Amazon Middle East Datacenter Suffers Second Drone Hit as Iran Steps up Attacks
Iranian drones struck Amazon's ME‑SOUTH‑1 data center in Bahrain for the second time this month, igniting a fire and prompting AWS to label the incident as the lowest level of service disruption. The attack follows a March strike on the same site and the UAE region, part of a broader Iranian campaign targeting U.S. tech firms in the Middle East. Amazon advised customers to shift workloads and activate disaster‑recovery plans, while the Islamic Revolutionary Guard Corps publicly threatened at least 18 American companies. The incidents spotlight the fragility of sovereign cloud infrastructure amid regional conflict.
How Do NHIs Build Trust in Cloud Security?
Machine (non‑human) identities are becoming the backbone of cloud security, requiring end‑to‑end lifecycle management from discovery to remediation. Organizations that integrate NHI controls into a unified cybersecurity strategy can close gaps that expose sensitive data, especially in regulated sectors like...
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters, identified as UNC6040, issued a final warning to Cisco, demanding contact before April 3 2026 or face a public data leak. The group alleges it has exfiltrated more than three million Salesforce records, along with GitHub repositories, AWS storage buckets, and...
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Hackers are exploiting the critical CVE‑2025‑55182 flaw in Next.js to gain remote code execution and compromise at least 766 hosts across several cloud providers. The UAT‑10608 threat cluster deploys a multi‑phase dropper that harvests SSH keys, cloud IAM tokens, API...
ConductorOne Extends Reach of Identity Governance to AI
ConductorOne has broadened its identity governance platform to cover AI tools, agents and integrations using the Model Context Protocol, and has linked the platform with CrowdStrike Falcon Next‑Gen Identity Security for real‑time threat intelligence. A recent survey shows 95% of organizations...
US Military Contractor Open Sources Tool for Validating Hidden Communications Networks
RTX’s BBN research arm has released Maude‑HCS, a DARPA‑funded toolkit for modeling and validating hidden communication systems, under the Apache 2.0 license on GitHub. Built on the Maude language, the open‑source tool lets users specify protocol behavior, adversary observables, and environmental...
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Anthropic unintentionally published a JavaScript sourcemap for Claude Code v2.1.88, exposing roughly 512,000 lines of TypeScript. Within days, security firm Adversa AI uncovered a critical flaw in Claude Code’s permission system that lets deny‑rule checks be bypassed when more than 50 sub‑commands are generated....
New Rowhammer Attacks Give Complete Control of Machines Running Nvidia GPUs
Researchers have unveiled two GPU‑focused Rowhammer attacks, GDDRHammer and GeForge, that can flip bits in Nvidia Ampere‑generation GDDR memory and gain arbitrary read/write access to CPU RAM. By massaging GPU page‑table allocations, the exploits break isolation and open a root...
Money Transfer App Duc Exposed Thousands of Driver’s Licenses and Passports to the Open Web
The Canadian fintech Duc App left an Amazon‑hosted storage bucket publicly accessible, exposing over 360,000 files that included driver’s licenses, passports, selfies and transaction spreadsheets. The data was stored without encryption, allowing anyone with the URL to view and download the...
Akira Ransomware Group Can Achieve Initial Access to Data Encryption in Less than an Hour
The Akira ransomware group can move from initial access to full data encryption in under an hour, often within four hours. Active since 2023, it has extorted roughly $245 million in ransom payments through September 2025. Akira leverages zero‑day exploits, vulnerable VPNs,...
Oracle Launches Defense Isolated Cloud to Enable Secure Collaboration at Scale
Oracle announced its Defense Industrial Base Isolated Cloud Environment (DICE), an air‑gapped OCI offering that meets U.S. Secret and future Top Secret classification requirements. The service, unveiled at the Oracle Federal Forum, is undergoing security assessments and aims for provisional...
Crypto Exploit Losses Climb Sharply in March 2026 as Security Threats Evolve, Report Reveals
PeckShield reported that cryptocurrency hacks stole about $52 million in March 2026, a 96 percent jump from February’s $26.5 million. The surge stemmed from roughly 20 major incidents, pushing Q1 2026 losses to $501 million across 145 events. The most severe breach at Resolv Labs involved...
