https://csoh.org/news.html Latest cloud security news curated by Cloud Security Office Hours. Covers AWS, Azure, GCP, Kubernetes vulnerabilities, breaches, and more. en-us admin@csoh.org (CSOH) admin@csoh.org (CSOH) Sun, 05 Apr 2026 08:35:40 +0000 720 https://csoh.org/favicon.png https://csoh.org/news.html https://securityaffairs.com/190358/hacking/image-or-malware-read-until-the-end-and-answer-in-comments.html A malicious email delivered a .cmd malware that escalates privileges, bypasses antivirus, downloads payloads, sets persistence, and self-deletes. I received this email from a friend to make an analysis. First, let me... Security Affairs https://securityaffairs.com/190358/hacking/image-or-malware-read-until-the-end-and-answer-in-comments.html Sun, 05 Apr 2026 08:35:40 +0000 Cloud Security https://securityaffairs.com/190368/breaking-news/security-affairs-newsletter-round-571-by-pierluigi-paganini-international-edition.html A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, i... Security Affairs https://securityaffairs.com/190368/breaking-news/security-affairs-newsletter-round-571-by-pierluigi-paganini-international-edition.html Sun, 05 Apr 2026 08:29:28 +0000 Cloud Security https://www.helpnetsecurity.com/2026/04/05/week-in-review-axios-npm-supply-chain-compromise-critical-forticlient-ems-bug-exploited Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity attacks Generative AI tools have brought the cost of deepfake prod... Help Net Security https://www.helpnetsecurity.com/2026/04/05/week-in-review-axios-npm-supply-chain-compromise-critical-forticlient-ems-bug-exploited Sun, 05 Apr 2026 08:00:49 +0000 Vulnerability Identity Supply Chain https://www.bleepingcomputer.com/news/security/axios-npm-hack-used-fake-teams-error-fix-to-hijack-maintainer-account The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean... BleepingComputer https://www.bleepingcomputer.com/news/security/axios-npm-hack-used-fake-teams-error-fix-to-hijack-maintainer-account Sat, 04 Apr 2026 16:30:42 -0400 Scam Threat Research https://www.bleepingcomputer.com/news/security/device-code-phishing-attacks-surge-37x-as-new-kits-spread-online Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...] BleepingComputer https://www.bleepingcomputer.com/news/security/device-code-phishing-attacks-surge-37x-as-new-kits-spread-online Sat, 04 Apr 2026 10:17:38 -0400 Phishing https://www.helpnetsecurity.com/2026/04/04/forticlient-ems-zero-day-cve-2026-35616 Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation... Help Net Security https://www.helpnetsecurity.com/2026/04/04/forticlient-ems-zero-day-cve-2026-35616 Sat, 04 Apr 2026 14:09:54 +0000 Vulnerability https://securityaffairs.com/190333/security/european-commission-breach-exposed-data-of-30-eu-entities-cert-eu-says.html CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing th... Security Affairs https://securityaffairs.com/190333/security/european-commission-breach-exposed-data-of-30-eu-entities-cert-eu-says.html Sat, 04 Apr 2026 08:45:04 +0000 Breach https://www.elastic.co/security-labs/elastic-security-integrations-roundup-q1-2026 Elastic Security Labs announces nine new integrations for Elastic Security spanning cloud security, endpoint visibility, email threat detection, identity and SIEM. Elastic Security Labs https://www.elastic.co/security-labs/elastic-security-integrations-roundup-q1-2026 Sat, 04 Apr 2026 00:00:00 +0000 Identity https://www.schneier.com/blog/archives/2026/04/friday-squid-blogging-jurassic-fish-chokes-on-squid.html Here’s a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper . As usual, you can also use this squid post to ta... Schneier on Security https://www.schneier.com/blog/archives/2026/04/friday-squid-blogging-jurassic-fish-chokes-on-squid.html Fri, 03 Apr 2026 21:07:06 +0000 Cloud Security https://www.bleepingcomputer.com/news/security/evolution-of-ransomware-multi-extortion-ransomware-attacks Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. [...] BleepingComputer https://www.bleepingcomputer.com/news/security/evolution-of-ransomware-multi-extortion-ransomware-attacks Fri, 03 Apr 2026 10:05:15 -0400 Ransomware https://securityaffairs.com/190330/hacking/north-korea-linked-hackers-drain-285m-from-drift-in-sophisticated-attack.html Drift lost $285M in a sophisticated attack, likely by North Korea, who used nonce-based tricks to gain control and quickly drain funds Drift suffered a $285 million cryptocurrency heist in a highly sophisticated attac... Security Affairs https://securityaffairs.com/190330/hacking/north-korea-linked-hackers-drain-285m-from-drift-in-sophisticated-attack.html Fri, 03 Apr 2026 13:57:51 +0000 Cloud Security https://www.darkreading.com/remote-workforce/skull-vibrations-could-be-xr-headset-authentication "Skull vibration harmonics generated by vital signs" can be used to sign in to VR, AR, and MR headsets, according to emerging research. Dark Reading https://www.darkreading.com/remote-workforce/skull-vibrations-could-be-xr-headset-authentication Fri, 03 Apr 2026 13:30:00 +0000 Cloud Security https://securityaffairs.com/190310/cyber-crime/crystalx-rat-new-maas-malware-combines-spyware-stealer-and-remote-access.html CrystalX RAT, a new sophisticated MaaS malware, combines spyware, data theft, and remote access, allowing attackers to monitor victims. In March 2026, Kaspersky researchers uncovered a Telegram-based campaign promotin... Security Affairs https://securityaffairs.com/190310/cyber-crime/crystalx-rat-new-maas-malware-combines-spyware-stealer-and-remote-access.html Fri, 03 Apr 2026 13:23:57 +0000 Threat Research https://isc.sans.edu/diary/rss/32864 This is the sixth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x26;#;xa0;(v3.0, March 25, 2026).