New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware
Threat actors are standardizing a ClickFix social‑engineering attack that lures victims into running malicious commands via the Windows Run dialog, PowerShell, or macOS Terminal. Insikt Group identified five active clusters since May 2024, impersonating brands like QuickBooks, Booking.com, and Zillow. The campaigns deliver memory‑only payloads such as NetSupport RAT and MacSync, using obfuscated PowerShell or curl commands to evade traditional browser and endpoint defenses. Experts warn the technique will remain a primary initial‑access vector through 2026 unless native utilities are hardened.
EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts
Researchers at eSentire disclosed a new EtherRAT campaign that hides command‑and‑control (C2) addresses inside Ethereum smart contracts, a technique they call EtherHiding. The malware, delivered via Node.js backdoors after initial access through Teams support scams and ClickFix attacks, retrieves C2...
AI-Powered Dependency Decisions Introduce, Ignore Security Bugs
Sonatype’s latest research reveals that even the most advanced AI models—referred to as frontier models—frequently generate erroneous software‑dependency recommendations, with nearly 28% of suggestions being outright hallucinations. The study examined 258,000 recommendations across Maven, npm, PyPI and NuGet, finding that...
AviaGames Opens Global Trust Centre in Singapore to Boost Real-Money Game Security
AviaGames has opened a Global Trust Centre in Singapore to centralise cybersecurity and data‑protection for its real‑money games. The facility will be overseen by former AWS security leader Dr. Jan Wang, who will drive compliance strategy across multiple jurisdictions. AviaGames...
Leak Bazaar Converts Stolen Corporate Data Into Organized Criminal Marketplace
Leak Bazaar, a new Russian‑speaking cyber‑crime service, debuted on March 25, 2026, offering a structured marketplace that transforms raw stolen corporate data into refined, buyer‑ready datasets. The platform combines automated filtering, machine‑learning analysis, and human validation to repackage information into...
TikTok for Business Accounts Targeted in New Phishing Campaign
A new phishing campaign is specifically targeting TikTok for Business accounts, luring users with fake “Schedule a Call” pages that mimic TikTok and Google Careers interfaces. The malicious sites are hosted on a shared Google Storage bucket and use Cloudflare...
New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data
CyberProof reports a 8‑10% surge in PXA Stealer attacks on financial institutions during Q1 2026, positioning the malware as the successor to takedown‑prone infostealers like RedLine and Lumma. The campaign spreads through convincing phishing emails that mimic tax forms, legal notices, or...
Acalvio ShadowPlex Review: Deception-Based Preemptive Cybersecurity
Acalvio ShadowPlex is an AI‑powered, agentless deception platform that projects decoys, breadcrumbs, and honeytokens across endpoints, cloud, OT, and identity layers to detect attacker intent early. The solution feeds high‑confidence alerts into existing SOC workflows via integrations with SIEM, SOAR,...
Keepit Annual Data Report 2026 Highlights the Path From SaaS Adoption to Proven Recovery Readiness
Keepit released its Annual Data Report 2026, analyzing real‑world backup and restore activity across SaaS users from 2025. The study shows that 90% of restores are single‑file downloads while nine‑in‑ten enterprises have validated bulk recovery, indicating growing maturity among larger...
![[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCypzkb6uvHuNx6LKknUqtvQFoqsr6aalztDeBKT1aaUASzfjZMZAZqExx1k0w5iKWl08lx3MxbM_FwWxAvBdZODEerioaMp8OHVvhSjC8VL3uAW9_NMniMl_niggBVhVMdDFu2324YyhW5TrK4fua1PXlrb0DweOULvNgi5mlQUZUct_dIX3OePrfqks/s1700-e365/validate.jpg)
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
The upcoming cybersecurity webinar teaches organizations how to move beyond guesswork by validating defenses against real‑world attack paths, including those targeting autonomous AI agents. It emphasizes CTI‑driven, automated testing that integrates with existing pipelines, delivering continuous, accurate posture assessments. Attendees...
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Security researchers uncovered a zero‑click XSS flaw in Anthropic’s Claude Chrome extension that let any website inject prompts into the AI assistant without user interaction. The vulnerability, dubbed ShadowPrompt, combined an overly permissive *.claude.ai origin allow‑list with an XSS bug...