Cyber Security Is Going in the Wrong Direction
A new CrowdStrike report shows cyber threats in Ireland and Europe spiralling, with AI‑enabled attacks up 89% and cloud intrusions up 266% year‑over‑year. A five‑year CybSafe study reveals employee security habits are eroding: MFA usage dropped from 94% in 2022...
How Iranian Hackers Pose a Threat to US Critical Infrastructure
Iran‑linked hacker group Handala claimed responsibility for a March 11, 2026 cyberattack on Michigan‑based medical‑device maker Stryker Corp., disrupting its internal Microsoft systems and halting order processing, manufacturing, and shipping. The incident underscores how regional geopolitical tensions can quickly spill...
RSAC 2026: AI Dominates, But Community Remains Key to Security
The RSAC 2026 conference placed artificial intelligence at the forefront of cybersecurity discussions, while its official theme emphasized the "Power of Community." Notably, the U.S. federal government was absent, leaving a void in public‑private collaboration and prompting concerns about AI governance....
ArmorPoint and Scudo360 Partner to Expand Managed Security Services
ArmorPoint has teamed up with Scudo360 to embed a 24/7 managed SOC and SIEM capability into Scudo360’s service portfolio. The co‑delivery model gives Scudo360’s mid‑market clients continuous threat monitoring and real‑time response without building their own security operations center. By...
Leverage Profinet’s Security Building Blocks to Navigate EU Regulations
The EU’s new Cyber Resilience Act, NIS2 Directive, and the 2027‑effective Machinery Regulation are forcing industrial automation players to embed cybersecurity into products and processes. Profinet’s security architecture—secure cell, secure access, and secure realtime—maps directly to these regulatory requirements. While...
Denuvo Has Been Broken, Company Promises Countermeasures Against New DRM Bypasses — Zero-Day Game Releases Become Norm as Security Concerns...
A community‑developed hypervisor bypass has successfully cracked Denuvo DRM, turning zero‑day game repacks into a regular occurrence. The method requires users to disable multiple Windows security features, including VBS, Credential Guard, driver signature enforcement, and Core Isolation. Irdeto, Denuvo's parent,...
Arctic Wolf CEO Nick Schneider On Delivering ‘Superior’ Security With New Agentic SOC Platform
Arctic Wolf unveiled the Aurora Agentic SOC, branded as the world’s largest agentic security operations center. Powered by the Aurora Superintelligence Platform, it leverages a proprietary knowledge graph and a swarm of AI agents to ingest more than 10 trillion security...
I Knew About North Korean Hackers—They Still Tricked Me and Got Into My Computer
A Fortune journalist was nearly compromised by a North Korean phishing scheme that masqueraded as a Zoom update, exposing a credential‑stealing script. The attackers leveraged a hijacked Telegram account to arrange a fake video call, a tactic the DPRK has...
Elon Musk's X to Deploy Scam Kill Switch by Auto-Locking First-Time Crypto Mentioners
Elon Musk's platform X will automatically lock any account that mentions cryptocurrency for the first time, requiring extra verification before further posting. The feature targets a surge in phishing attacks that hijack accounts to promote scam tokens, which Musk’s product...
A Hitchhiker's Guide to RSAC: What You May Have Missed, From Post-Quantum to NSA Veterans
The RSA Conference (RSAC) highlighted a surge in post‑quantum cryptography initiatives, with several vendors unveiling prototype algorithms and migration roadmaps. Former NSA cyber experts presented new threat‑intel platforms that blend AI with traditional analytics, aiming to shorten detection cycles. Cloud‑native...
Residential Proxies Evaded IP Reputation Checks in 78% of 4B Sessions
GreyNoise analyzed 4 billion malicious sessions and found residential proxies evaded IP reputation checks in 78% of cases. Roughly 39% of the traffic originated from home networks, yet most proxies disappear within a month, preventing reputation feeds from cataloguing them. The...
Medtech Giant Stryker Says It’s Back up After Iranian Cyberattack
Medtech leader Stryker announced it is now fully operational after a March 11 wiper attack by the Iranian‑linked Handala group, which crippled order processing, manufacturing and shipping. The breach, framed as retaliation for U.S. actions in the Israel‑Palestine conflict, forced...
Nigerian Founder Launches ADT, a New AI Model for Cyber Defense
Glemad unveiled Autonomous Defence Transformers (ADT), the first frontier‑scale AI models built from the ground up for security reasoning and autonomous cyber defence. The PulseADT service now safeguards over 680,000 assets, handling 1.8 million security events per second, and delivers a...
