Chinese APT Targets Indian Banks, Korean Policy Circles
Chinese state‑sponsored APT group Mustang Panda has launched a new espionage campaign targeting India’s banking sector, using spoofed HDFC Bank software to deliver a LotusLite backdoor via DLL sideloading. The same operation also sent spear‑phishing emails impersonating political scientist Victor Cha to U.S. and Korean policy circles. Researchers at Acronis linked the attacks to Mustang Panda through shared code and operational patterns despite the campaign’s relatively unsophisticated tactics. The malware focuses on intelligence gathering rather than financial theft.
WhatsApp Leaks User Metadata to Attackers
Security researcher Tal Be'ery demonstrated that WhatsApp’s design leaks user metadata, allowing attackers to infer online status, device type, and activity patterns without sending visible messages. By exploiting silent ping messages and device fingerprinting through the WhatsApp Web protocol, anyone—from...
How NIST's Cutback of CVE Handling Impacts Cyber Teams
NIST announced it will scale back its National Vulnerability Database operations, shifting to a risk‑based model that enriches only high‑impact CVEs. The change follows a 12% federal funding cut in 2024 that triggered staff losses and a growing backlog of...
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
A coordinated law‑enforcement operation dismantled 330 Tycoon 2FA domains, slashing its monthly attack volume from over 9 million to roughly 2 million. The disruption opened a power vacuum that competitors such as Mamba 2FA, EvilProxy and Sneaky 2FA quickly filled, with Mamba doubling its output...
Every Old Vulnerability Is Now an AI Vulnerability
Microsoft patched CVE‑2026‑26144, an XSS flaw in Excel that now exploits the Copilot Agent to silently exfiltrate spreadsheet data. The vulnerability demonstrates how AI agents can amplify traditional bugs, granting them autonomous, privileged actions beyond the original exploit. Security experts...
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs
The U.S. Coast Guard has enacted its first mandatory cybersecurity framework for all U.S.-flagged vessels, ports and offshore facilities, with full compliance required by July 2027. Operators must create a cybersecurity plan, appoint a dedicated cybersecurity officer (CySO), conduct annual assessments...
North Korea Uses ClickFix to Target macOS Users' Data
Microsoft Threat Intelligence uncovered a new macOS‑focused ClickFix campaign linked to the North Korean group Sapphire Sleet. The attackers pose as recruiters, schedule fake technical interviews, and convince victims to run a malicious AppleScript named “Zoom SDK Update.scpt.” The script...
'Harmless' Global Adware Transforms Into an AV Killer
A threat actor operating as Dragon Boss Solutions LLC pushed a malicious update on March 22, 2025 that transformed its ad‑ware into a potent antivirus‑disabling payload. The update affected roughly 23,500 computers in 124 countries, with half of the victims...
Two-Factor Authentication Breaks Free From the Desktop
Two-factor authentication (2FA) is expanding beyond traditional IT logins to protect physical assets such as cars, home heating systems, and medical devices. In the automotive sector, firms like Keyfree Technologies are pairing in‑vehicle hardware with mobile apps to require one‑time...
Microsoft's Original Windows Secure Boot Certificate Is Expiring
Microsoft announced that the original UEFI Secure Boot certificates, first deployed in 2011, will expire on June 24, 2024. The company is urging IT leaders to apply the updated 2023 certificates to all Windows PCs built before 2024 to maintain the hardware‑based...
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Researchers at Acronis have identified a low‑dollar, high‑volume ransomware operation that has been active in Turkey since at least 2020. The attackers deploy a customized Adwind RAT to deliver the JanaWare ransomware, demanding between $200 and $400 per victim. The...
Critical MCP Integration Flaw Puts NGINX at Risk
Researchers at Pluto Security have uncovered a critical vulnerability in the popular nginx‑ui web console, identified as CVE‑2026‑33032 with a CVSS score of 9.8. The flaw resides in the MCP /message endpoint, which performs no authentication and can be exploited to...