&#;x26;#... SANS ISC https://isc.sans.edu/diary/rss/32864 Fri, 03 Apr 2026 13:18:01 +0000 Breach Supply Chain Threat Research https://www.darkreading.com/application-security/source-code-leaks-highlight-lack-supply-chain-oversight Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. Dark Reading https://www.darkreading.com/application-security/source-code-leaks-highlight-lack-supply-chain-oversight Fri, 03 Apr 2026 13:00:00 +0000 Supply Chain https://www.helpnetsecurity.com/2026/04/03/cisco-imc-vulnerability-cve-2026-20093 Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain a... Help Net Security https://www.helpnetsecurity.com/2026/04/03/cisco-imc-vulnerability-cve-2026-20093 Fri, 03 Apr 2026 12:59:22 +0000 Vulnerability https://www.darkreading.com/application-security/chainguard-factory-automate-hardening-software-supply-chain The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open source artifacts across containers, libraries, agent skills, and GitHub Actions. Dark Reading https://www.darkreading.com/application-security/chainguard-factory-automate-hardening-software-supply-chain Fri, 03 Apr 2026 12:57:28 +0000 Supply Chain https://orca.security/resources/blog/unified-agentic-defense-platforms-sacr-report Software Analyst Cyber Research (SACR) has published its report, The Convergence of AI and Data Security: An Industry-Wide Technoscope of Unified Agentic Defense Platforms. In this evaluation of 15 leading vendors sha... Orca Security Blog https://orca.security/resources/blog/unified-agentic-defense-platforms-sacr-report Fri, 03 Apr 2026 12:50:00 +0000 AI https://www.securityweek.com/north-korean-hackers-drain-285-million-from-drift-in-10-seconds The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults. The post North Korean Hackers Drain $285 Million From Drift in 10 Seconds appeared first on... SecurityWeek https://www.securityweek.com/north-korean-hackers-drain-285-million-from-drift-in-10-seconds Fri, 03 Apr 2026 09:46:06 +0000 Cloud Security https://thehackernews.com/2026/04/new-sparkcat-variant-in-ios-android.html Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating system... The Hacker News https://thehackernews.com/2026/04/new-sparkcat-variant-in-ios-android.html Fri, 03 Apr 2026 14:40:00 +0530 Cloud Security https://thehackernews.com/2026/04/drift-loses-285-million-in-durable.html Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained... The Hacker News https://thehackernews.com/2026/04/drift-loses-285-million-in-durable.html Fri, 03 Apr 2026 14:05:00 +0530 Scam https://www.infosecurity-magazine.com/news/new-phishing-platform-credential A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom Infosecurity Magazine https://www.infosecurity-magazine.com/news/new-phishing-platform-credential Fri, 03 Apr 2026 08:00:00 +0000 Phishing Scam Threat Research https://securityaffairs.com/190319/data-breach/pro-iran-handala-group-breached-israeli-defence-contractor-psk-wind-technologies.html Iran-linked hackers claim to have breached Israeli air defence contractor PSK Wind, which develops command and control systems. Pro-Iran Handala group announced on April 2 that it breached PSK Wind Technologies, an Is... Security Affairs https://securityaffairs.com/190319/data-breach/pro-iran-handala-group-breached-israeli-defence-contractor-psk-wind-technologies.html Fri, 03 Apr 2026 07:52:52 +0000 Breach https://www.helpnetsecurity.com/2026/04/03/aperion-smartflow-sdk-ai-governance APERION launched SmartFlow SDK, providing a secure, on-premises path for enterprises migrating away from compromised cloud-based AI gateways. The launch coincides with a 200% increase in web traffic since the March 24... Help Net Security https://www.helpnetsecurity.com/2026/04/03/aperion-smartflow-sdk-ai-governance Fri, 03 Apr 2026 07:06:01 +0000 AI https://www.helpnetsecurity.com/2026/04/03/android-permissions-privacy-risks-research Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions of Messenger, Signal, and Telegram shows that diff... Help Net Security https://www.helpnetsecurity.com/2026/04/03/android-permissions-privacy-risks-research Fri, 03 Apr 2026 05:00:19 +0000 Cloud Security https://www.helpnetsecurity.com/2026/04/03/thales-digital-trust-trends-report Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments