Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users
Microsoft’s security researchers uncovered a critical intent‑redirection flaw in EngageLab’s EngageSDK, a messaging library embedded in over 30 million Android cryptocurrency‑wallet installations. The vulnerability lets a malicious app craft intents that bypass Android’s sandbox, exposing personal data and financial credentials. Microsoft alerted EngageLab in April 2025, leading to a November 2025 patch (v5.2.1) and removal of affected apps from Google Play. No evidence of exploitation in the wild has been found, but the incident highlights SDK‑level risks for crypto users.
Apple Intelligence AI Guardrails Bypassed in New Attack
Researchers from RSAC demonstrated a method to bypass Apple Intelligence's on‑device AI guardrails, achieving a 76% success rate across 100 test prompts. The technique merges the Neural Execs prompt‑injection attack with Unicode right‑to‑left override manipulation, allowing malicious output to slip...
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
Palo Alto Networks and SonicWall each released emergency patches addressing multiple vulnerabilities, including two high‑severity flaws. Palo Alto fixed three bugs—most notably CVE‑2026‑0234 affecting Cortex XSOAR/XSIAM’s Microsoft Teams integration—and added dozens of Chromium security updates. SonicWall patched four issues in...
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
Google’s Threat Intelligence Group has identified a financially motivated actor, tracked as UNC6783, launching a focused campaign against business process outsourcing firms to pilfer data from their high‑value corporate clients. The group uses live‑chat lures, spoofed Okta login pages and...
Adobe Reader Zero-Day Exploited for Months: Researcher
A researcher has identified an actively exploited zero‑day vulnerability in Adobe Reader, discovered through a malicious PDF that can harvest system data and may enable remote code execution or sandbox escape. The exploit has been observed in the wild since...
$3.6 Million Stolen in Bitcoin Depot Hack
Bitcoin Depot, the largest U.S. Bitcoin ATM operator, disclosed that hackers stole roughly 50.903 BTC, valued at about $3.6 million, after breaching its corporate IT systems on March 23. The company says the intrusion was limited to internal wallets and did not affect...
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
A tentative cease‑fire between Iran, the United States and Israel is unlikely to halt cyber attacks from Iran‑linked groups. Pro‑Iranian hacktivist collective Handala announced it will pause attacks on U.S. targets but continue striking Israel, warning it will resume U.S....
The New Rules of Engagement: Matching Agentic Attack Speed
AI‑enabled cyberwarfare has moved from theory to reality, highlighted by Anthropic's September 2025 disclosure of an autonomous attack that operated with minimal human input. A 2026 Armis report shows 64% of U.S. IT decision‑makers already suffered AI‑generated attacks, while 92%...
Severe StrongBox Vulnerability Patched in Android
Google released the April 2026 Android security patch, fixing two high‑profile flaws: a local denial‑of‑service bug (CVE‑2026‑0049) in the Framework and a high‑severity vulnerability (CVE‑2025‑48651) affecting StrongBox, the hardware‑backed keystore. StrongBox implementations from Google, NXP, STMicroelectronics and Thales are impacted. While...
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
Security researcher Noma Security disclosed a critical Grafana vulnerability dubbed GrafanaGhost, which lets attackers exploit the platform’s AI features to exfiltrate enterprise data via crafted image prompts. By injecting a hidden “intent” keyword, the flaw bypasses Grafana’s image URL validation...
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
This week’s cybersecurity roundup revealed a wave of high‑profile threats, from a new Android banking trojan called Mirax that can be rented for $3,000 a month to an Android rootkit dubbed NoVoice that has infected roughly 2.3 million devices via Google...
Mobile Attack Surface Expands as Enterprises Lose Control
Jamf’s 2025 mobile security report, based on 1.7 million devices, reveals a sprawling, poorly‑controlled attack surface. Over half of enterprises host at least one device with a critically outdated OS, while 86% of the 135 most common apps contain known vulnerabilities....
