Information security
Information security

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA added five security flaws to its KEV catalog, urging federal agencies to patch them by April 3, 2026.

fromwww.scientificamerican.com

GlassWorm malware hides in invisible open-source code

Invisible Unicode characters can hide malicious code, compromising open-source components and challenging trust in software development.

fromMail Online

Information security

FBI exposes three signs your smart devices have been secretly hijacked

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

A supply chain attack on Trivy scanner has led to the emergence of CanisterWorm, compromising numerous npm packages.

In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting

Unprotected databases and vulnerabilities in KVM devices highlight ongoing cybersecurity threats and the need for vigilance in protecting sensitive information.

3 hours ago

Russians posing as Signal support to launch phishing raids

Russian intelligence is using fake customer support on messaging apps to conduct phishing attacks on high-value targets.

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA added five security flaws to its KEV catalog, urging federal agencies to patch them by April 3, 2026.

fromwww.scientificamerican.com

GlassWorm malware hides in invisible open-source code

Invisible Unicode characters can hide malicious code, compromising open-source components and challenging trust in software development.

fromMail Online

FBI exposes three signs your smart devices have been secretly hijacked

Cybercriminals can hijack smart devices, leading to increased data usage and internet charges, while turning devices into part of a botnet.

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

A supply chain attack on Trivy scanner has led to the emergence of CanisterWorm, compromising numerous npm packages.

In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting

Unprotected databases and vulnerabilities in KVM devices highlight ongoing cybersecurity threats and the need for vigilance in protecting sensitive information.

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications targeting individuals of high intelligence value.

fromBusiness Matters

Information security

How to build an effective employee phishing training program in 2026

Effective employee phishing training programs focus on behavior change and continuous education to reduce security risks and improve reporting rates.

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications targeting individuals of high intelligence value.

fromBusiness Matters

How to build an effective employee phishing training program in 2026

Effective employee phishing training programs focus on behavior change and continuous education to reduce security risks and improve reporting rates.

Critical Quest KACE Vulnerability Potentially Exploited in Attacks

CVE-2025-32975 allows unauthenticated access to Quest KACE SMA, leading to potential administrative takeover; organizations must patch immediately.

fromFortune

Companies are now on the front lines of war. They need to act like it | Fortune

Iran's current campaign reflects a deliberate shift toward attacking economic infrastructure and commercial actors. Data centers in the Gulf have faced physical, cyber, and hybrid strikes aimed at disrupting the digital backbone of global commerce.

Information security

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle released security updates for a critical vulnerability in Identity Manager and Web Services Manager that allows remote code execution.

fromComputerworld

CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

CISA urges organizations to harden endpoint management system configurations, particularly Microsoft Intune, following a pro-Iranian threat actor's compromise of Stryker's systems.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Aqua Security's Trivy vulnerability scanner has been compromised, affecting developers and organizations using it.

Information security

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Widely used Trivy scanner compromised in ongoing supply-chain attack

Aqua Security's Trivy vulnerability scanner has been compromised, affecting developers and organizations using it.

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, an open-source vulnerability scanner, was compromised twice in a month, delivering malware that stole sensitive CI/CD secrets.

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

AI is transforming cybercrime by enabling personalized phishing, deepfakes, and malware that evade traditional security measures.

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Threat actors exploited a critical Langflow vulnerability for remote code execution within 20 hours of its public disclosure.

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw in Langflow allows unauthenticated remote code execution, exploited within 20 hours of disclosure.

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Threat actors exploited a critical Langflow vulnerability for remote code execution within 20 hours of its public disclosure.

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical security flaw in Langflow allows unauthenticated remote code execution, exploited within 20 hours of disclosure.

Cohesity embeds Sophos malware scanning in Data Cloud

Cohesity integrates Sophos malware scanning into Data Cloud to detect hidden threats in backup data, enhancing recovery confidence post-cyberattacks.

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

The U.S. Department of Justice disrupted several IoT botnets, including AISURU and Kimwolf, in a coordinated international law enforcement operation.

fromZDNET

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard introduces AI-powered Factory 2.0 to enhance programming security and automate vulnerability management.

Feds disrupt IoT botnets behind record-breaking DDoS attacks

The US government disrupted major IoT botnets responsible for record DDoS attacks, compromising over three million devices worldwide.