rarely stand out on their own, and over time t... Help Net Security https://www.helpnetsecurity.com/2026/04/03/thales-digital-trust-trends-report Fri, 03 Apr 2026 04:30:22 +0000 Cloud Security https://fortiguard.fortinet.com/threat-signal-report/6390 What is the Attack? A software supply chain attack targeted the widely used JavaScript library Axios after an attacker reportedly compromised a maintainer’s npm account and published malicious package versions 1.14.1... FortiGuard Labs https://fortiguard.fortinet.com/threat-signal-report/6390 Thu, 02 Apr 2026 19:50:07 -0700 Supply Chain https://www.darkreading.com/cybersecurity-operations/geopolitics-ai-cybersecurity-insights-rsac-2026 AI-driven threats, global leadership shifts, and the future of cybersecurity in a rapidly evolving landscape were among the discussions at RSAC 2026 Conference. Dark Reading https://www.darkreading.com/cybersecurity-operations/geopolitics-ai-cybersecurity-insights-rsac-2026 Thu, 02 Apr 2026 21:14:27 +0000 AI https://aws.amazon.com/blogs/security/four-security-principles-for-agentic-ai-systems Agentic AI represents a qualitative shift in how software operates. Traditional software executes deterministic instructions. Generative AI responds to human prompts with output that humans review and use at their dis... AWS Security Blog https://aws.amazon.com/blogs/security/four-security-principles-for-agentic-ai-systems Thu, 02 Apr 2026 20:45:09 +0000 AWS AI https://www.bleepingcomputer.com/news/security/claude-code-leak-used-to-push-infostealer-malware-on-github Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...] BleepingComputer https://www.bleepingcomputer.com/news/security/claude-code-leak-used-to-push-infostealer-malware-on-github Thu, 02 Apr 2026 16:30:55 -0400 Vulnerability Threat Research https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secret... The Hacker News https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html Fri, 03 Apr 2026 01:00:00 +0530 AWS Vulnerability Breach https://www.darkreading.com/cybersecurity-operations/security-bosses-all-in-ai CISOs are bullish on AI and have big plans to roll out future tools. We talk to Reddit CISO Frederick Lee and leading analyst Dave Gruber about how AI is working out in the real world, as well as its future promise. Dark Reading https://www.darkreading.com/cybersecurity-operations/security-bosses-all-in-ai Thu, 02 Apr 2026 19:12:45 +0000 AI https://www.bleepingcomputer.com/news/security/residential-proxies-evaded-ip-reputation-checks-in-78-percent-of-4b-sessions Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. [...] BleepingComputer https://www.bleepingcomputer.com/news/security/residential-proxies-evaded-ip-reputation-checks-in-78-percent-of-4b-sessions Thu, 02 Apr 2026 11:21:02 -0400 Cloud Security https://www.infosecurity-magazine.com/news/storm-infostealer-remotely This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls Infosecurity Magazine https://www.infosecurity-magazine.com/news/storm-infostealer-remotely Thu, 02 Apr 2026 15:00:00 +0000 Scam https://isc.sans.edu/diary/rss/32860 From its GitHub repo: "Vite (French word for "quick", pronounced /vi?t/, like "veet") is a new breed of frontend build tooling that significantly improves the frontend development experience" [https://github.com/vitej... SANS ISC https://isc.sans.edu/diary/rss/32860 Thu, 02 Apr 2026 14:49:00 +0000 Vulnerability Breach https://www.infosecurity-magazine.com/news/ncsc-alert-hackers-whatsapp-signal The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks Infosecurity Magazine https://www.infosecurity-magazine.com/news/ncsc-alert-hackers-whatsapp-signal Thu, 02 Apr 2026 14:15:00 +0000 Scam https://www.bleepingcomputer.com/news/security/adversaries-exploit-vacant-homes-to-intercept-mail-in-hybrid-cybercrime Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...] BleepingComputer https://www.bleepingcomputer.com/news/security/adversaries-exploit-vacant-homes-to-intercept-mail-in-hybrid-cybercrime Thu, 02 Apr 2026 10:01:11 -0400 Vulnerability Scam Threat Research https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide Written by: Stuart Carrera Introduction Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations di... Google Threat Intelligence https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide Thu, 02 Apr 2026 14:00:00 +0000 Threat Research https://www.infosecurity-magazine.com/news/apple-ios-18-updates-darksword iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit Infosecurity Magazine https://www.infosecurity-magazine.com/news/apple-ios-18-updates-darksword Thu, 02 Apr 2026 13:30:00 +0000 Vulnerability https://blog.talosintelligence.com/video-the-ttp-ep-21-when-attackers-become-trusted-users An episode of the Talos Threat Perspective on the 2025 Year in Review trends. We explore how identity is being used to gain, extend, and maintain access inside environments. Cisco Talos https://blog.talosintelligence.com/video-the-ttp-ep-21-when-attackers-become-trusted-users