Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam campaign
Google has filed a civil lawsuit against the Chinese group Outsider Enterprise, accusing it of using the Gemini generative‑AI model to mass‑produce phishing sites and send millions of fraudulent text messages. The operation deployed roughly 9,000 fake websites, a million malicious domains and dispatched 2.5 million scam texts in two weeks, scamming hundreds of thousands and causing losses in the millions of dollars. Google says the suit aims to dismantle the network and prevent further AI‑enabled abuse.
Also developing:
US Official Accuses China of Supporting, Exploiting Cyber Scam Crisis in Southeast Asia
A senior U.S. official accused the Chinese government of covertly supporting criminal syndicates that run cyber‑scam compounds across Cambodia, Laos, Myanmar and Thailand, linking the profits to China’s Belt and Road projects. The hearing highlighted that these scams steal more than $16 billion from Americans annually and may generate about $44 billion for the host countries, roughly 40% of their combined GDP. Evidence was presented that Chinese authorities have tolerated or even rewarded scam leaders who promote CCP messaging, while selectively cracking down on operations that target Chinese citizens. Law‑enforcement officials warned that limited foreign cooperation hampers U.S. efforts to dismantle the networks.
Automate ISO 27001, SOC 2, and DORA Compliance with Expert CISO Support, Starting at -2,999/Year
Copla, an EU‑based compliance‑automation platform, offers automated ISO 27001, SOC 2, DORA and other frameworks with dedicated CISO support, starting at €2,999 ($3,269) per year. The tool claims up to 80% reduction in compliance workload by reusing controls across six standards and...
Ransomware Group Claims It Stole Data From Monmouth University
The PEAR (Pure Extraction and Ransom) ransomware gang announced it stole roughly 16 terabytes of data from Monmouth University in New Jersey. University President Patrick Leahy confirmed unauthorized access and said cybersecurity experts and law‑enforcement are investigating. Comparitech highlighted the breach as...
‘Update Now’: Apple Issues Urgent Warning to iPhone Users
Apple released iOS 26.4 on March 26, 2026, urging all iPhone 11 and newer, plus recent iPad models, to install immediately. The update bundles 37 security fixes, including six WebKit XSS patches, mitigation of the DarkSword full‑chain exploit, and kernel‑level protections against privilege escalation....
How to Spot Artificial Intelligence Recruiters Who Target Candidates From LinkedIn
Research firm Gartner predicts that by 2028 one in four job candidates worldwide will be fabricated, fueling a surge in AI‑generated recruiter outreach. Executives are receiving polished, generic emails that often originate from Gmail accounts and contain vague role descriptions,...
Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code
Georgia Tech’s Vibe Security Radar identified 35 new AI‑generated code vulnerabilities in March 2026, raising the quarterly total to 74 confirmed CVEs linked to AI coding tools. The project tracks roughly 50 AI‑assisted development platforms, with Anthropic’s Claude Code accounting for...
Accenture Introduces Cyber.AI Platform Powered by Anthropic Claude
Accenture has launched Cyber.AI, an AI‑driven cybersecurity platform built with Anthropic’s Claude model. The solution combines autonomous agents with Claude’s reasoning engine and includes Agent Shield for real‑time governance of AI agents. In Accenture’s own environment, the platform secured 1,600...
Copilot to Train on GitHub, Security Agents Comes Free(ish) to 365 E5
Microsoft announced that GitHub Copilot will continue training on publicly available GitHub code, but enterprise customers are excluded from contributing data to the model. At the same time, Microsoft 365 E5 subscribers will receive Microsoft’s security agents enabled by default...
Quish Splash QR Code Phishing Campaign Hits 1.6 Million Users
Researchers at 7AI uncovered the "Quish Splash" campaign, which dispatched over 1.6 million phishing emails in less than three weeks. The attackers embedded malicious URLs inside BMP‑format QR‑code images, a technique that slipped past Microsoft Defender and other email filters. By...
Supply‑Chain Cyber Threats Surge: FCC Router Ban, LiteLLM Hack, HackerOne Breach
The U.S. FCC moved to bar new foreign‑made routers, a malicious update to the popular LiteLLM Python package infected up to half a million downloads, and HackerOne disclosed a breach of 287 employees through benefits provider Navia. Together the events...
