News

GitHub-hosted malware campaign uses split payload to evade detection

Don't miss, GitHub, Hot stuff, Malware, Netskope, News, trojan /

GitHub-hosted malware campaign uses split payload to evade detection 2026-03-24 at 13:12 By Zeljka Zorz A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to […]

GitHub-hosted malware campaign uses split payload to evade detection Read More »

Quantum threats are already active and the defense response remains fragmented

CISO, cybersecurity, Don't miss, Encryption, Features, Hot stuff, News, pQCee, quantum computing, RSAC 2026, strategy /

Quantum threats are already active and the defense response remains fragmented 2026-03-23 at 17:17 By Mirko Zorz Enterprises are moving toward post-quantum security at uneven speeds, and the gap between organizations that have built crypto-agility into their infrastructure and those that have adopted the label without the underlying capability is widening. Dr. Tan Teik Guan,

Quantum threats are already active and the defense response remains fragmented Read More »

The devices winning the race to get hacked in 2026

cyber risk, cybersecurity, Forescout, hardware, Internet of Things, News, report, survey /

The devices winning the race to get hacked in 2026 2026-03-23 at 17:17 By Sinisa Markovic Enterprise networks keep adding connected devices, expanding the attack surface as threat actors target a wider range of systems, many of which are difficult to inventory, secure, and patch consistently. (Source: Forescout) Forescout’s 2026 Riskiest Devices research maps that

The devices winning the race to get hacked in 2026 Read More »

Top must-visit companies at RSAC 2026

12Port, Apiiro, Cline, conferences, Don't miss, GlobalSign, IDEMIA, Mimecast, MyCISO, News, Novee, RSAC 2026, Teleport, Unbound /

Top must-visit companies at RSAC 2026 2026-03-23 at 17:17 By Mirko Zorz RSAC 2026 Conference is taking place at the Moscone Center in San Francisco March 23 – 26. With hundreds of booths, countless product demos, and nonstop buzz, navigating RSAC can be overwhelming. That’s why we’ve done the legwork to highlight the standout companies

Top must-visit companies at RSAC 2026 Read More »

LevelBlue Takes Home Twin 2026 Global Info Sec Awards

DFIR, Managed Detection and Response, Managed Security Services, News, Spotlights /

LevelBlue Takes Home Twin 2026 Global Info Sec Awards 2026-03-23 at 16:13 By LevelBlue is proud to announce thatCyber Defense Magazine has named it the winner of its Global InfoSec Awards 2026 for TrailblazingManaged Security Service Provider (MSSP) and Market DisruptorThreat Detection, Incident Response, Hunting and Triage Platform. This article is an excerpt from LevelBlue Blog View

LevelBlue Takes Home Twin 2026 Global Info Sec Awards Read More »

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)

API security, Don't miss, enterprise, Hot stuff, identity management, News, Oracle, vulnerability /

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) 2026-03-23 at 13:50 By Zeljka Zorz Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whether the vulnerability has been exploited as a zero-day, but

Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) Read More »

Russian hackers go after high-value targets through Signal

CISA, cyber espionage, FBI, Government, News, phishing, Russian Federation, Signal /

Russian hackers go after high-value targets through Signal 2026-03-23 at 11:20 By Sinisa Markovic Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of intelligence interest, including government personnel, journalists, and others with access to sensitive communications. It is believed

Russian hackers go after high-value targets through Signal Read More »

Your AI agents are moving sensitive data. Do you know where?

agentic AI, Artificial Intelligence, Bonfy.AI, CISO, CXO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, RSAC 2026, strategy, threat modeling /

Your AI agents are moving sensitive data. Do you know where? 2026-03-23 at 09:18 By Mirko Zorz In this Help Net Security interview, Gidi Cohen, CEO at Bonfy.AI, addresses what he sees as the most pressing gap in AI agent security: data-layer risk. While the industry focuses on prompt injection and model behavior, Cohen argues

Your AI agents are moving sensitive data. Do you know where? Read More »

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps

Aurigo Software Technologies, cybersecurity, Don't miss, GitHub, GitLab, News, open source, scanner, software /