Thu, 02 Apr 2026 13:06:45 +0000 Identity https://blog.cloudflare.com/rethinking-cache-ai-humans The explosion of AI-bot traffic, representing over 10 billion requests per week, has opened up new challenges and opportunities for cache design. We look at some of the ways AI bot traffic differs from humans, how thi... Cloudflare Blog https://blog.cloudflare.com/rethinking-cache-ai-humans Thu, 02 Apr 2026 13:00:00 +0000 AI https://www.infosecurity-magazine.com/news/researchers-subonehour-ransomware Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour Infosecurity Magazine https://www.infosecurity-magazine.com/news/researchers-subonehour-ransomware Thu, 02 Apr 2026 13:00:00 +0000 Ransomware https://www.infosecurity-magazine.com/news/github-covert-multi-stage-malware LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration Infosecurity Magazine https://www.infosecurity-magazine.com/news/github-covert-multi-stage-malware Thu, 02 Apr 2026 13:00:00 +0000 Threat Research https://thehackernews.com/2026/04/threatsday-bulletin-pre-auth-chains.html The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping sys... The Hacker News https://thehackernews.com/2026/04/threatsday-bulletin-pre-auth-chains.html Thu, 02 Apr 2026 18:15:00 +0530 Cloud Security https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging a collection framework dubbed “NEXUS Lis... Cisco Talos https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications Thu, 02 Apr 2026 10:00:57 +0000 Scam Threat Research https://blog.talosintelligence.com/qilin-edr-killer This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. Cisco Talos https://blog.talosintelligence.com/qilin-edr-killer Thu, 02 Apr 2026 10:00:56 +0000 Ransomware https://blog.talosintelligence.com/inside-the-talos-2025-year-in-review-a-discussion-on-what-the-data-means-for-defenders A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now. Cisco Talos https://blog.talosintelligence.com/inside-the-talos-2025-year-in-review-a-discussion-on-what-the-data-means-for-defenders Thu, 02 Apr 2026 10:00:49 +0000 Identity AI https://blog.talosintelligence.com/an-overview-of-ransomware-threats-in-japan-in-2025-and-early-detection-insights-from-qilin-cases There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024. Cisco Talos https://blog.talosintelligence.com/an-overview-of-ransomware-threats-in-japan-in-2025-and-early-detection-insights-from-qilin-cases Thu, 02 Apr 2026 10:00:13 +0000 Ransomware https://thehackernews.com/2026/04/apple-expands-ios-1877-update-to-more.html Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the a... The Hacker News https://thehackernews.com/2026/04/apple-expands-ios-1877-update-to-more.html Thu, 02 Apr 2026 12:39:00 +0530 Vulnerability https://webflow.sysdig.com/blog/the-sysdig-mcp-server-is-now-available-in-aws-marketplace Correlating security signals from cloud services, container registries, and runtime environments is an important component of maintaining secure cloud deployments. But making this a seamless process, without the need... Sysdig Blog https://webflow.sysdig.com/blog/the-sysdig-mcp-server-is-now-available-in-aws-marketplace Thu, 02 Apr 2026 00:00:00 +0000 AWS https://webflow.sysdig.com/blog/risk-isnt-reduced-until-you-take-action-how-teams-resolve-issues-in-the-cloud Effective remediation depends on real-time insight that allows security teams to quickly investigate, understand, and respond to threats with precision. By taking targeted actions like stopping compromised workloads,... Sysdig Blog https://webflow.sysdig.com/blog/risk-isnt-reduced-until-you-take-action-how-teams-resolve-issues-in-the-cloud Thu, 02 Apr 2026 00:00:00 +0000 Cloud Security https://isc.sans.edu/diary/rss/32854 Today, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something… think about persistence. They can us... SANS ISC https://isc.sans.edu/diary/rss/32854 Wed, 01 Apr 2026 20:09:43 +0000 Cloud Security https://www.infosecurity-magazine.com/news/google-android-dev-verification Android requires dev identity verification for sideloaded apps; phased global rollout from September Infosecurity Magazine https://www.infosecurity-magazine.com/news/google-android-dev-verification Wed, 01 Apr 2026 15:00:00 +0000 Identity https://www.darkreading.com/endpoint-security/venom-stealer-maas-commoditizes-clickfix-attacks A new service on the cybercrime market provides automated capabilities to create persistent information-stealing social engineering attacks. Dark Reading https://www.darkreading.com/endpoint-security/venom-stealer-maas-commoditizes-clickfix-attacks Wed, 01 Apr 2026 14:54:23 +0000 Scam https://thehackernews.com/2026/04/microsoft-warns-of-whatsapp-delivered.html Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to... The Hacker News https://thehackernews.com/2026/04/microsoft-warns-of-whatsapp-delivered.html Wed, 01 Apr 2026 19:40:00 +0530 Azure Threat Research https://www.infosecurity-magazine.com/news/venom-stealer-maas-automates-data Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration Infosecurity Magazine https://www.infosecurity-magazine.com/news/venom-stealer-maas-automates-data Wed, 01 Apr 2026 13:30:00 +0000 Scam https://isc.sans.edu/diary/rss/32856 This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 004 covered developments through March 30, includi... SANS ISC https://isc.sans.edu/diary/rss/32856 Wed, 01 Apr 2026 13:08:26 +0000 Supply Chain Threat Research https://thehackernews.com/2026/04/block-prompt-not-work-end-of-doctor-no.html There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to Deep... The Hacker News https://thehackernews.com/2026/04/block-prompt-not-work-end-of-doctor-no.html Wed, 01 Apr 2026 18:16:00 +0530 Cloud Security https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.html A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Hora... The Hacker News https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.html Wed, 01 Apr 2026 18:06:00 +0530 Phishing Threat Research https://www.cisa.gov/news-events/alerts/2026/04/01/cisa-adds-one-known-exploited-vulnerability-catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-5281 Google Dawn Use-After-Free Vulnerability This type of vulnerability i... CISA Current Activity https://www.cisa.gov/news-events/alerts/2026/04/01/cisa-adds-one-known-exploited-vulnerability-catalog Wed, 01 Apr 2026 12:00:00 +0000 CISA Vulnerability https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5... The Hacker News https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html Wed, 01 Apr 2026 17:12:00 +0530 Vulnerability https://www.schneier.com/blog/archives/2026/04/a-taxonomy-of-cognitive-security.html Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here , but—even better—Menton has a long essay laying out the bas... Schneier on Security https://www.schneier.com/blog/archives/2026/04/a-taxonomy-of-cognitive-security.html Wed, 01 Apr 2026 09:59:07 +0000 Cloud Security https://www.infosecurity-magazine.com/news/eight-10-uk-manufacturers-hit Most UK manufacturers compromised last year suffered financial loss, says ESET Infosecurity Magazine https://www.infosecurity-magazine.com/news/eight-10-uk-manufacturers-hit Wed, 01 Apr 2026 09:30:00 +0000 Cloud Security https://www.infosecurity-magazine.com/news/hackers-hijack-axios-npm-package Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn Infosecurity Magazine https://www.infosecurity-magazine.com/news/hackers-hijack-axios-npm-package Wed, 01 Apr 2026 09:00:00 +0000 Threat Research https://thehackernews.com/2026/04/google-attributes-axios-npm-supply.html Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspe... The Hacker News https://thehackernews.com/2026/04/google-attributes-axios-npm-supply.html Wed, 01 Apr 2026 13:14:00 +0530 Supply Chain https://www.elastic.co/security-labs/axios-supply-chain-compromise-detections Hunting and detection rules for the Elastic-discovered Axios supply chain compromise. Elastic Security Labs https://www.elastic.co/security-labs/axios-supply-chain-compromise-detections Wed, 01 Apr 2026 00:00:00 +0000 Supply Chain https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks TeamPCP continues its string of supply chain attacks, and announces a partnership with Vect ransomware group. The post Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure a... Palo Alto Networks Unit 42 https://unit42.paloaltonetworks.com/teampcp-supply-chain-attacks Tue, 31 Mar 2026 21:00:39 +0000 Ransomware Supply Chain https://www.darkreading.com/application-security/axios-npm-package-compromised-precision-attack The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors. Dark Reading https://www.darkreading.com/application-security/axios-npm-package-compromised-precision-attack Tue, 31 Mar 2026 20:55:13 +0000 Threat Research https://aws.amazon.com/blogs/security/new-compliance-guide-available-iso-iec-270012022-on-aws-compliance-guide We’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designing and operating an Information Security Management System (I... AWS Security Blog https://aws.amazon.com/blogs/security/new-compliance-guide-available-iso-iec-270012022-on-aws-compliance-guide Tue, 31 Mar 2026 20:36:56 +0000 AWS https://www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem Palo Alto Networks researchers show how attackers could exploit AI agents on Google's Vertex AI to steal data and break into restricted cloud infrastructure. Dark Reading https://www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem Tue, 31 Mar 2026 20:26:33 +0000 Vulnerability AI https://www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials. Dark Reading https://www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials Tue, 31 Mar 2026 20:02:28 +0000 AWS Azure Breach https://www.infosecurity-magazine.com/news/man-charged-uranium-crypto-hack Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds Infosecurity Magazine https://www.infosecurity-magazine.com/news/man-charged-uranium-crypto-hack Tue, 31 Mar 2026 15:30:00 +0000 Vulnerability