Signal CTO Warns Mandatory Age‑Verification Laws Threaten Minor Privacy
At the Don’t Be Evil conference in Austin, Signal CTO Ehren Kret warned that pending age‑verification mandates across the U.S., EU and other regions risk compromising minors' privacy. He urged lawmakers to require privacy‑preserving verification methods, citing zero‑knowledge proofs as...
HackerOne Discloses Supply‑Chain Breach Exposing Data of 287 Employees via Navia
HackerOne confirmed that a supply‑chain attack on its benefits provider Navia exposed the personal data of 287 employees, including Social Security numbers and health‑plan details. The breach, discovered in early 2026, adds to a larger Navia incident that impacted roughly...
Germany Classifies Cybersecurity Threats for Energy Infrastructure
Germany’s Federal Network Agency will adopt a new classification framework developed by Fraunhofer IOSB‑AST to evaluate cybersecurity incidents in the energy sector under the EU NIS 2 Directive. The methodology introduces a three‑stage, risk‑based model that moves from initial incident reporting...
Pro-Ukraine Hacker Group Bearlyfy Targets Russian Companies with Custom Ransomware
Pro‑Ukraine hacker group Bearlyfy has launched more than 70 cyber‑attacks against Russian companies in the past year, escalating its campaign with a custom Windows ransomware strain called GenieLocker. Early operations demanded only a few thousand dollars, but recent ransom notes...
Security, Resilience, and the Future of Mobile Infrastructure
The episode explores the massive security breach known as Salt Typhoon, which gave China access to U.S. cellular networks, and discusses how the Navy and a startup called CAPE are building a resilient, secure mobile infrastructure that can operate over...
Cybersecurity Tops List of Infrastructure Deal Risks
Research by S‑RM shows cybersecurity has become the top reason digital and telecom infrastructure deals collapse, with 76 % of 150 global investors citing cyber concerns as the primary blocker. Over the past three years, 65 % of those investors experienced at...
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware
Threat actors are standardizing a ClickFix social‑engineering attack that lures victims into running malicious commands via the Windows Run dialog, PowerShell, or macOS Terminal. Insikt Group identified five active clusters since May 2024, impersonating brands like QuickBooks, Booking.com, and Zillow. The...
More on Vendor AI Risks
Companies are grappling with how to treat AI‑enhanced vendor upgrades under existing shadow‑AI bans. The article argues that such upgrades are fundamentally an IT control issue—un‑tested software entering production—rather than a new compliance violation. It highlights recent high‑profile incidents like...
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
Researchers at eSentire disclosed a new EtherRAT campaign that hides command‑and‑control (C2) addresses inside Ethereum smart contracts, a technique they call EtherHiding. The malware, delivered via Node.js backdoors after initial access through Teams support scams and ClickFix attacks, retrieves C2...
AI-Powered Dependency Decisions Introduce, Ignore Security Bugs
Sonatype’s latest research reveals that even the most advanced AI models—referred to as frontier models—frequently generate erroneous software‑dependency recommendations, with nearly 28% of suggestions being outright hallucinations. The study examined 258,000 recommendations across Maven, npm, PyPI and NuGet, finding that...
AI: Cybersecurity’s Double‑Edged Sword Demands New Strategies
AI in cybersecurity is your new frenemy. It supercharges attacks via rogue AI and blind spots, yet also defends at machine speed, spotting patterns and automating responses. Success requires adapting classic security. https://t.co/9XdfJYGyDr
AviaGames Opens Global Trust Centre in Singapore to Boost Real-Money Game Security
AviaGames has opened a Global Trust Centre in Singapore to centralise cybersecurity and data‑protection for its real‑money games. The facility will be overseen by former AWS security leader Dr. Jan Wang, who will drive compliance strategy across multiple jurisdictions. AviaGames...
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
Leak Bazaar, a new Russian‑speaking cyber‑crime service, debuted on March 25, 2026, offering a structured marketplace that transforms raw stolen corporate data into refined, buyer‑ready datasets. The platform combines automated filtering, machine‑learning analysis, and human validation to repackage information into...
Cloud Phones Become New Threat to Banking App Users
Cloud phones are the latest tool to be used against banking app users and the security community should take notice. https://t.co/temWl9DMlh
TikTok for Business Accounts Targeted in New Phishing Campaign
A new phishing campaign is specifically targeting TikTok for Business accounts, luring users with fake “Schedule a Call” pages that mimic TikTok and Google Careers interfaces. The malicious sites are hosted on a shared Google Storage bucket and use Cloudflare...