T-Mobile Sets the Record Straight on Latest Data Breach Filing
T‑Mobile USA clarified that a recent data breach notification filed with the Maine Attorney General stemmed from an isolated insider incident affecting a single customer. The compromised data included personal identifiers such as name, address, SSN, driver’s license and account...
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Anthropic unintentionally published a JavaScript sourcemap for Claude Code v2.1.88, exposing roughly 512,000 lines of TypeScript. Within days, security firm Adversa AI uncovered a critical flaw in Claude Code’s permission system that lets deny‑rule checks be bypassed when more than 50 sub‑commands are generated....
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
In March 2026, thirty‑eight cybersecurity‑focused M&A deals were announced, marking a rapid acceleration in the sector. The month’s headline transactions include Google’s $32 billion closure of the Wiz acquisition, Zurich’s $11 billion purchase of Beazley, and a series of AI‑security buyouts such as...
CrewAI Vulnerabilities Expose Devices to Hacking
Open‑source AI orchestration framework CrewAI disclosed four interrelated vulnerabilities. The flaws—CVE‑2026‑2275, ‑2285, ‑2286, and ‑2287—stem from the Code Interpreter tool’s fallback to an insecure sandbox and improper configuration checks. Exploited together, they enable remote code execution, SSRF, and arbitrary file...
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure
Rapid7 disclosed that a China‑linked state‑sponsored threat actor has embedded kernel‑level implants and passive backdoors deep within global telecom backbone infrastructure. The campaign leverages the BPFdoor Linux backdoor, CrossC2 beacons and the TinyShell framework to achieve long‑term, stealthy persistence across...
Dell and HP Roll Out Quantum-Resistant Device Security
HP and Dell announced new hardware‑level security features aimed at defending against physical attacks and emerging quantum‑computing threats. HP introduced TPM Guard, which encrypts the TPM‑CPU link, and added quantum‑resistant cryptography to its LaserJet Pro and Enterprise printer lines along...
DoE Publishes 5-Year Energy Security Plan
The U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) unveiled a three‑pronged, five‑year energy security plan covering fiscal years 2026‑2030. The plan targets world‑class security technologies, hardening of critical energy infrastructure, and streamlined response and...
Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector
Poland recorded a dramatic rise in cyber activity in 2025, logging roughly 270,000 attacks—2.5 times more than the previous year. The most serious incident was a destructive infiltration of a combined heat‑and‑power plant on Dec. 29, affecting services for about 500,000...
RSAC 2026 Conference Announcements Summary (Day 1)
The RSAC 2026 conference showcased a wave of AI‑focused security launches, from Acalvio’s 360 Deception framework to Arctic Wolf’s Aurora Superintelligence Platform and Broadcom’s Symantec CBX XDR solution. Vendors emphasized agentic capabilities—AI agent discovery, policy enforcement, and runtime governance—to counter increasingly automated threats. Several...
3.1 Million Impacted by QualDerm Data Breach
QualDerm Partners disclosed that a December 2025 cyber‑attack compromised the personal, medical, and health‑insurance records of more than 3.1 million individuals. Attackers accessed the network for two days, exfiltrating data from a limited set of systems before the breach was detected...
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
Citrix has issued emergency patches for a critical‑severity vulnerability, CVE‑2026‑3055 (CVSS 9.3), that enables an out‑of‑bounds read and sensitive memory leak in NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider. The update also fixes CVE‑2026‑4368, a high‑severity...
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
Tycoon 2FA, a subscription‑based phishing‑as‑a‑service platform, continued operating at full capacity despite an international takedown effort. The service was responsible for 62 % of Microsoft‑blocked phishing attempts in 2025 and generated over 30 million malicious emails each month, affecting roughly half a million...
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
Arctic Wolf reported active exploitation of the critical authentication‑bypass flaw CVE‑2025‑32975 in Quest KACE Systems Management Appliance (SMA) instances exposed to the internet. The vulnerability, patched by Quest in May 2025, allows unauthenticated actors to impersonate users and gain full administrative control. Exploitation...