Law and Security Merge as Supply Chain Regulations Multiply: RSA Panelists
At RSA 2026, security and legal leaders warned that digital‑heavy supply chains are expanding the attack surface, citing a recent breach of the open‑source tool Trivy used in AI pipelines. They highlighted hardware visibility gaps and the growing complexity of...
GlassWorm Attack Installs Fake Browser Extension for Surveillance
GlassWorm is a multi‑stage malware chain that infiltrates developers through malicious npm, PyPI or VS Code packages. After a pre‑install script runs, it contacts the Solana blockchain to fetch a second‑stage infostealer that harvests browser extensions, crypto wallet seeds, cloud and...
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
Rapid7 disclosed that a China‑linked state‑sponsored threat actor has embedded kernel‑level implants and passive backdoors deep within global telecom backbone infrastructure. The campaign leverages the BPFdoor Linux backdoor, CrossC2 beacons and the TinyShell framework to achieve long‑term, stealthy persistence across...
OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns
OpenAI announced a Safety Bug Bounty program on March 26, hosted on Bugcrowd, to solicit disclosures of AI abuse and safety risks beyond traditional security flaws. The initiative complements its existing Security Bug Bounty, which has already rewarded 409 vulnerabilities since...
Intermediaries Driving Global Spyware Market Expansion
Intermediaries such as brokers, resellers, and exploit engineers are expanding the global spyware market by obscuring supply chains and facilitating sales to sanctioned or low‑tech nations. A recent Atlantic Council report highlights examples like a South African intermediary for Memento...
Quarantining Risk: How Public Health Is Scaling AI without Exposing Sensitive Data
Public health agencies are turning to cloud‑native scientific computing to run massive genomics and epidemiological models without compromising patient privacy. The UK Health Security Agency (UKHSA) standardized its fragmented pandemic‑era infrastructure by adopting Red Hat OpenShift on Azure and integrating Nvidia...
Compliance Emerges as Competitive Differentiator Amid Rising Data Sovereignty Scrutiny
Data sovereignty has moved from a niche compliance checkbox to a core business priority, expanding beyond traditional sensitive records to include email addresses, logs, and metadata. Executives now demand real‑time visibility into where data originates, travels, and resides, as illustrated...
Nova Scotia Power Data Breach Compromises Data of Over 900,000 Users
Nova Scotia Power disclosed a data breach affecting more than 900,000 current and former customers, exposing names, contact details, birth dates, banking information, driver’s licenses and Social Insurance Numbers. The intrusion began around March 19, 2025 when an employee clicked...
Invoice Fraud Costs UK Construction Sector Millions, NCA Warns
UK’s National Crime Agency, together with the National Federation of Builders, has launched an awareness campaign targeting invoice‑fraud in the construction sector. In September 2025, fraudulent invoices cost the industry almost £4 million (≈$5.3 million) across 83 reported cases, and construction plus...
Blackwired and ARMIS Join Forces to Boost Cyber Resilience
Blackwired and ARMIS International have formed a strategic alliance to enhance cyber resilience against nation‑state attacks. The partnership combines Blackwired’s ThirdWatch platform—featuring 3‑D threat visualisation and the Aim‑Ready‑Fire methodology—with ARMIS’s operational crisis frameworks and deep government relationships. Together they aim...
Dell and HP Roll Out Quantum-Resistant Device Security
HP and Dell announced new hardware‑level security features aimed at defending against physical attacks and emerging quantum‑computing threats. HP introduced TPM Guard, which encrypts the TPM‑CPU link, and added quantum‑resistant cryptography to its LaserJet Pro and Enterprise printer lines along...
Node.js Fixes Critical Flaws, Patches DoS Risk in Latest Security Update
The Node.js project released a March 2026 security rollout covering its 20.x, 22.x, 24.x and 25.x branches. The update patches a critical TLS handling flaw (CVE-2026-21637) that could trigger remote denial‑of‑service, and a high‑severity HTTP header bug (CVE-2026-21710) that may...
DataBahn Brings AI-Driven Intelligence Into the Security Pipeline
DataBahn.ai unveiled Autonomous In‑Stream Data Intelligence (AIDI), an AI‑native model that interprets, validates, and acts on security telemetry as it flows through the pipeline. The accompanying DataBahn Agent Farm deploys specialized AI agents to automate connector creation, asset mapping, and...