https://www.darkreading.com/cybersecurity-operations/ai-and-quantum-are-forcing-a-rethink-of-digital-trust In a conversation with Dark Reading’s Terry Sweeney, DigiCert CEO Amit Sinha explains how AI-driven identities and quantum threats are reshaping the foundations of digital trust. Dark Reading https://www.darkreading.com/cybersecurity-operations/ai-and-quantum-are-forcing-a-rethink-of-digital-trust Tue, 31 Mar 2026 15:29:11 +0000 AI https://www.infosecurity-magazine.com/news/phantom-project-infostealer-nov-25 Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service Infosecurity Magazine https://www.infosecurity-magazine.com/news/phantom-project-infostealer-nov-25 Tue, 31 Mar 2026 14:00:00 +0000 Scam https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to... The Hacker News https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html Tue, 31 Mar 2026 18:39:00 +0530 GCP Vulnerability AI https://www.infosecurity-magazine.com/news/chatgpt-security-issue-steal-data OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole Infosecurity Magazine https://www.infosecurity-magazine.com/news/chatgpt-security-issue-steal-data Tue, 31 Mar 2026 13:01:00 +0000 Vulnerability https://blog.talosintelligence.com/ransomware-in-2025-blending-in-is-the-strategy A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. Cisco Talos https://blog.talosintelligence.com/ransomware-in-2025-blending-in-is-the-strategy Tue, 31 Mar 2026 10:00:02 +0000 Ransomware Identity https://www.infosecurity-magazine.com/news/ncsc-urges-immediate-patching-f5 The National Cyber Security Centre wants UK firms to patch CVE-2025-53521 Infosecurity Magazine https://www.infosecurity-magazine.com/news/ncsc-urges-immediate-patching-f5 Tue, 31 Mar 2026 08:45:00 +0000 Vulnerability https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attack A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows. Wiz Blog https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attack Tue, 31 Mar 2026 08:26:35 +0000 Supply Chain https://isc.sans.edu/diary/rss/32850 In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it means a total loss o... SANS ISC https://isc.sans.edu/diary/rss/32850 Tue, 31 Mar 2026 07:31:45 +0000 Cloud Security https://isc.sans.edu/diary/rss/32846 This is the fourth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x26;#;xa0;(v3.0, March 25, 2026). Update... SANS ISC https://isc.sans.edu/diary/rss/32846 Tue, 31 Mar 2026 00:52:44 +0000 Ransomware Supply Chain Threat Research https://www.elastic.co/security-labs/fake-installers-to-monero Elastic Security Labs dissects a long-running operation deploying RATs, cryptominers, and CPA fraud through fake installer lures, tracking its evolution across campaigns and Monero payouts. Elastic Security Labs https://www.elastic.co/security-labs/fake-installers-to-monero Tue, 31 Mar 2026 00:00:00 +0000 Scam Threat Research https://www.wiz.io/blog/tracking-teampcp-investigating-post-compromise-attacks-seen-in-the-wild How TeamPCP are leveraging stolen secrets from the recent supply chain attacks to compromise cloud environments Wiz Blog https://www.wiz.io/blog/tracking-teampcp-investigating-post-compromise-attacks-seen-in-the-wild Mon, 30 Mar 2026 23:54:14 +0000 Supply Chain https://www.darkreading.com/application-security/ai-driven-code-surge-is-forcing-a-rethink-of-appsec In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace. Dark Reading https://www.darkreading.com/application-security/ai-driven-code-surge-is-forcing-a-rethink-of-appsec Mon, 30 Mar 2026 18:42:33 +0000 AI https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt coul... The Hacker News https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html Mon, 30 Mar 2026 23:35:00 +0530 Vulnerability https://www.darkreading.com/cyber-risk/manufacturing-and-healthcare-share-struggles-with-passwords The two key economic sectors struggle with security for a reason: Many insiders view access management as a roadblock, while attackers see it as a way in. Dark Reading https://www.darkreading.com/cyber-risk/manufacturing-and-healthcare-share-struggles-with-passwords Mon, 30 Mar 2026 16:25:19 +0000 Cloud Security https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical rig... The Hacker News https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html Mon, 30 Mar 2026 19:26:00 +0530 AI https://www.wiz.io/blog/wiz-blue-agent-generally-available Accelerate your SecOps team with the Blue Agent for threat investigation, now Generally Available Wiz Blog https://www.wiz.io/blog/wiz-blue-agent-generally-available Mon, 30 Mar 2026 13:16:04 +0000 Cloud Security https://thehackernews.com/2026/03/3-soc-process-fixes-that-unlock-tier-1.html What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited... The Hacker News https://thehackernews.com/2026/03/3-soc-process-fixes-that-unlock-tier-1.html Mon, 30 Mar 2026 18:30:00 +0530 Cloud Security https://thehackernews.com/2026/03/russian-ctrl-toolkit-delivered-via.html Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according... The