Cybersecurity News from Across the Internet
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary … Read More “3 SOC Process Fixes That Unlock Tier 1 Productivity – The Hacker News” »
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. “It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked,” ReliaQuest researchers … Read More “DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials – The Hacker News” »
Crypto enables 24/7 payments for AI agents, replacing fiat limits with scalable machine-to-machine transactions and powering the emerging machine economy. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
15-year-old strongSwan flaw allows attackers to crash VPNs via integer underflow bug, affecting EAP-TTLS plugin and multiple versions worldwide. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Multiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, the most severe of which could allow for memory overread. NetScaler ADC is a networking product that functions as an Application Delivery Controller (ADC), a tool that optimizes, secures, and ensures the reliable availability of applications for businesses. NetScaler Gateway is a secure remote … Read More “Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Memory Overread – Cyber Security Advisories – MS-ISAC” »
A vulnerability has been discovered in F5 Products that could allow for remote code execution. F5 BIG IP APM is an access policy management solution designed to enforce secure access to applications, APIs, and sensitive data. It is commonly deployed by enterprises, financial institutions, and government or public sector organizations to centrally control authentication, authorization, … Read More “A Vulnerability in F5 Products Could Allow for Remote Code Execution – Cyber Security Advisories – MS-ISAC” »
A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’ – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There’s a bit of everything this week. Persistence plays, legal wins, influence … Read More “⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More – The Hacker News” »
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials – Read More –
Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year’s findings … Read More “The State of Secrets Sprawl 2026: 9 Takeaways for CISOs – The Hacker News” »
The UK Information Commissioner’s Office has handed a £100,000 fine to Birmingham-based TMAC – Read More –
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability – Read More –
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling – Read More … Read More “Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels – The Hacker News” »
The NCSC is encouraging UK organisations to mitigate an unauthenticated remote code execution vulnerability affecting F5 BIG-IP Access Policy Manager. – Read More – All Feed
The European Commission has revealed details of a data breach impacting its AWS infrastructure – Read More –
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.” The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL … Read More “Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign – The Hacker News” »
Understanding the threats and staying ahead of the adversary – Read More – All Feed
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4 iOS 26.4 and iPadOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126792. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: … Read More “APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7 iOS 18.7.7 and iPadOS 18.7.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/126793. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: … Read More “APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-3 macOS Tahoe 26.4 macOS Tahoe 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126794. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: macOS Tahoe Impact: An … Read More “APPLE-SA-03-24-2026-3 macOS Tahoe 26.4 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5 macOS Sequoia 15.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126795. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: macOS Sequoia Impact: An … Read More “APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5 macOS Sonoma 14.8.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/126796. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-6 tvOS 26.4 tvOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126797. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple TV HD and Apple TV … Read More “APPLE-SA-03-24-2026-6 tvOS 26.4 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-7 watchOS 26.4 watchOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126798. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple Watch Series 6 and later … Read More “APPLE-SA-03-24-2026-7 watchOS 26.4 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-8 visionOS 26.4 visionOS 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126799. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. 802.1X Available for: Apple Vision Pro (all models) Impact: … Read More “APPLE-SA-03-24-2026-8 visionOS 26.4 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-9 Safari 26.4 Safari 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126800. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. WebKit Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-03-24-2026-9 Safari 26.4 – Full Disclosure” »
Posted by Apple Product Security via Fulldisclosure on Mar 28 APPLE-SA-03-24-2026-10 Xcode 26.4 Xcode 26.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/126801. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. otool Available for: macOS Tahoe 26.2 and later Impact: … Read More “APPLE-SA-03-24-2026-10 Xcode 26.4 – Full Disclosure” »
ShinyHunters claims it breached European Commission systems, leaking 350GB of data. Officials are investigating, with no independent verification yet. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website that Patel “will now find … Read More “Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack – The Hacker News” »
Lloyds Banking Group to compensate 450,000 customers after app glitch exposed data. Find out how the glitch affected… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to memory overread, which an attacker could exploit to leak potentially sensitive information. Per – Read … Read More “Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug – The Hacker News” »
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community … Read More “TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign – The Hacker News” »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution. … Read More “CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation – The Hacker News” »
Iran-linked Handala hackers breached FBI Chief Kash Patel’s Gmail, leaking photos and documents. Officials say no classified data was exposed. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
ShinyHunters leaves BreachForums, leaks data of 300,000 users, warns all active domains are fake, and threatens more leaks from forum backups. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. “Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this … Read More “Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits – The Hacker News” »
Google fast-tracks post-quantum cryptography with a 2029 deadline as researchers warn quantum computers could break current encryption sooner than expected. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Iranian hackers claimed Friday to have compromised the personal data of FBI Director Kash Patel, and the bureau confirmed that it knew of the targeting of Patel’s personal email. The government-connected hacking group, Handala, previously claimed credit for hacking medical device maker Stryker, a boast that threat researchers considered credible. “All personal and confidential email … Read More “Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data – CyberScoop” »
Researchers at WatchGuard have identified a new phishing campaign targeting companies in Venezuela. Using malicious SVG image files… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a … Read More “TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files – The Hacker News” »
SAN FRANCISCO — Every RSA Conference has its buzzwords. Cloud. Ransomware. Zero trust. Plastered across the 87-acre Moscone Center complex on every booth, banner and bar. This year was AI, with vendors pitching AI-powered solutions to every security problem imaginable. But 2026 stood out for a different reason: Industry leaders spent the conference warning about … Read More “Security leaders say the next two years are going to be ‘insane’ – CyberScoop” »
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages – Read More –
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. “The pipeline had a single boolean return value that meant both ‘no scanners are … Read More “Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks – The Hacker News” »
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware – Read More –
Letter from group published by MPs blames 12 March glitch on software update to its mobile banking apps Lloyds Banking Group exposed the personal data of nearly 500,000 customers in an IT glitch that left people’s payments, account details and national insurance numbers visible to other users, a committee of MPs has revealed. A letter … Read More “Almost half a million Lloyds customers had personal data exposed in IT glitch – Data and computer security | The Guardian” »
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. “TikTok has been historically … Read More “AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion – The Hacker News” »
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever” – Read More –
‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration – Read More –
World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog. – Read More – GRAHAM CLULEY