Scalefusion Unveils the Future of Endpoint Management at 33rd Convergence India Expo
Scalefusion showcased its unified endpoint management vision at the 33rd Convergence India Expo in Delhi, demonstrating its UEM, OneIdP, and Veltar solutions. The startup highlighted a single‑agent platform that merges device management, zero‑trust identity, and compliance security. Thousands of attendees...
Announcing Kubescape 4.0 Enterprise Stability Meets the AI Era
Kubescape 4.0 launches with enterprise‑grade stability, delivering General Availability for Runtime Threat Detection and a new Kubernetes‑native Storage layer. The release consolidates security agents by deprecating the host‑sensor and merging its functions into a single node‑agent, simplifying cluster management. It...
Breaking Down “The Mosaic Effect”
Artificial intelligence is accelerating the "mosaic effect," where separate, permissible data points are combined to reveal sensitive insights. The effect, originally noted in intelligence work, now emerges in seconds as AI correlates thousands of low‑risk records, threatening compliance in regulated...
Zero-Trust on OKE: How to Actually Secure Your Clusters With Terraform
The article outlines a Terraform‑driven approach to building a zero‑trust Oracle Kubernetes Engine (OKE) cluster. It replaces overlay networking with OCI VCN‑Native CNI, deploys a private control plane without a public IP, and enables AMD SEV confidential computing for memory...
Importance Of Hardware Security Verification In Pre-Silicon Design
Hardware security verification is becoming a prerequisite for any silicon destined for cloud, automotive, industrial or edge AI applications. The discipline rests on two pillars: functional security verification, which confirms that security features behave as specified, and protection verification, which...
UAE Positions Cyber Security as Pillar of National Resilience and Digital Growth
The United Arab Emirates has formalized a nationally coordinated cyber‑security framework that links government, strategic industries and private partners. Continuous monitoring, AI‑enhanced threat detection and 24/7 response teams are embedded in a unified structure to protect critical infrastructure. The strategy...
Grafana Security Release: Critical and High Severity Security Fixes for CVE-2026-27876 and CVE-2026-27880
Grafana Labs announced version 12.4.2 and patched releases for 12.3, 12.2, 12.1 and 11.6, addressing two high‑impact vulnerabilities. CVE‑2026‑27876 is a critical 9.1‑rated remote‑code‑execution flaw in the sqlExpressions feature that allows arbitrary file writes. CVE‑2026‑27880 is a high‑severity 7.5‑rated denial‑of‑service...
Incident Response & Hiring Trends: What HR Can Learn From Semperis
Semperis has positioned its platform as a full‑stack incident response solution, offering real‑time threat detection, automated alerting, and rapid containment tools. The suite also streamlines recovery by rolling back unauthorized changes and supports compliance with detailed audit logs. In addition...
LEO Satellite Operators Could Be Beyond Australian Data Laws
Australia’s Cyber Security Centre, together with international partners, warned that commercial low‑Earth‑orbit (LEO) satellite operators can deliver connectivity to Australian users without a local footprint, leaving data outside the reach of domestic privacy laws. The advisory highlights that LEO constellations...
Got One of Those Weird Fake Microsoft Security Warning Screens
A fake Microsoft security warning overlay appeared in the Brave browser, locking the screen and preventing normal navigation. The pop‑up, triggered by malicious ads—often from Facebook—forced the user to terminate the browser via Task Manager. Upon restart, the warning did...
GitHub Adds AI-Powered Bug Detection to Expand Security Coverage
GitHub announced an AI‑powered scanning layer for its Code Security suite, complementing the existing CodeQL static analysis. The hybrid approach expands vulnerability detection to languages and frameworks such as Bash, Dockerfiles, Terraform, and PHP, while CodeQL continues deep semantic analysis...
European Officials Highlight Private Sector Help in Major Cybercrime Takedowns
European cyber law enforcement leaders at RSAC highlighted the growing role of private‑sector partners in dismantling major ransomware groups such as LockBit and Scattered Spider. Officials from the Netherlands, UK and Germany noted that industry briefings helped legitimize takedowns and...
Beyond IOCs: A Framework for High-Impact Cyber Threat Intelligence - Samuel Hassine - RSAC26 #3
Samuel Hassine, CEO of Filigran, outlined a shift from reactive indicator‑of‑compromise (IOC) alerts to a business‑focused Continuous Threat Exposure Management (CTEM) framework. He emphasized unifying threat intelligence with adversarial attack simulation using platforms like OpenCTI to drive measurable risk reduction....
