checks in 78% of 4B sessions
- Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
- Russia Hacked Routers to Steal Microsoft Office Tokens
- Russia arrests suspected owner of LeakBase cybercrime forum
- Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
- Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks
- Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
- Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
- SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
- Scans for "adminer", (Wed, Mar 18th)
- Scans for EncystPHP Webshell, (Mon, Apr 13th)
- Shadow AI is everywhere. Here’s how to find and secure it.
- ShinyHunters claims ongoing Salesforce Aura data theft attacks
- ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
- Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
- Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
- Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
- SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
- Smart Slider updates hijacked to push malicious WordPress, Joomla versions
- SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)
- SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)
- Snowflake customers hit in data theft attacks after SaaS integrator breach
- Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
- Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks
- Star Citizen game dev discloses breach affecting user data
- Starbucks discloses data breach affecting hundreds of employees
- Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
- Stolen Rockstar Games analytics data leaked by extortion gang
- Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
- Stryker attack wiped tens of thousands of devices, no malware needed
- Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
- Suspected RedLine infostealer malware admin extradited to US
- TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
- TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
- TP-Link warns users to patch critical router auth bypass flaw
- Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
- TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
- TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
- TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
- TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
- TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)
- TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)
- TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)
- TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
- TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
- TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
- TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
- TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
- Telus Digital confirms breach after hacker claims 1 petabyte data theft
- Termite ransomware breaches linked to ClickFix CastleRAT attacks
- The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
- The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
- The Hidden Cost of Recurring Credential Incidents
- The Hidden Security Risks of Shadow AI in Enterprises
- The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
- The Kill Chain Is Obsolete When Your AI Agent Is the Threat
- The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
- The New Turing Test: How Threats Use Geometry to Prove 'Humanness'
- The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
- The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
- The State of Trusted Open Source Report
- The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
- The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
- Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
- ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More
- ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More
- ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
- ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
- ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
- ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
- Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
- TikTok for Business accounts targeted in new phishing campaign
- Tool updates: lots of security and logic fixes, (Mon, Mar 23rd)
- Top 5 Things CISOs Need to Do Today to Secure AI Agents
- Traffic violation scams switch to QR codes in new phishing texts
- Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
- Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
- Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
- Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
- Trivy supply-chain attack spreads to Docker, GitHub repos
- Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
- TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
- Tycoon2FA phishing platform returns after recent police disruption
- U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
- UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
- UH Cancer Center data breach affects nearly 1.2 million people
- UK sanctions Xinbi marketplace linked to Asian scam centers
- UK warns of Iranian cyberattack risks amid Middle-East conflict
- UK’s Companies House confirms security flaw exposed business data
- UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
- UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
- UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
- US charges another ransomware negotiator linked to BlackCat attacks
- US disrupts SocksEscort proxy network powered by Linux malware
- US warns of Iranian hackers targeting critical infrastructure
- Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
- Varonis Atlas: Securing AI and the Data That Powers It
- Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
- Veeam warns of critical flaws exposing backup servers to RCE attacks
- Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
- VoidStealer malware steals Chrome master key via debugger trick
- Want More XWorm?, (Wed, Mar 4th)
- We Are At War
- We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them
- Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
- WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
- Webinar: From noise to signal - What threat actors are targeting next
- What Boards Must Demand in the Age of AI-Automated Exploitation
- WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
- WhatsApp introduces parent-managed accounts for pre-teens
- WhatsApp rolls out more AI features, iOS multi-account support
- When attackers already have the keys, MFA is just another door to open
- When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)
- Where Multi-Factor Authentication Stops and Credential Abuse Starts
- Why Password Audits Miss the Accounts Attackers Actually Want
- Why Security Validation Is Becoming Agentic
- Why Simple Breach Monitoring is No Longer Enough
- Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
- Why Your Automated Pentesting Tool Just Hit a Wall
- Wikipedia hit by self-propagating JavaScript worm that vandalized pages
- Windows 10 KB5075039 update fixes broken Recovery Environment
- Windows 11 KB5079391 update rolls out Smart App Control improvements
- Windows 11 KB5079473 & KB5078883 cumulative updates released
- WordPress membership plugin bug exploited to create admin accounts
- YARA-X 1.14.0 Release, (Sat, Mar 7th)
- Yanluowang ransomware access broker gets 81 months in prison
- Your MTTD Looks Great. Your Post-Alert Gap Doesn't
- Zero Trust: Bridging the Gap Between Authentication and Trust
- [Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
- [Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
- ‘CanisterWorm’ Springs Wiper Attack Targeting Iran
- ⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
- ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
- ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
- ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
- ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
- ⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
- ⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More