New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data
CyberProof reports a 8‑10% surge in PXA Stealer attacks on financial institutions during Q1 2026, positioning the malware as the successor to takedown‑prone infostealers like RedLine and Lumma. The campaign spreads through convincing phishing emails that mimic tax forms, legal notices, or...
Don't Rely on Hope for Firmware Security
This is how many view firmware updates. Wishing for the best is not the best security strategy... https://t.co/MnyAcBQT6u
Acalvio ShadowPlex Review: Deception-Based Preemptive Cybersecurity
Acalvio ShadowPlex is an AI‑powered, agentless deception platform that projects decoys, breadcrumbs, and honeytokens across endpoints, cloud, OT, and identity layers to detect attacker intent early. The solution feeds high‑confidence alerts into existing SOC workflows via integrations with SIEM, SOAR,...
Two Popular Apps Poisoned in One Week – Don’t Fall Victim!
Two supply‑chain poisoning incidents hit popular development tools this week, the first involving Apifox’s content‑delivery network. After March 4, the app loaded a tampered 77KB JavaScript file instead of the legitimate 34KB version. The malicious script leveraged Apifox’s Electron framework, which...
Keepit Annual Data Report 2026 Highlights the Path From SaaS Adoption to Proven Recovery Readiness
Keepit released its Annual Data Report 2026, analyzing real‑world backup and restore activity across SaaS users from 2025. The study shows that 90% of restores are single‑file downloads while nine‑in‑ten enterprises have validated bulk recovery, indicating growing maturity among larger...
![[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCypzkb6uvHuNx6LKknUqtvQFoqsr6aalztDeBKT1aaUASzfjZMZAZqExx1k0w5iKWl08lx3MxbM_FwWxAvBdZODEerioaMp8OHVvhSjC8VL3uAW9_NMniMl_niggBVhVMdDFu2324YyhW5TrK4fua1PXlrb0DweOULvNgi5mlQUZUct_dIX3OePrfqks/s1700-e365/validate.jpg)
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
The upcoming cybersecurity webinar teaches organizations how to move beyond guesswork by validating defenses against real‑world attack paths, including those targeting autonomous AI agents. It emphasizes CTI‑driven, automated testing that integrates with existing pipelines, delivering continuous, accurate posture assessments. Attendees...
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Security researchers uncovered a zero‑click XSS flaw in Anthropic’s Claude Chrome extension that let any website inject prompts into the AI assistant without user interaction. The vulnerability, dubbed ShadowPrompt, combined an overly permissive *.claude.ai origin allow‑list with an XSS bug...
LiteLLM Incident: Mitigated and Contained with SAP LeanIX
LiteLLM, an open‑source large language model framework, was hit by a malicious supply‑chain attack that injected compromised code into its dependencies. SAP LeanIX’s security team identified the breach within hours and executed a coordinated response that isolated the threat and...
Byte Sized Lessons Launches Cyber‑Safety Adventure Series for Kids
Byte Sized Lessons with Zola and Zena, written by cybersecurity expert Dr. Rae Rivera, has been released worldwide as a new educational adventure for young readers. The book combines storytelling with hands‑on activities to teach children core online‑safety skills, targeting...
New “Disregard That!” Prompt‑Injection Attacks Threaten Enterprise LLM Deployments
Security researchers have uncovered a new class of prompt‑injection attacks, dubbed “Disregard That!”, that can commandeer the context window of large language models. The technique can force chatbots to send fraudulent messages, such as a £45 ($57) transfer request to...
Cubs’ 150th‑Season Launch Leverages Cookie Data Up to 750 Days
The Chicago Cubs have teamed with at least ten advertising‑technology vendors to harvest fan data through cookies that can persist for up to 750 days. The extensive collection of IP addresses, device identifiers, browsing behavior and precise location data raises...
Law and Security Merge as Supply Chain Regulations Multiply: RSA Panelists
At RSA 2026, security and legal leaders warned that digital‑heavy supply chains are expanding the attack surface, citing a recent breach of the open‑source tool Trivy used in AI pipelines. They highlighted hardware visibility gaps and the growing complexity of...