Navigating the Unique Security Risks of Asia's Digital Supply Chain
At Black Hat Asia 2026, a panel of security leaders from Bitdefender, ISACA, Varonis and others will dissect the unique third‑party risk landscape of Asia’s hyper‑connected digital supply chain. The discussion highlights how divergent regulations across countries—exemplified by a U.S....
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
An independent WebXray audit of 7,634 California‑origin sites found that Google, Meta and Microsoft routinely ignore Global Privacy Control (GPC) opt‑out signals, violating the California Consumer Privacy Act (CCPA). Google showed the highest non‑compliance, failing to honor GPC requests on...
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Security vendor Capsule Security disclosed two high‑severity prompt‑injection vulnerabilities affecting Salesforce’s Agentforce (“PipeLeak”) and Microsoft’s Copilot (“ShareLeak”). The flaws let attackers inject malicious prompts into public‑facing forms, causing unauthorized extraction of CRM leads and SharePoint data, respectively. Both companies have...
Microsoft Bets $10 Billion to Boost Japan's AI, Cybersecurity
Microsoft announced a $10 billion investment to expand AI infrastructure, cybersecurity services and local data centers in Japan, more than tripling its total spend in the country since 2024. The pledge includes partnerships with Sakura Internet and SoftBank and a commitment...
Privilege Elevation Dominates Massive Microsoft Patch Update
Microsoft’s April 2026 Patch Tuesday addressed a near‑record 165 CVEs, with elevation‑of‑privilege bugs comprising a record 57% of the fixes. Attackers are already exploiting a SharePoint spoofing zero‑day (CVE‑2026‑32201), while another high‑severity flaw (CVE‑2026‑33825) in Defender antimalware remains unexploited but...
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
The ecosystem of EDR‑killer tools that exploit bring‑your‑own‑vulnerable‑driver (BYOVD) techniques has expanded dramatically, with researchers cataloguing nearly 90 distinct killers. Although only about 35 vulnerable Windows drivers are actively abused, each can be re‑hashed thousands of times, complicating blocklist defenses....
War Game Exercise Demonstrates How Social Media Manipulation Works
University of New South Wales turned a classroom exercise into a four‑week war‑game called “Capture the Narrative.” Over 270 participants from 18 Australian universities deployed AI‑driven bots on a custom social‑media sandbox, Legit Social, to sway a simulated South‑Pacific island...
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
Organizations handling tax filings must test DDoS defenses during peak traffic, not just in low‑load windows. Real incidents in the Netherlands and Poland showed attacks timed with filing deadlines can cripple critical services. Changes to applications, CDNs, and bot‑mitigation can...
Empty Attestations: OT Lacks the Tools for Cryptographic Readiness
Operational technology (OT) environments were built for uninterrupted service, not security, leaving many legacy devices without encryption or the ability to upgrade. Threat actors like Volt Typhoon have already maintained long‑term access, harvesting encrypted traffic and potentially signing keys for...
APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
Chinese state‑linked group APT41 has released a new ELF‑based backdoor that silently infiltrates Linux cloud workloads to steal credentials from AWS, Azure, GCP and Alibaba Cloud. The malware communicates over SMTP port 25, a channel that bypasses typical internet‑exposure scanners and...
Hims Breach Exposes the Most Sensitive Kinds of PHI
Hims & Hers Health disclosed a data breach that compromised customer support tickets accessed through a third‑party platform. The breach, attributed to the ShinyHunters group, exposed names, email addresses and sensitive medical information such as erectile dysfunction and mental‑health conditions. Hackers...
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
FINRA announced the launch of the Financial Intelligence Fusion Center (FIFC), a secure portal that enables member brokerage firms to share real‑time cybersecurity and fraud intelligence. The platform builds on FINRA Forward initiatives and incorporates data from government and private‑sector...
