Cybersecurity

638 articles in this category (Page 4 of 27)

AI NewsCybersecurityMalware

GlassWorm Malware: Solana Dead Drops and Browser Data Theft via Rogue Extensions

GlassWorm exploits Solana blockchain memos and Google Calendar to deliver data-stealing RATs targeting developers via compromised npm and MCP packages.

Mar 25, 2026

AI NewsCybersecurityLegal

LeakBase Admin Arrested: Russian Law Enforcement Dismantles Major Stolen Credential Marketplace

Russian authorities arrested the alleged administrator of LeakBase, a cybercrime forum hosting hundreds of millions of stolen credentials and bank details.

Mar 25, 2026

AI NewsCybersecurityDevOps

LiteLLM Supply Chain Attack: How Unpinned Dependencies Compromised 3.4M Daily Downloads

On March 24, 2026, LiteLLM (3.4M daily downloads) was backdoored via PyPI. Attackers harvested cloud credentials, SSH keys, and Kubernetes tokens via a poisoned build.

Mar 24, 2026

AI NewsCybersecurityCloud Computing

Navigating Multi-Stage Security Attacks: Insights from AWS Security Leadership

AWS VP Gee Rittenhouse discusses the rising complexity of multi-stage attacks and the dual role of AI in cloud defense and vulnerability creation.

Mar 24, 2026

AI NewsCybersecuritySoftware Development

CVE-2026-32278: Critical File Upload Flaw in Connect-CMS Enables Administrative Session Hijacking

Connect-CMS versions up to 1.41.0 and 2.41.0 are vulnerable to a CVSS 8.2 Stored XSS flaw where unauthenticated file uploads lead to administrative account takeover.

Mar 23, 2026

AI NewsCybersecurityDevOps

Democratizing Vulnerability Intelligence with RiskScore.dev

Riskscore.dev launches an affordable vulnerability intelligence platform offering a free dashboard and API to help security teams prioritize hundreds of annual CVEs for under $30/month.

Mar 22, 2026

AI NewsArticleCybersecurity

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Russian-linked phishing campaigns have compromised thousands of Signal and WhatsApp accounts by impersonating support services to seize control of high-value targets' communications.

Mar 21, 2026

AI NewsCybersecurityIdentity Management

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes critical CVE-2026-21992 (CVSS 9.8), an unauthenticated remote code execution flaw in Identity Manager and Web Services Manager.

Mar 21, 2026

AI NewsCybersecurityWeb Development

Understanding Device Fingerprinting for Persistent User Identification

Device fingerprinting identifies unique users by collecting hardware and browser data points, bypassing traditional cookie-based tracking limitations.

Mar 21, 2026

AI NewsCybersecurityDevOps

Trivy GitHub Actions Compromised: 75 Tags Hijacked to Steal CI/CD Secrets

Attackers hijacked 75 tags in the Trivy GitHub Action to distribute an infostealer, compromising CI/CD secrets and establishing persistence on developer machines.

Mar 20, 2026

AI NewsCybersecurityIAM

The Credential That Never Expires: Moving Beyond Static Privilege

Eliminate standing privilege with PAM to reduce access-related incidents by 70% using just-in-time access and ephemeral credentials for secure production.

Mar 19, 2026

AI NewsOpen SourceCybersecurity

Addressing Open Source Sustainability and Security with Trusted Stewardship

Chainguard announces new security initiatives at its Assemble conference to address open source sustainability issues including funding and maintainer burnout.

Mar 17, 2026

AI NewsArticleCybersecurity

GlassWorm Campaign: 72 Malicious Open VSX Extensions Target Developers

GlassWorm campaign abused 72 malicious Open VSX extensions and 151 GitHub repositories to steal secrets using stealthy transitive dependencies.

Mar 14, 2026

AI NewsCybersecurityArtificial Intelligence

OpenClaw AI Agent Flaws Enable Prompt Injection and Data Exfiltration

CNCERT warns that OpenClaw's weak security defaults enable prompt injection and data leaks, leading China to restrict its use on government systems.

Mar 14, 2026

AI NewsCybersecurityThreat Intelligence

Chinese State-Backed Hackers Target Southeast Asian Militaries with Custom Malware

Chinese threat actor CL-STA-1087 has targeted Southeast Asian military systems since 2020 using custom backdoors like AppleChris and MemFun for espionage.

Mar 13, 2026

AI NewsCybersecuritySoftware Development

Critical n8n Flaws Enable Remote Code Execution and Credential Theft

n8n addresses four critical vulnerabilities (CVSS 9.4-9.5) allowing unauthenticated RCE via Form nodes and sandbox escapes, risking exposure of global encryption keys and stored credentials.

Mar 11, 2026

AI NewsArticleCybersecurity

Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown

Meta disabled 150,000 scam accounts tied to Southeast Asian fraud networks and removed 159 million scam ads in 2025 to disrupt industrialized criminal operations.

Mar 11, 2026

AI NewsArticleCybersecurity

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Researchers used GAN-trained phishing pages to compromise Perplexity’s Comet AI browser in under four minutes, demonstrating a shift from human-targeted to AI-targeted attack surfaces.

Mar 11, 2026

AI NewsCybersecurityNetwork Security

FortiGate Appliances Targeted to Steal LDAP Credentials and Breach Networks

Threat actors are exploiting FortiGate NGFW vulnerabilities to extract configuration files and decrypt LDAP credentials for Active Directory access.

Mar 10, 2026

AI NewsAI SecurityCybersecurity

Securing Agentic Workflows: Auditing AI Data Leaks and Hidden Vulnerabilities

Learn to audit AI agents and mitigate data leak risks in modern agentic workflows during a webinar featuring Rahul Parwani, Head of Product at Airia.

Mar 10, 2026

AI NewsAppSecurityCybersecurity

API Credential Theft: The Critical Shift to Identity-Based Data Breaches

API credential theft is now the #2 cause of data breaches, with AI-driven exploitation increasing 89% year-over-year as breaches occur in under 8 minutes.

Mar 9, 2026

AI NewsAppSecCybersecurity

API Credential Security: 8-Minute Exploitation and Real-Time Breach Detection

Exposed API credentials are exploited in 8-10 minutes on average, significantly faster than the typical 4-6 hour security detection window.

Mar 9, 2026

AI NewsCybersecurityAI Governance

Securing the Cerebral Link: Neural Implant Threats and AI Governance

As 2M+ people globally use neural implants, emerging threats like neuromorphic mimicry show a 67% success rate in defeating BCI authentication systems.

Mar 9, 2026

AI NewsCybersecurityWeb Development

Mercurius GraphQL Fixes Critical WebSocket Query Depth Bypass (CVE-2026-30241)

Mercurius GraphQL patches CVE-2026-30241, a logic vulnerability in Fastify's adapter allowing unauthenticated attackers to bypass query depth limits via WebSockets.

Mar 6, 2026