Agentic AI Poised to Shape Both Offensive and Defensive Cyber Measures: Munich Re
Munich Re’s 2026 cyber‑insurance report warns that agentic AI will soon automate multi‑stage attacks, generate hyper‑personalised phishing, and manipulate AI models through prompt injection and data poisoning. The technology expands the attack surface while also offering defenders autonomous tools to...
RSAC 2026: N-Able Report Reveals Why AI-Powered, Layered Cyber Defense Is Essential for Business Resilience
N‑able’s 2026 State of the SOC report shows a sharp resurgence of network‑perimeter attacks and a dramatic rise in alert volume, with the SOC processing roughly two alerts per minute in 2025. AI now automates about 90% of investigation tasks,...
LiteLLM Supply‑Chain Attack Exposes Up to 500,000 Cloud Tokens and Kubernetes Secrets
Threat actors behind TeamPCP compromised the open‑source LiteLLM library, pushing malicious versions 1.82.7 and 1.82.8 that deployed an infostealer to as many as 500,000 users. The malware harvested cloud tokens, Kubernetes secrets and crypto wallets, forcing developers to rotate credentials...
GlassWorm Attack Installs Fake Browser Extension for Surveillance
GlassWorm is a multi‑stage malware chain that infiltrates developers through malicious npm, PyPI or VS Code packages. After a pre‑install script runs, it contacts the Solana blockchain to fetch a second‑stage infostealer that harvests browser extensions, crypto wallet seeds, cloud and...
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
Rapid7 disclosed that a China‑linked state‑sponsored threat actor has embedded kernel‑level implants and passive backdoors deep within global telecom backbone infrastructure. The campaign leverages the BPFdoor Linux backdoor, CrossC2 beacons and the TinyShell framework to achieve long‑term, stealthy persistence across...
OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns
OpenAI announced a Safety Bug Bounty program on March 26, hosted on Bugcrowd, to solicit disclosures of AI abuse and safety risks beyond traditional security flaws. The initiative complements its existing Security Bug Bounty, which has already rewarded 409 vulnerabilities since...
Intermediaries Driving Global Spyware Market Expansion
Intermediaries such as brokers, resellers, and exploit engineers are expanding the global spyware market by obscuring supply chains and facilitating sales to sanctioned or low‑tech nations. A recent Atlantic Council report highlights examples like a South African intermediary for Memento...
Quarantining Risk: How Public Health Is Scaling AI without Exposing Sensitive Data
Public health agencies are turning to cloud‑native scientific computing to run massive genomics and epidemiological models without compromising patient privacy. The UK Health Security Agency (UKHSA) standardized its fragmented pandemic‑era infrastructure by adopting Red Hat OpenShift on Azure and integrating Nvidia...
Compliance Emerges as Competitive Differentiator Amid Rising Data Sovereignty Scrutiny
Data sovereignty has moved from a niche compliance checkbox to a core business priority, expanding beyond traditional sensitive records to include email addresses, logs, and metadata. Executives now demand real‑time visibility into where data originates, travels, and resides, as illustrated...
Nova Scotia Power Data Breach Compromises Data of Over 900,000 Users
Nova Scotia Power disclosed a data breach affecting more than 900,000 current and former customers, exposing names, contact details, birth dates, banking information, driver’s licenses and Social Insurance Numbers. The intrusion began around March 19, 2025 when an employee clicked...
Researchers Uncover WebRTC Skimmer Bypassing Traditional Defenses
Sansec researchers discovered a novel payment skimmer that leverages WebRTC DataChannels to load malicious code and exfiltrate payment data. Unlike traditional skimmers that rely on HTTP requests, this technique uses encrypted UDP traffic, bypassing Content Security Policy and standard network...
Smashing Security Podcast #460: Never Knock on the Door of a Nuclear Submarine Base and Ask for a Selfie
In episode 460 of the Smashing Security podcast, host Graham Cluley and guest Jenny Radcliffe dissect a cyber‑extortion case where a disgruntled data analyst stole a company payroll database and demanded $2.5 million in Bitcoin. The show also covers the arrest of an Iranian...
Secure by Default: Why Security That Assumes Failure Is Winning
At RSA 2024, the cybersecurity community is pivoting from the long‑standing "secure by design" mantra to a more pragmatic "secure by default" approach. The new model assumes misconfigurations, rushed deployments and human error, building safeguards that work even when users...