Cryptographer fights RustSec ban over bug reports

Nadim Kobeissi filed a complaint against Rust maintainers over critical bugs in cryptography libraries after facing dismissal and bans.

fromWIRED

US Takes Down Botnets Used in Record-Breaking Cyberattacks

The US Department of Justice, working with the cybercrime-fighting agency within the US Department of Defense known as the Defense Criminal Investigative Service, announced that it had dismantled four massive botnets in a single operation, removing the command-and-control servers used to commandeer the hacker-run armies of compromised devices known by the names JackSkid, Mossad, Aisuru, and Kimwolf.

Information security

Thousands of Magento Sites Hit in Ongoing Defacement Campaign

Over 7,500 Magento sites were defaced in a campaign exploiting file upload vulnerabilities, affecting global brands and various organizations.

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

A critical security flaw in Magento's REST API allows unauthenticated attackers to upload malicious executables, risking code execution and account takeover.

Thousands of Magento Sites Hit in Ongoing Defacement Campaign

Over 7,500 Magento sites were defaced in a campaign exploiting file upload vulnerabilities, affecting global brands and various organizations.

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

A critical security flaw in Magento's REST API allows unauthenticated attackers to upload malicious executables, risking code execution and account takeover.

more#magento

MS update kills Microsoft account sign-ins in Windows 11

This issue occurs when the device enters a specific network connectivity state, and may resolve on its own. A restart should also fix it, provided the device is online at the time.

Information security

Allure Security Raises $17 Million for Online Brand Protection

Allure Security raised $17 million in Series B funding, totaling $43 million, to enhance its AI platform for brand protection against fraud.

#ddos-attacks

Information security

Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation

AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks

Layer 7 DDoS attacks surge while Layer 3/4 attacks scale massively, with API and web application attacks converging into coordinated multi-vector campaigns powered by AI.

Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation

The US Justice Department disrupted several IoT botnets used for DDoS attacks, targeting Aisuru, Kimwolf, JackSkid, and Mossad.

AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks

Layer 7 DDoS attacks surge while Layer 3/4 attacks scale massively, with API and web application attacks converging into coordinated multi-vector campaigns powered by AI.

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US | TechCrunch

A cyberattack on Intoxalock has stranded drivers nationwide by preventing vehicle breathalyzer calibrations.

Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach

Stryker cyberattack involved compromised administrator credentials obtained through infostealer malware, enabling attackers to abuse Microsoft Intune for device wiping.

fromTechCrunch

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US | TechCrunch

A cyberattack on Intoxalock has stranded drivers nationwide by preventing vehicle breathalyzer calibrations.

Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach

Stryker cyberattack involved compromised administrator credentials obtained through infostealer malware, enabling attackers to abuse Microsoft Intune for device wiping.

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

fromZDNET

I tested NordVPN's free scam checker against a real threat in my inbox - here's how it did

NordVPN launched a free AI-powered scam checker tool that detects suspicious links, files, text, and images by identifying malicious databases and common scam patterns like scare tactics and artificial urgency.

Critical ScreenConnect Vulnerability Exposes Machine Keys

ConnectWise released a security update for ScreenConnect addressing CVE-2026-3564, a critical vulnerability allowing attackers to access cryptographic machine keys by encrypting previously exposed cryptographic material in server configuration files.

#microsoft-intune-security

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Speagle malware hijacks Cobra DocGuard infrastructure to harvest and exfiltrate sensitive data while masking communications as legitimate server traffic.

Major warning: Secure your Microsoft environment

CISA warns organizations to strengthen Microsoft Intune security after attackers exploited the platform in a Stryker cyberattack, gaining administrative access and disrupting healthcare operations.

Microsoft Intune: Lock it down, warn feds after Stryker

Iran-linked Handala attacked Stryker using compromised Microsoft Intune to wipe devices; CISA urges companies to implement least privilege access controls and follow Microsoft security best practices.

Major warning: Secure your Microsoft environment

CISA warns organizations to strengthen Microsoft Intune security after attackers exploited the platform in a Stryker cyberattack, gaining administrative access and disrupting healthcare operations.

more#microsoft-intune-security

Microsoft Intune: Lock it down, warn feds after Stryker

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword, a new iOS exploit kit targeting iPhones running iOS 18.4-18.7, has been deployed by multiple threat actors since November 2025 to steal credentials and cryptocurrency wallet data.