Thousands of Magento Sites Hit in Ongoing Defacement Campaign
A coordinated defacement campaign has compromised over 7,500 Magento sites in just three weeks, leveraging an unauthenticated file‑upload flaw across Open Source, Enterprise and B2B deployments. Threat actors are posting plaintext files, often bearing the handle “Typical Idiot Security,” to...
Critical Langflow Vulnerability Exploited Hours After Public Disclosure
Langflow, a widely used open‑source AI workflow builder, disclosed a critical remote code execution flaw (CVE‑2026‑33017) with a CVSS score of 9.3. The vulnerability affects an unauthenticated POST endpoint that processes a ‘data’ parameter, allowing attackers to inject Python code...
The Collapse of Predictive Security in the Age of Machine-Speed Attacks
Rapid7’s 2026 analysis warns that the predictive security window has collapsed as attackers exploit disclosed vulnerabilities within days, outpacing patch cycles. The industrialization of cybercrime, driven by efficient internet access brokers and silent‑entry data grabs, accelerates this speed. Predictive defenses...
Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation
Seattle‑based XBOW announced a $120 million Series C round that pushes its valuation above $1 billion. The funding, led by DFJ Growth and Northzone, brings total capital to $237 million and will fuel global expansion and product development. XBOW’s AI‑powered platform autonomously discovers and...
Cloud Security Startup Native Exits Stealth With $42 Million in Funding
Native, a cloud‑security startup, emerged from stealth after raising $42 million total, including a $31 million Series A led by Ballistic Ventures. The company’s platform translates enterprise security policies into native controls for AWS, Azure, Google Cloud and Oracle Cloud, enabling consistent enforcement...
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact
The Cl0p ransomware group claims a massive Oracle E‑Business Suite breach that exploited zero‑day flaws, affecting over 100 organizations. Among the victims, Broadcom, Bechtel, Estée Lauder and Abbott have not issued any public comment despite leaks of 2 TB, 870 GB and other...
Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet
Law enforcement agencies in the United States and Europe have dismantled SocksEscort, a malicious proxy service powered by the AVrecon botnet that leveraged compromised routers and IoT devices. The operation uncovered roughly 363,000 IP addresses across 163 countries and about...
The Human IOC: Why Security Professionals Struggle with Social Vetting
Security professionals excel at rigorously vetting technical indicators but often neglect the same discipline when assessing people or organizations. This bias leads to unverified negative rumors influencing decisions, which can cause false positives, wasted resources, and damaged stakeholder trust. The...
Splunk, Zoom Patch Severe Vulnerabilities
Security vendors Splunk and Zoom released emergency patches this week to remediate multiple critical and high‑severity vulnerabilities across their product lines. Zoom fixed a critical privilege‑escalation flaw in Workplace for Windows and three high‑severity defects in its Windows client software....
Cisco Patches High-Severity IOS XR Vulnerabilities
Cisco issued its semiannual IOS XR security advisory, addressing four high‑severity vulnerabilities. Two CVEs (CVE‑2026‑20040 and CVE‑2026‑20046) each score 8.8 and enable privilege escalation to root via crafted CLI commands. A third flaw (CVE‑2026‑20074) can cause an IS‑IS process restart,...
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea
Security firm Hudson Rock has linked the 2024 Polyfill supply chain attack, which infected over 100,000 websites, to North Korean threat actors, overturning earlier attributions to China. The attack stemmed from the acquisition of Polyfill.io by Chinese CDN Funnull, which...
Cybersecurity M&A Roundup: 42 Deals Announced in February 2026
February 2026 saw a record 42 cybersecurity M&A announcements, highlighting intensified consolidation across the sector. Major deals include Arctic Wolf’s acquisition of Sevco Security, Check Point’s three AI‑driven purchases, and Palo Alto Networks’ $400 million buy of endpoint‑security firm Koi. Other...
Internet Infrastructure TLD .arpa Abused in Phishing Attacks
A threat actor is exploiting the .arpa top‑level domain, which is intended solely for reverse DNS, to host phishing sites. By creating A records for IPv6 reverse‑DNS zones through providers such as Cloudflare and Hurricane Electric, the attacker serves malicious...