Hacker News https://thehackernews.com/2026/03/russian-ctrl-toolkit-delivered-via.html Mon, 30 Mar 2026 17:48:00 +0530 Cloud Security https://www.cisa.gov/news-events/alerts/2026/03/30/cisa-adds-one-known-exploited-vulnerability-catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-3055 Citrix NetScaler Out-of-Bounds Read Vulnerability This type of vulner... CISA Current Activity https://www.cisa.gov/news-events/alerts/2026/03/30/cisa-adds-one-known-exploited-vulnerability-catalog Mon, 30 Mar 2026 12:00:00 +0000 CISA Vulnerability https://www.infosecurity-magazine.com/news/european-commission-cloud-data The European Commission has revealed details of a data breach impacting its AWS infrastructure Infosecurity Magazine https://www.infosecurity-magazine.com/news/european-commission-cloud-data Mon, 30 Mar 2026 08:15:00 +0000 AWS Breach https://thehackernews.com/2026/03/three-china-linked-clusters-target.html Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the... The Hacker News https://thehackernews.com/2026/03/three-china-linked-clusters-target.html Mon, 30 Mar 2026 12:30:00 +0530 Threat Research https://blog.cloudflare.com/client-side-security-open-to-everyone We are opening our advanced Client-Side Security tools to all users, featuring a new cascading AI detection system. By combining graph neural networks and LLMs, we've reduced false positives by up to 200x while catchi... Cloudflare Blog https://blog.cloudflare.com/client-side-security-open-to-everyone Mon, 30 Mar 2026 06:00:00 +0000 AI https://thehackernews.com/2026/03/ta446-deploys-leaked-darksword-ios.html Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attribu... The Hacker News https://thehackernews.com/2026/03/ta446-deploys-leaked-darksword-ios.html Sat, 28 Mar 2026 12:37:00 +0530 Vulnerability Phishing Threat Research https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing ev... The Hacker News https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html Sat, 28 Mar 2026 12:37:00 +0530 CISA Vulnerability https://www.infosecurity-magazine.com/news/teampcp-targets-telnyx-pypi-package Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware Infosecurity Magazine https://www.infosecurity-magazine.com/news/teampcp-targets-telnyx-pypi-package Fri, 27 Mar 2026 15:06:00 +0000 Supply Chain Scam Threat Research https://thehackernews.com/2026/03/open-vsx-bug-let-malicious-vs-code.html Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass... The Hacker News https://thehackernews.com/2026/03/open-vsx-bug-let-malicious-vs-code.html Fri, 27 Mar 2026 19:27:00 +0530 Azure https://www.wiz.io/blog/wiz-achieves-microsoft-certified-software-designation Verified by Microsoft. Built for Azure. Secured by Wiz. Wiz Blog https://www.wiz.io/blog/wiz-achieves-microsoft-certified-software-designation Fri, 27 Mar 2026 13:38:43 +0000 Azure https://www.darkreading.com/threat-intelligence/infrastructure-attacks-physical-consequences-down Operational technology (OT) at industrial and critical infrastructure sites seem to have been benefitting from a lull in ransomware, and hackers' relative ignorance of OT systems. Dark Reading https://www.darkreading.com/threat-intelligence/infrastructure-attacks-physical-consequences-down Fri, 27 Mar 2026 13:30:00 +0000 Ransomware https://www.cisa.gov/news-events/alerts/2026/03/27/cisa-adds-one-known-exploited-vulnerability-catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability This type of vulnerabi... CISA Current Activity https://www.cisa.gov/news-events/alerts/2026/03/27/cisa-adds-one-known-exploited-vulnerability-catalog Fri, 27 Mar 2026 12:00:00 +0000 CISA Vulnerability https://thehackernews.com/2026/03/langchain-langgraph-flaws-expose-files.html Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. B... The Hacker News https://thehackernews.com/2026/03/langchain-langgraph-flaws-expose-files.html Fri, 27 Mar 2026 13:37:00 +0530 Vulnerability AI https://fortiguard.fortinet.com/threat-signal-report/6389 What is the Attack? Researchers from Google Threat Intelligence Group identified DarkSword, a sophisticated full-chain iOS exploit framework actively used by multiple surveillance vendors and suspected state-sponsored... FortiGuard Labs https://fortiguard.fortinet.com/threat-signal-report/6389 Thu, 26 Mar 2026 20:54:34 -0700 Vulnerability Threat Research https://www.elastic.co/security-labs/brushworm-targets-financial-services Elastic Security Labs observed two custom malware components targeting a South Asian financial institution: a modular backdoor with USB-based spreading and a DLL-side-loaded keylogger. Elastic Security Labs https://www.elastic.co/security-labs/brushworm-targets-financial-services Fri, 27 Mar 2026 00:00:00 +0000 Cloud Security https://aws.amazon.com/blogs/security/preparing-for-agentic-ai-a-financial-services-approach Deploying agentic AI in financial services requires additional security controls that address AI-specific risks. This post walks you through comprehensive