Polygraf AI Announces Core AI Patent and Sweeps Major Cybersecurity Awards at RSAC 2026
Polygraf AI announced a core USPTO patent for its Content Source Detection AI model and swept several top cybersecurity honors at RSA Conference 2026, including the Global InfoSec Award for Most Innovative AI Usage Control, a gold win at the...
Relyance AI Releases Lyo, Aims to Set a New Enterprise Data Security Standard
Relyance AI unveiled Lyo, an autonomous data defense engineer that continuously monitors AI agents' interactions with enterprise data. Leveraging the company’s Data Exposure Graph, Lyo maps AI‑to‑data relationships, flags over‑privileged access, and provides real‑time contextual alerts. The platform includes a...
Alleged Starbucks Incident Exposes Code and Firmware
Threat group ShadowByt3s claims it breached Starbucks by accessing a misconfigured Amazon S3 bucket, stealing roughly 10 GB of proprietary source code, firmware, and management tools. The data allegedly includes binaries for in‑store beverage dispensers, the Mastrena II espresso system, and...
OpenSSH 10.3 Patches Five Security Bugs and Drops Legacy Rekeying Support
OpenSSH 10.3 introduces five security patches and a suite of new features while removing legacy rekeying support. The update fixes a shell‑injection flaw in user‑name handling, a certificate‑principal matching bug, and an ECDSA algorithm enforcement issue. It also changes certificate behavior...
5 Best Practices to Secure AI Systems
As AI becomes integral to critical operations, its unique attack surface outpaces traditional security measures. Experts recommend a multi‑layered strategy that starts with strict access controls and encryption, followed by AI‑specific defenses such as firewalls and red‑team testing. Continuous visibility...
Why Broadcom Gave Velero to the CNCF Sandbox — and What It Means for Kubernetes Data Protection
Broadcom has transferred ownership of the Velero backup and recovery project to the CNCF Sandbox, moving governance away from its VMware unit. The donation aims to eliminate perceived proprietary control and encourage broader community contributions. Broadcom positions this move as...
Disaster Recovery Plan Checklist: Key Steps for a Smooth Restore
The article outlines an 11‑step disaster recovery (DR) planning checklist that emphasizes inventorying assets, defining recovery objectives, and establishing a trained response team. It stresses leadership involvement in setting RTO/RPO, risk assessment, and budgeting for preventive measures. The guide also...
Cyera Achieves FedRAMP High “In Process” Designation to Securely Accelerate AI Adoption
Cyera, an AI security platform, has earned a FedRAMP High “In Process” designation, moving it toward full federal authorization. The status reflects rigorous security reviews for handling Controlled Unclassified Information, positioning Cyera for government AI deployments. Its platform offers automated...
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
Threat actors are turning vacant rental homes into anonymous mail drop points, then exploiting USPS services like Informed Delivery and change‑of‑address forwarding to intercept sensitive correspondence. The workflow combines open‑source intelligence, weak identity verification, and fake identities to create persistent...
A Secure Chat App’s Encryption Is So Bad It Is ‘Meaningless’
TeleGuard, a messaging app boasting over one million downloads, claims end‑to‑end encryption but stores users' private keys on its servers. Security researchers discovered that the keys can be accessed trivially, allowing anyone to decrypt messages. The flaw also enables attackers...
APERION Launches SmartFlow, a Secure, On-Premises Alternative to Compromised Cloud AI Gateways
APERION announced the SmartFlow SDK, an on‑premises, Kubernetes‑native AI governance platform designed to replace compromised cloud AI gateways after the LiteLLM supply‑chain attack. The attack, which impacted roughly 36% of cloud environments, triggered a 200% surge in APERION web traffic...
From Edge to Enterprise: How the Endpoint Became IT’s Most Strategic Layer and Why Lenovo Is Joining the Conversation at...
Enterprise endpoints have shifted from commodity devices to strategic layers in digital workspaces. As hybrid work, zero‑trust models, and cloud‑first applications proliferate, endpoints now enforce identity, security, and user experience. Lenovo is highlighting this evolution at IGEL’s Now & Next...