Orange Business Reimagines Enterprise Voice Communications With Trust and AI
Orange Business announced a comprehensive overhaul of its enterprise voice platform, emphasizing trust and artificial intelligence. The rollout introduces branded calling in the U.S. and France, deep‑fake detection, AI‑augmented customer care, and Agentic AI telephony integrated with Microsoft 365 Copilot....
Russia's 'Fancy Bear' APT Continues Its Global Onslaught
Trend Micro’s latest research reveals that Russia’s Fancy Bear (APT28) continues to run sophisticated espionage and sabotage campaigns worldwide. The group deployed the Prismex malware suite against Ukraine’s defense supply chain and used NTLMv2 hash‑relay attacks via a patched Outlook vulnerability...
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
A researcher using the alias Chaotic Eclipse publicly released exploit code for a Windows zero‑day flaw dubbed “BlueHammer,” which targets a race condition in Windows Defender’s signature update system. The PoC, posted on GitHub on April 2, claims the vulnerability remains...
Do Ceasefires Slow Cyberattacks? History Suggests Not
A fragile US‑Iran cease‑fire was announced, prompting Iran‑aligned hacktivist group Handala to claim a temporary pause in its cyber operations against the United States. Experts, however, warn that historical evidence shows cease‑fires rarely translate into a digital stand‑down; cyber activity...
Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
Russian GRU‑backed APT28, also known as Fancy Bear, has been exploiting long‑standing bugs in consumer‑grade SOHO routers such as MikroTik and TP‑Link to intercept web traffic worldwide. By reconfiguring DNS settings on compromised devices, the group silently siphons email credentials and...
Threat Actors Get Crafty With Emojis to Escape Detection
Threat actors are increasingly embedding emojis in malicious communications to evade detection and streamline coordination across platforms such as Telegram, Discord, and underground forums. Flashpoint’s latest analysis highlights the Pakistan‑linked APT group UTA0137 using the Disgomoji malware, which interprets simple...
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
HackerOne announced on March 27 that it will pause new vulnerability submissions to its Internet Bug Bounty (IBB) program, citing an unsustainable surge of AI‑generated reports that outpace open‑source maintainers' remediation capacity. The influx has driven valid findings down from roughly...
Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus
Full Sail University announced the opening of its IBM Cyber Defense Range, a cloud‑enabled training facility powered by AWS and Cloud Range, slated for April 16, 2026. The 1,463‑square‑foot space includes 28 workstations equipped with HP hardware, allowing cybersecurity and IT students to...
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
Pluralsight unveiled SecureReady, an end‑to‑end cybersecurity skill development platform aimed at closing talent gaps for CISOs and IT leaders. The solution pairs a constantly refreshed library of on‑demand courses with more than 350 hands‑on labs and expert‑led seminars, releasing new...
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
Iran‑affiliated advanced persistent threat actors have begun disrupting U.S. critical infrastructure by exploiting internet‑exposed programmable logic controllers, especially Rockwell Automation/Allen‑Bradley devices. The campaign, launched after a U.S.–Israel strike on Iran, manipulates PLC project files and SCADA displays, causing operational downtime...
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
The RSAC 2026 conference opened with AI taking center stage, as vendors aggressively promote AI‑driven security solutions, including ambitious agentic AI that could augment or replace traditional security‑operations centers. Executives debated the scalability of the "human‑in‑the‑loop" model, with Vodafone’s CISO Emma Smith...
Lies, Damned Lies, and Cybersecurity Metrics
A panel of cybersecurity leaders in Las Vegas exposed five pervasive myths that keep the industry stuck, despite rising spend and talent. They argued that measuring activity instead of threat reduction, over‑relying on prevention, assuming accurate threat models, banking on...
Focusing on the People in Cybersecurity at RSAC 2026 Conference
The RSAC 2026 conference highlighted the critical role of people in cybersecurity amid rapid AI adoption. New ISSA research revealed low job satisfaction—only 28% of professionals are very satisfied—and rising stress, with 62% reporting frequent stress. Attendees discussed the growing skills...