observability and fine-grained access controls—two critical ca... AWS Security Blog https://aws.amazon.com/blogs/security/preparing-for-agentic-ai-a-financial-services-approach Thu, 26 Mar 2026 22:00:45 +0000 AWS AI https://unit42.paloaltonetworks.com/espionage-campaigns-target-se-asian-government-org Unit 42 uncovers multiple clusters of cyberespionage targeting a Southeast Asian government organization with USBFect, RATs and loaders. The post Converging Interests: Analysis of Threat Clusters Targeting a Southeast... Palo Alto Networks Unit 42 https://unit42.paloaltonetworks.com/espionage-campaigns-target-se-asian-government-org Thu, 26 Mar 2026 22:00:32 +0000 Cloud Security https://blog.talosintelligence.com/tp-link-canva-hikvision-vulnerabilities Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by the... Cisco Talos https://blog.talosintelligence.com/tp-link-canva-hikvision-vulnerabilities Thu, 26 Mar 2026 18:34:26 +0000 Vulnerability https://thehackernews.com/2026/03/china-linked-red-menshen-uses-stealthy.html A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves im... The Hacker News https://thehackernews.com/2026/03/china-linked-red-menshen-uses-stealthy.html Thu, 26 Mar 2026 23:10:00 +0530 Threat Research https://www.infosecurity-magazine.com/news/ai-generated-code-vulnerabilities Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code Infosecurity Magazine https://www.infosecurity-magazine.com/news/ai-generated-code-vulnerabilities Thu, 26 Mar 2026 16:40:00 +0000 AI https://thehackernews.com/2026/03/webinar-stop-guessing-learn-to-validate.html Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defe... The Hacker News https://thehackernews.com/2026/03/webinar-stop-guessing-learn-to-validate.html Thu, 26 Mar 2026 18:42:00 +0530 Cloud Security https://blog.talosintelligence.com/cybersecuritys-double-header-2025-insights-from-talos-and-splunk This episode of Talos Takes breaks down the 2025 Year in Review as well as Splunk's Top 50 Cybersecurity Threats report. Cisco Talos https://blog.talosintelligence.com/cybersecuritys-double-header-2025-insights-from-talos-and-splunk Thu, 26 Mar 2026 12:48:18 +0000 Cloud Security https://www.infosecurity-magazine.com/news/openai-bug-bounty-ai-abuse-safety OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws Infosecurity Magazine https://www.infosecurity-magazine.com/news/openai-bug-bounty-ai-abuse-safety Thu, 26 Mar 2026 12:20:00 +0000 AI https://www.cisa.gov/news-events/alerts/2026/03/26/cisa-adds-one-known-exploited-vulnerability-catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33634 Aqua Security Trivy Embedded Malicious Code Vulnerability This type... CISA Current Activity https://www.cisa.gov/news-events/alerts/2026/03/26/cisa-adds-one-known-exploited-vulnerability-catalog Thu, 26 Mar 2026 12:00:00 +0000 CISA Vulnerability https://www.schneier.com/blog/archives/2026/03/as-the-us-midterms-approach-ai-is-going-to-emerge-as-a-key-issue-concerning-voters.html In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action poi... Schneier on Security https://www.schneier.com/blog/archives/2026/03/as-the-us-midterms-approach-ai-is-going-to-emerge-as-a-key-issue-concerning-voters.html Thu, 26 Mar 2026 11:06:39 +0000 AI https://www.infosecurity-magazine.com/news/iranlinked-pay2key-ransomware Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key Infosecurity Magazine https://www.infosecurity-magazine.com/news/iranlinked-pay2key-ransomware Thu, 26 Mar 2026 10:45:00 +0000 Ransomware https://www.infosecurity-magazine.com/news/invoice-fraud-uk-construction The National Crime Agency has warned construction firms about surging invoice fraud Infosecurity Magazine https://www.infosecurity-magazine.com/news/invoice-fraud-uk-construction Thu, 26 Mar 2026 10:07:00 +0000 Scam https://www.elastic.co/security-labs/illuminating-voidlink Elastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain persistence. Elastic Security Labs https://www.elastic.co/security-labs/illuminating-voidlink Thu, 26 Mar 2026 00:00:00 +0000 Cloud Security https://www.darkreading.com/cyber-risk/rsac-eu-leads-us-officials-sidelined While US government sits out this year, EU officials are on the ground in San Francisco leading the conversations on today's top cybersecurity challenges. Dark Reading https://www.darkreading.com/cyber-risk/rsac-eu-leads-us-officials-sidelined Wed, 25 Mar 2026 21:52:38 +0000 Cloud Security https://www.wiz.io/blog/introducing-wiz-workflows Orchestrate customizable workflows with agents, enabling end-to-end discovery and response in Wiz Wiz Blog https://www.wiz.io/blog/introducing-wiz-workflows Wed, 25 Mar 2026 17:17:03 +0000 Cloud Security https://www.darkreading.com/cyberattacks-data-breaches/phishers-pose-palo-alto-networks-recruiters-job-scam A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles. Dark Reading https://www.darkreading.com/cyberattacks-data-breaches/phishers-pose-palo-alto-networks-recruiters-job-scam Wed, 25 Mar 2026 15:05:52 +0000 Jobs Scam Threat Research