New Progress ShareFile Flaws Can Be Chained in Pre-Auth RCE Attacks
Researchers at watchTowr identified two critical flaws—CVE‑2026‑2699 and CVE‑2026‑2701—in Progress ShareFile’s Storage Zones Controller (SZC). The authentication bypass (CVE‑2026‑2699) lets attackers reach the admin interface, while the remote code execution bug (CVE‑2026‑2701) enables malicious ASPX webshell deployment. Chaining the vulnerabilities...
Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
Storm, a new infostealer discovered by Varonis Threat Labs in early 2026, can decrypt Chrome’s App‑Bound Encryption and harvest credentials, session cookies, crypto wallets, and messaging app accounts from Chrome, Edge, Firefox and other browsers. The malware is offered as...
Niobium Brings Fully Encrypted AI Workloads to the Cloud with The Fog
Niobium Microsystems is set to launch The Fog, a cloud platform that runs AI and data‑processing workloads on fully homomorphic encryption (FHE) without ever decrypting the data. The service relies on the company’s new mistic Core processor, an FPGA‑based chip...
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
A new multi‑stage malware campaign targeting South Korean users leverages malicious LNK shortcut files that pull PowerShell commands from GitHub repositories. The attackers embed decoding functions directly in the LNK arguments, use decoy PDF documents to mask activity, and establish...
F5 and Forcepoint Partner to Address AI Data Risk and Runtime Security
F5 and Forcepoint announced a partnership that bundles F5’s runtime AI protections with Forcepoint’s Data Security Posture Management (DSPM) for enterprise customers. The joint go‑to‑market approach uses channel partners rather than deep product integration, allowing MSPs, VARs and SIs to...
How North Korean Operatives Get Hired, and How HR Can Stop Them
The U.S. Treasury last month sanctioned six individuals and two entities for operating North Korean IT‑worker fraud networks that generated nearly $800 million in 2024. A joint report by threat‑intelligence firm Flare and IBM X‑Force detailed how these operatives infiltrate American firms...
How North Korean Operatives Get Hired, and How HR Can Stop Them
The U.S. Treasury sanctioned six individuals and two entities linked to North Korean IT worker fraud networks that generated nearly $800 million in 2024. Threat‑intelligence firms Flare and IBM X‑Force detailed how operatives infiltrate U.S. firms using fabricated LinkedIn profiles, tailored...
Boards Are Falling Short on Cybersecurity
Boards increasingly recognize the need for cybersecurity investments, yet their oversight is lagging. A 2024 FBI report shows cybercrime losses jumped 33% year‑over‑year, underscoring the growing threat. The authors identify three core weaknesses: insufficient expertise on boards, superficial risk conversations,...
Former Employee of National Industrial Company Pleads Guilty to Crimes Related to Hacking Computer Networks and Extorting Employees
A former core infrastructure engineer at a New Jersey‑based industrial firm pleaded guilty in federal court to extorting the company and damaging its computer network. In November 2023, the 59‑year‑old Missouri resident initiated unauthorized remote‑desktop sessions, deleted admin accounts, altered passwords,...
Critical Cisco IMC Auth Bypass Gives Attackers Admin Access
Cisco disclosed a critical authentication bypass (CVE‑2026‑20093) in its Integrated Management Controller (IMC) that lets unauthenticated attackers obtain admin privileges on UCS C‑Series and E‑Series servers. The flaw resides in the password‑change function and can be triggered with a crafted...
Cyber-Physical Security Gaps Demand Attention, Health-ISAC’s 2025 Exercise Series Finds
Health‑ISAC’s 2025 resilience exercise series revealed persistent gaps in coordinating cyber and physical security teams across seven simulated ransomware‑plus‑intrusion tabletop drills. Participants repeatedly reported fragmented communication, delayed escalation, and insufficient joint response procedures. The after‑action report distilled twelve priority observations,...
Google GAs New Ransomeware Protections for Drive, 14x Improvement From Beta
Google announced a new ransomware protection suite for Google Drive that leverages advanced AI to scan and block malicious files before they reach users. The service delivers a 14‑times improvement in detection rates compared with the previous beta program, while...
Why GitHub Developers Are Targeted by Token Giveaway Scams
GitHub developers are increasingly targeted by sophisticated token giveaway scams that masquerade as legitimate project announcements. Attackers exploit developers' public activity, mimicking maintainers, using authentic branding, and leveraging technical language to appear credible. The scams rely on urgency, hidden malicious...