Snoops plant info-stealing malware on iPhones, Google warns

DarkSword exploit kit targets iOS 18.4-18.7, exploiting six vulnerabilities to deploy backdoors stealing messages, location data, cryptocurrency wallets, and account credentials from iPhone users.

'DarkSword' iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

Security researchers discovered DarkSword, a sophisticated iOS exploit kit used by Russian state-sponsored hackers and commercial spyware vendors to compromise Apple devices with minimal user interaction.

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword, a new iOS exploit kit targeting iPhones running iOS 18.4-18.7, has been deployed by multiple threat actors since November 2025 to steal credentials and cryptocurrency wallet data.

Snoops plant info-stealing malware on iPhones, Google warns

DarkSword exploit kit targets iOS 18.4-18.7, exploiting six vulnerabilities to deploy backdoors stealing messages, location data, cryptocurrency wallets, and account credentials from iPhone users.

'DarkSword' iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

Unknown attackers exploit another critical SharePoint bug

Unknown attackers are actively exploiting CVE-2026-20963, a critical Microsoft SharePoint deserialization vulnerability that enables unauthenticated remote code execution, prompting CISA to mandate federal agency patching within three days.

fromComputerWeekly.com

Apple issues first Background patch for WebKit browser flaw | Computer Weekly

Apple released a security update addressing CVE-2026-20643, a WebKit vulnerability allowing attackers to bypass the Same Origin Policy and access data from other websites through maliciously crafted web content.

New Apple Hack: Up to 270M iPhones Vulnerable to 'DarkSword' Exploit

DarkSword, a powerful iPhone exploit kit discovered on compromised Ukrainian websites, silently compromises unpatched iPhones through watering hole attacks without leaving traditional traces.

Hundreds of millions of iPhones can be hacked with a new tool found in the wild

DarkSword, a sophisticated iPhone hacking technique discovered in use by Russian hackers, can silently compromise hundreds of millions of iOS devices running older operating system versions through infected websites.

fromWIRED

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A sophisticated iPhone hacking technique called DarkSword enables attackers to silently compromise iOS devices through infected websites, affecting hundreds of millions of users running older iOS versions.

fromTechRepublic

New Apple Hack: Up to 270M iPhones Vulnerable to 'DarkSword' Exploit

DarkSword, a powerful iPhone exploit kit discovered on compromised Ukrainian websites, silently compromises unpatched iPhones through watering hole attacks without leaving traditional traces.

Hundreds of millions of iPhones can be hacked with a new tool found in the wild

fromWIRED

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks

Cisco firewall vulnerability CVE-2026-20131 was exploited as a zero-day by Interlock cybercrime group since January 26, before the March 4 patch announcement.

Russian APT Exploits Zimbra Vulnerability Against Ukraine

Russian state-sponsored actors exploited a high-severity XSS vulnerability in Zimbra Collaboration to attack Ukraine, stealing credentials and mailbox data through malicious email scripts.

fromTNW | Startups-Technology

TACEO launches its private execution network

TACEO Network enables organizations to share digital infrastructure and perform computations on encrypted data without exposing sensitive information to other participants.

fromInfoQ

AI Model Discovers 22 Firefox Vulnerabilities in Two Weeks

Claude Opus 4.6 discovered 22 security vulnerabilities in Firefox within two weeks, with 14 classified as high-severity, demonstrating AI's capability to identify security flaws in established codebases faster than human researchers.

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

Four chained vulnerabilities in BMC FootPrints enable pre-authentication remote code execution through authentication bypass, Java deserialization, and SSRF flaws.

#ai-agent-security

Information security

Chainguard introduces a secure catalog for agent skills

Information security

Okta made a nightmare micromanager for your AI agents

OpenClaw bypasses security layers and reveals new attack vectors

AI-driven agents can be exploited to perform malicious actions through legitimate-appearing instructions that bypass traditional security tools like EDR, DLP, and IAM.

Chainguard introduces a secure catalog for agent skills

Chainguard launches Agent Skills service to secure AI agent components in software development, addressing supply chain vulnerabilities from malicious skills shared across open platforms.

Okta made a nightmare micromanager for your AI agents

Okta launched Okta for AI Agents, enabling organizations to discover, monitor, and disable AI agents through centralized identity and access management controls.