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps 2026-03-23 at 09:18 By Anamarija Pogorelec GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings, and required templates go missing. An open-source tool called Plumber automates the detection of

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps Read More »

NIST updates its DNS security guidance for the first time in over a decade

cybersecurity, DNS, DNSSEC, Don't miss, how-to, Infoblox, News, NIST, security standard /

NIST updates its DNS security guidance for the first time in over a decade 2026-03-23 at 09:18 By Mirko Zorz DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure

NIST updates its DNS security guidance for the first time in over a decade Read More »

Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw

News, Week in review /

Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw 2026-03-22 at 12:37 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What smart factories keep getting wrong about cybersecurity In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the

Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw Read More »

Terminated contract led to $2.5 million cyber extortion scheme

cybercrime, extortion, Government, Insider Threat, News, US DoJ, USA /

Terminated contract led to $2.5 million cyber extortion scheme 2026-03-20 at 19:32 By Sinisa Markovic A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international technology company. He faces up to two years in prison on each of the six charges. Curry,

Terminated contract led to $2.5 million cyber extortion scheme Read More »

Google slows Android sideloading to trip up scammers

Android, Application Security, Google, News, scams, software development /

Google slows Android sideloading to trip up scammers 2026-03-20 at 19:32 By Anamarija Pogorelec Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at experienced users and allows sideloading through a controlled, one-time setup. It addresses scam scenarios where attackers pressure

Google slows Android sideloading to trip up scammers Read More »

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)

0-day, AWS, Cisco, Don't miss, enterprise, firewall, Hot stuff, News, Ransomware /

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) 2026-03-20 at 15:21 By Zeljka Zorz A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransomware gang, Amazon CISO and VP of Security Engineering

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131) Read More »

Authorities disrupt four IoT botnets behind record DDoS attacks

botnet, cybercrime, Government, law enforcement, News, USA /

Authorities disrupt four IoT botnets behind record DDoS attacks 2026-03-20 at 12:46 By Sinisa Markovic The U.S. Justice Department and international partners have disrupted four IoT botnets linked to DDoS attacks that reached 30 terabits per second, among the largest ever recorded. The post Authorities disrupt four IoT botnets behind record DDoS attacks appeared first

Authorities disrupt four IoT botnets behind record DDoS attacks Read More »

Fake AI songs streamed billions of times, netting fraudster $10 million

Artificial Intelligence, bot, cybercrime, fraud, law enforcement, News, US DoJ /

Fake AI songs streamed billions of times, netting fraudster $10 million 2026-03-20 at 12:20 By Anamarija Pogorelec Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He admitted to one count of conspiracy to commit wire

Fake AI songs streamed billions of times, netting fraudster $10 million Read More »

Unpatched ScreenConnect servers open to attack (CVE-2026-3564)

ConnectWise, Don't miss, Hot stuff, MSP, News, remote management, vulnerability /

Unpatched ScreenConnect servers open to attack (CVE-2026-3564) 2026-03-20 at 11:44 By Zeljka Zorz ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution

Unpatched ScreenConnect servers open to attack (CVE-2026-3564) Read More »

ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption

ConductorOne, News /

ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption 2026-03-20 at 09:39 By Industry News ConductorOne has announced its AI Access Management product extension, a unified control plane for managing access to AI tools, agents, and MCP connections across the enterprise. The platform enables organizations to accelerate AI adoption while maintaining full visibility,

ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption Read More »

DarkSword: Researchers uncover another iOS exploit kit

cyber espionage, cybercrime, data theft, Don't miss, exploit kit, Google, Hot stuff, iOS, iPhone, iVerify, Lookout, News /

DarkSword: Researchers uncover another iOS exploit kit 2026-03-19 at 16:54 By Zeljka Zorz A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared. iOS vulnerabilities exploited by DarkSword Two weeks ago, Google Threat Intelligence Group (GTIG) and iVerify disclosed the

DarkSword: Researchers uncover another iOS exploit kit Read More »

Scroll to Top