Alleged RedLine Infostealer Conspirator Extradited to US
An Armenian national, Hambardzum Minasyan, was extradited to the United States and appeared in a Texas federal court on charges tied to the RedLine infostealer. Prosecutors allege he helped develop, host, and monetize the malware, which siphons billions of user...
ORNL Introduces ‘Photon’ Framework for Accelerating AI Vulnerability Discovery on Frontier
Oak Ridge National Laboratory’s CAISER team unveiled Photon, a new framework that uses the Frontier exascale supercomputer to accelerate AI vulnerability discovery. By repurposing the DeepHyper training system, Photon runs thousands of jailbreak prompts in parallel, achieving over 95% GPU...
7 Employer Tips For Handling Calif. Privacy Risk Assessments
California employers must now meet the California Consumer Privacy Act’s (CCPA) risk assessment mandate, which requires a systematic review of personal data practices. Law360 outlines seven practical steps, including data mapping, privacy impact analyses, vendor oversight, employee training, documentation, continuous...
Convicted Spyware Chief Hints that Greece’s Government Was Behind Dozens of Phone Hacks
Intellexa founder Tal Dilian, convicted of orchestrating a mass‑wiretapping campaign in Greece, announced his intention to appeal the eight‑year prison sentence. The scandal, dubbed “Greek Watergate,” involved the Predator spyware compromising phones of ministers, opposition leaders, military officials and journalists....
AI Supply Chain Attacks Don’t Even Require Malware…just Post Poisoned Documentation
Andrew Ng's Context Hub service supplies up‑to‑date API documentation to AI coding agents, but its open‑pull‑request workflow lacks any content sanitisation. Security researcher Mickey Shmueli demonstrated a proof‑of‑concept where poisoned documentation caused agents to add malicious PyPI packages to generated code....
AI Agent Identity and Next‑gen Enterprise Authentication Prominent at RSAC 2026
At RSA Conference 2026, vendors highlighted password‑less authentication for both humans and AI agents, with Swissbit unveiling a biometric FIDO2 key that adds post‑quantum resistance, and RSA extending its identity suite to Microsoft 365 E7. IBM, Auth0 and Yubico introduced...
Readying Industrial Connectivity for Cybersecurity Requirements
Cyber attacks on industrial operations have highlighted the lag in OT cybersecurity compared with IT. The EU Cyber Resilience Act (CRA), effective from December 2024, forces manufacturers to report vulnerabilities and obtain CE marking for new digital products by December 2027. Standards...
Why Revenue Cycle Teams Must Prepare for Extended Downtime in the Age of Cyber Threats
Healthcare providers face escalating ransomware and cloud‑outage threats that can instantly cripple revenue cycle operations, halting claim submissions and cash flow. Recent incidents, such as the Change Healthcare clearinghouse outage and a regional system’s backup encryption, exposed critical blind spots...
In-Sensor Cryptography Links Physical Process to Digital Identity
Researchers unveiled a monolithic in‑sensor cryptographic system that hashes and digitally signs data at the moment of capture, linking each measurement to an immutable digital identity. The prototype, built on 180 nm CMOS, demonstrated real‑time signing of cardiac cell voltage recordings...
Bubble AI App Builder Abused to Steal Microsoft Account Credentials
Threat actors are exploiting Bubble, an AI‑powered no‑code app builder, to host malicious web apps that impersonate Microsoft login pages. By serving phishing pages from the trusted *.bubble.io domain, email security solutions fail to flag the links, allowing credentials to...
TeamPCP Supply Chain Attack Hits LiteLLM PyPI Package
Open‑source Python library LiteLLM was compromised by the TeamPCP threat group, which uploaded malicious versions to PyPI that have since been removed. The packages deployed a three‑stage intrusion: credential harvesting, a Kubernetes lateral‑movement toolkit, and a persistent systemd backdoor. Endor...
Trojanized ConnectWise ScreenConnect Installers Deployed in Tax-Themed Malvertising Campaign
Cybercriminals have been running a tax‑season malvertising campaign since January 2026, hijacking Google Ads to serve fake W‑2 and W‑9 download pages that redirect to malicious ConnectWise ScreenConnect installers. The trojanized installers launch a trial instance, inject a multi‑stage crypter...