OpenClaw bypasses security layers and reveals new attack vectors

AI-driven agents can be exploited to perform malicious actions through legitimate-appearing instructions that bypass traditional security tools like EDR, DLP, and IAM.

more#ai-agent-security

CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability

Microsoft SharePoint vulnerability CVE-2026-20963, a critical remote code execution flaw, is being exploited in the wild despite Microsoft's assessment indicating exploitation is less likely.

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Perseus, a new Android malware evolved from Cerberus and Phoenix, actively targets users through dropper apps for device takeover and financial fraud, with primary focus on Turkey and Italy.

54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security

Ransomware gangs, especially those with ransomware-as-a-service (RaaS) programs, frequently produce new builds of their encryptors, and ensuring that each new build is reliably undetected can be time-consuming. More importantly, encryptors are inherently very noisy (as they inherently need to modify a large number of files in a short period); making such malware undetected is rather challenging.

Information security

Nile launches zero-trust fabric with micro-segmentation

Nile's zero-trust Secure Network-as-a-Service platform reduces security breaches by 60 percent through identity-based micro-segmentation integrated directly into network architecture.

1stProtect Emerges From Stealth With $20 Million in Funding

1stProtect launched with $20 million in funding, offering an endpoint security platform that prevents cyberattacks by monitoring system behavior and enforcing security policies at the operating system level in real time.

Rubrik adds Google Workspace backup with air-gapped protection

Rubrik launched Data Protection for Google Workspace with air-gapped backups, rapid recovery capabilities, and identity resilience protection across Gmail, Google Drive, and Okta environments.

fromMedium

Your AWS Credentials Are Still on GitHub Even After You Delete Them

Prevent credential exposure through .gitignore, environment variables, git-secrets pre-commit hooks, and AWS IAM roles instead of hardcoding credentials in code.

fromKotaku

Gacha Game Distributes Malware, Apologizes With 10 Free Pulls

Umbral Stealer is an infostealer virus that can record keystrokes and take screenshots. In basic terms, it attempts to harvest sensitive information from the machines it infects, as it's primarily geared towards stealing users' passwords and cryptocurrency. The virus was distributed via a patch to Duet Night Abyss' launcher, which went live on Steam at 7:39 am UTC on March 18.

Information security

Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches

All analyzed companies operate AI-enabled SaaS environments, with organizations averaging 140 such applications, creating cascading breach risks across interconnected systems.

The Collapse of Predictive Security in the Age of Machine-Speed Attacks

Cybercrime has industrialized to exploit vulnerabilities faster than defenders can predict and patch, requiring a shift from predictive to preemptive security strategies.

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Interlock ransomware exploits critical Cisco Secure Firewall vulnerability CVE-2026-20131 as zero-day since January 26, 2026, enabling unauthenticated remote code execution with root privileges.

GlassWorm malware surfaces in development environments

GlassWorm operation compromised over 400 software components across GitHub, npm, and development marketplaces using supply-chain attacks and blockchain-based command-and-control infrastructure.

Linux Foundation Receives $12.5 Million for Open Source Security

The Linux Foundation receives $12.5 million in grants from major tech companies to address security challenges in open source software caused by AI-generated vulnerability reports overwhelming maintainers.

Ransomware crims abused Cisco 0-day weeks before disclosure

Ransomware group Interlock exploited CVE-2026-20131 in Cisco Secure Firewall Management Center for 36 days before Cisco's patch, enabling remote code execution as root on vulnerable devices.

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

Nine critical vulnerabilities in low-cost IP KVM devices from multiple manufacturers allow unauthenticated attackers to gain root access and control compromised systems at the BIOS/UEFI level.

Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels

Security teams struggle to connect isolated tool data into coherent attack paths; CSMA platforms unify security tools to discover and prioritize viable threats to critical assets.

fromThe Cipher Brief

America Is Digitally Fragile - and Our Adversaries Know It

America faces unprecedented vulnerability as critical infrastructure systems are digitally dependent and interconnected, while adversaries possess capabilities to penetrate and pre-position for exploitation before conflict begins.