AI-Assisted Supply Chain Attack Targets GitHub
A threat actor used AI‑assisted automation to launch the "prt‑scan" supply‑chain campaign on GitHub, opening over 500 malicious pull requests between March 11 and early April. The campaign targeted repositories that use the vulnerable pull_request_target workflow, compromising fewer than 10 %...
Axios Attack Shows Complex Social Engineering Is Industrialized
The popular JavaScript HTTP client Axios was compromised when North Korean state‑linked group UNC1069 socially engineered lead maintainer Jason Saayman into installing a malicious dependency. The attackers delivered a remote‑access Trojan via a fake Slack workspace and Microsoft Teams call,...
Fortinet Issues Emergency Patch for FortiClient Zero-Day
Fortinet issued an emergency hotfix for the critical CVE‑2026‑35616 zero‑day in its FortiClient Endpoint Management Server, a 9.1‑CVSS flaw that enables unauthenticated code execution. The vulnerability has already been exploited in the wild, prompting a security advisory that recommends immediate...
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
App‑store privacy labels, introduced by Apple in 2020 and soon after by Google, aim to inform users about data collection, usage, and sharing. Experts Lorrie Cranor and Kelly Peterson argue the labels are inconsistent, often inaccurate, and provide little real...
Apple Breaks Precedent, Patches DarkSword for iOS 18
Apple has extended a back‑ported patch for the DarkSword exploit chain to iOS 18 devices, a move previously reserved for the newest iOS 26 release. The fix arrived on April 1, days after the tool leaked on GitHub, and covers vulnerabilities that span...
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
TeamPCP’s supply‑chain campaign has broadened, compromising open‑source tools like Trivy and LiteLLM and giving attackers stolen AWS credentials. The breaches surfaced at AI startup Mercor and the European Commission, where compromised code‑scanning utilities enabled unauthorized cloud access. Third‑party groups ShinyHunters...
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
Chainguard introduced Factory 2.0 at the Assemble conference, revamping its supply‑chain hardening platform with an AI‑powered control plane and agentic reconciliation bots. The new DriftlessAF framework continuously updates and patches approved open‑source artifacts across containers, libraries, and CI/CD workflows. Chainguard also...
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
CrowdStrike announced that its Falcon Next‑Gen SIEM now ingests telemetry from Microsoft Defender for Endpoint, making Defender the first EDR integrated with the platform. The integration enables real‑time analytics, intelligent filtering and faster threat detection across heterogeneous endpoint stacks. CrowdStrike...
RSAC 2026: AI Dominates, But Community Remains Key to Security
The RSAC 2026 conference placed artificial intelligence at the forefront of cybersecurity discussions, while its official theme emphasized the "Power of Community." Notably, the U.S. federal government was absent, leaving a void in public‑private collaboration and prompting concerns about AI governance....
Cyberattacks Intensify Pressure on Latin American Governments
Latin American governments are confronting a surge in cyber attacks, with organizations in the region experiencing about 3,050 incidents per week in March—well above the global average of roughly 2,000. Government agencies face even higher pressure, enduring around 4,200 weekly...
Are We Training AI Too Late?
GreyNoise warns that AI‑driven security models are trained on data that arrives after attacks have succeeded, creating a reactive lag. Their 2026 State of the Edge report shows over half of remote‑code‑execution traffic originates from IPs with no prior reputation,...
_Brian_Jackson_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The Forgotten Endpoint: Security Risks of Dormant Devices
Consultants are left holding corporate laptops long after projects pause, creating hidden entry points into enterprise networks. A Kensington study shows 76 % of IT leaders faced device theft and 46 % suffered breaches from unsecured hardware. Organizations repeatedly fail endpoint visibility,...
Black Hat USA
Black Hat USA 2026 returns to Las Vegas for a six‑day cybersecurity showcase, featuring four days of expert‑led trainings, a summit day, and a two‑day conference with briefings, Arsenal tool demos, and a Business Hall. Attendees can use promo code...