Over 100 GitHub Repositories Distributing BoryptGrab Stealer
Trend Micro uncovered a coordinated campaign distributing the BoryttGrab information stealer through more than 100 GitHub repositories. The malware harvests browser credentials, cryptocurrency‑wallet data, Telegram files, Discord tokens, and system information, then exfiltrates it via a C&C server. Some variants...
Tycoon 2FA Phishing Platform Dismantled in Global Takedown
A coordinated operation by Europol, Microsoft and dozens of security firms dismantled the Tycoon 2FA phishing‑as‑a‑service platform. The service, responsible for roughly 62% of Microsoft‑blocked phishing attempts, sent tens of millions of phishing emails to 500,000 organizations each month and...
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents
Employees seeking free, cracked software inadvertently introduce malware into corporate networks, according to Barracuda’s recent findings. The illicit installers often disable antivirus and embed payloads such as infostealers, cryptominers, and ransomware, leading to complex remediation that may require full system...
Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability
Security researcher Gjoko Krstic disclosed a high‑risk flaw in Honeywell's IQ4 building‑management controller, claiming the web‑based HMI is unauthenticated by default and can be exploited to create admin accounts. He identified roughly 7,500 internet‑exposed devices, with about 20% lacking authentication,...
Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking
Security agency CISA disclosed that Gardyn smart indoor hydroponic gardens suffered two critical and two high‑severity vulnerabilities, affecting an estimated 138,000 devices. The critical flaws include a command‑injection bug (CVE‑2025‑29631) and hard‑coded admin credentials (CVE‑2025‑1242) that enable remote, unauthenticated control...
Trend Micro Patches Critical Apex One Vulnerabilities
TrendAI, the enterprise arm of Trend Micro, released patches for eight vulnerabilities in its Apex One endpoint security suite. Two critical CVEs (2025‑71210 and 2025‑71211) could let remote attackers upload malicious code and execute commands via the management console, while six high‑severity...
Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
Wynn Resorts confirmed that hackers exfiltrated more than 800,000 employee records, including Social Security numbers, after the data appeared on the ShinyHunters leak site on February 20. The casino operator said the stolen data has been deleted and that no guest...
GitHub Issues Abused in Copilot Attack Leading to Repository Takeover
Security firm Orca disclosed a critical vulnerability in GitHub Codespaces that lets attackers exfiltrate the automatically generated GITHUB_TOKEN and seize full control of a repository. The exploit, dubbed RoguePilot, leverages malicious content hidden in a GitHub issue, symbolic links, and...
Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs
TeamT5, a Taiwan‑based cybersecurity firm, confirmed that CVE‑2024‑7694 – a privilege‑escalation flaw allowing malicious file uploads and arbitrary command execution – was likely weaponized by Chinese advanced persistent threat groups Slime57 and Slime62. The vulnerability, patched in August 2024, was exploited...
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
Healthcare diagnostics firm Vikor Scientific, now operating as Vanta Diagnostics, disclosed a data breach affecting nearly 140,000 individuals. The breach was traced to Catalyst RCM, a revenue-cycle‑management vendor, whose compromised credentials allowed the Everest ransomware group to exfiltrate roughly 12 GB...
NIST’s Quantum Breakthrough: Single Photons Produced on a Chip
NIST announced a chip that reliably generates a single photon on demand using quantum‑dot technology. The device achieves near‑perfect efficiency and, when paired with superconducting nanowire single‑photon detectors, can transmit photons up to 600 miles. Mass‑production of the chip is...
API Threats Grow in Scale as AI Expands the Blast Radius
API vulnerabilities accounted for 17% of the 60,000+ flaws disclosed in 2025, and 43% of exploited weaknesses were API‑related, underscoring a growing attack surface. Wallarm’s report highlights a dramatic 270% rise in Model Context Protocol (MCP) flaws between Q2 and...