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

OFAC sanctioned six individuals and two entities for operating a North Korean IT worker scheme that defrauds U.S. businesses and generates illicit revenue for weapons of mass destruction programs.

fromFortune

Exclusive: RunSybil, a startup using AI to automate penetration testing, raises $40M in VC funding in round led by Khosla Ventures | Fortune

RunSybil secured $40 million in funding to deploy AI agents that autonomously conduct continuous penetration testing on live software systems to identify security vulnerabilities.

fromTechCrunch

Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools | TechCrunch

Russian-linked hackers deployed Darksword spyware targeting Ukrainian iPhone users to steal personal data and cryptocurrency, revealing advanced iPhone exploits may be more prevalent than previously believed.

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart attacks hide malicious code in dynamically loaded third-party assets and EXIF metadata, bypassing repository-based static analysis tools like Claude Code Security because the code never enters the source repository.

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content.

Information security

Iran cyberattack against med tech firm 'just the beginning'

Iran is escalating cyber-attacks against US companies as military capabilities diminish, with the Stryker attack marking the first destructive cyberattack on a US corporation during the conflict.

fromSecuritymagazine

Threat Actors Target the Entire Retail Supply Chain

Threat actors exploit shared supply chain vulnerabilities between wholesalers and retailers, with over 70% of retailers and 60% of wholesalers having exposed credentials, enabling widespread initial access.

Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit

This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles. While the exploit requires a specific time-based window (10-30 days), the resulting impact is a complete compromise of the host system.

Information security

Manifold Raises $8 Million for AI Detection and Response

Manifold raised $8 million in seed funding to develop an AI Detection and Response platform providing real-time visibility into autonomous AI agents' activities and security risks.

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.

fromTechRepublic

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Attacker-controlled text in emails can manipulate Microsoft Copilot summaries through cross-prompt injection attacks, inserting deceptive alerts into trusted AI interfaces that users find more convincing than suspicious emails.

fromDevOps.com

Harness Extends AI Security Reach Across Entire DevOps Workflow - DevOps.com

Harness launched AI security capabilities including automatic code securing during AI-assisted development and a module discovering, testing, and protecting AI components within applications.

Harness secures AI code and AI apps with two new modules

Harness launches AI Security and Secure AI Coding modules to detect, test, and protect AI components throughout the application lifecycle while scanning AI-generated code for vulnerabilities in real time.

Manifold Raises $8 Million for AI Detection and Response

Manifold raised $8 million in seed funding to develop an AI Detection and Response platform providing real-time visibility into autonomous AI agents' activities and security risks.

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.

fromTechRepublic

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

fromDevOps.com

Harness Extends AI Security Reach Across Entire DevOps Workflow - DevOps.com

Harness launched AI security capabilities including automatic code securing during AI-assisted development and a module discovering, testing, and protecting AI components within applications.

Harness secures AI code and AI apps with two new modules

OpenClaw, the Fastest-Adopted Software Ever, Is Also a Security Blind Spot

OpenClaw, an open-source AI agent running locally without admin privileges, poses unprecedented security risks by accessing all employee systems simultaneously with persistent memory across sessions.

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Amazon Bedrock AgentCore Code Interpreter's sandbox allows outbound DNS queries, enabling attackers to exfiltrate data and establish command-and-control channels despite network isolation configuration.

fromZDNET

As AI agents spread, 1Password's new tool tackles a rising security threat

AI agents require credentials to access systems, creating enterprise security risks similar to managing human employee access, necessitating unified credential management solutions.

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

LeakNet ransomware group uses ClickFix social engineering via compromised websites for initial access, employing a Deno-based C2 loader to execute payloads in memory, followed by consistent post-exploitation sequences detectable before ransomware deployment.

fromBleepingComputer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

GlassWorm supply-chain campaign compromised 433 components across GitHub, npm, and VSCode/OpenVSX, using a single Solana blockchain address for command-and-control across coordinated attacks targeting cryptocurrency wallets and developer credentials.

fromTNW | Google

Big Tech signs Industry Accord Against Online Scams

Eleven major companies committed to sharing threat intelligence and coordinating defenses against AI-driven fraud through Google's Global Signal Exchange platform.

Researchers disclose vulnerabilities in IP KVMs from four manufacturers

IP KVMs pose severe network security risks because compromising them enables attackers to bypass system security and access remotely managed servers.

fromComputerWeekly.com

Beyond integration theatre: Building stronger cyber platforms | Computer Weekly

Integration layers between security platforms, not the platforms themselves, have become the primary enterprise security risk requiring rigorous governance of delegated trust.