no alarms and no surprises please..
-
Stranger Things Meets Cybersecurity: Lessons from the Hive Mind
Stranger Things Meets Cybersecurity: Lessons from the Hive Mind Events and concepts from the Stranger Things television series illustrate how enterprises can defend their networks and stay “right side up.” Nadir Izrael Go to gbhackers.com
-
Iranian APT Groups Intensify Cyberattacks on Critical Infrastructure Amid Rising Geopolitical Tensions
Iranian APT Groups Intensify Cyberattacks on Critical Infrastructure Amid Rising Geopolitical Tensions A dramatic escalation in Middle Eastern tensions began last week with Operation Lion’s Roar, a joint U.S.-Israeli military strike on Iranian nuclear and military… Go to gbhackers.com
-
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks Ransomware operators are increasingly abusing Microsoft’s trusted Azure data transfer utility, AzCopy, to quietly exfiltrate sensitive data before encryption, turning a routine cloud migration… Go to gbhackers.com
-
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution A high-severity security vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local user to execute arbitrary… Go to gbhackers.com
-
CISA Warns of VMware Aria Operations Vulnerability Actively Exploited in Attacks
CISA Warns of VMware Aria Operations Vulnerability Actively Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware Aria Operations to its Known Exploited Vulnerabilities (KEV)… Go to gbhackers.com
-
Phishing Campaign Uses Google Cloud to Host Malicious Redirects via GCS Bucket
Phishing Campaign Uses Google Cloud to Host Malicious Redirects via GCS Bucket A sophisticated phishing campaign has recently emerged, leveraging Google Cloud’s trusted infrastructure to host malicious redirects. The campaign’s technical structure leverages Google Cloud Storage… Go to gbhackers.com
-
CISA flags VMware Aria Operations RCE flaw as exploited in attacks
CISA flags VMware Aria Operations RCE flaw as exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. […] Lawrence Abrams Go to bleepingcomputer
-
Paint maker giant AkzoNobel confirms cyberattack on U.S. site
Paint maker giant AkzoNobel confirms cyberattack on U.S. site The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites. […] Bill Toulas Go to bleepingcomputer
-
Facebook accounts unavailable in worldwide outage
Facebook accounts unavailable in worldwide outage Social media giant Facebook is currently experiencing a massive worldwide outage, preventing users from accessing their accounts. […] Lawrence Abrams Go to bleepingcomputer
-
Microsoft: Hackers abuse OAuth error flows to spread malware
Microsoft: Hackers abuse OAuth error flows to spread malware Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. […] Bill Toulas Go to bleepingcomputer
-
Google Chrome shifts to two-week release cycle for increased stability
Google Chrome shifts to two-week release cycle for increased stability Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. […] Bill Toulas Go to bleepingcomputer
-
CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks
CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks A critical vulnerability affecting VMware Aria Operations has been added to the Known Exploited Vulnerabilities (KEV) catalog. Broadcom recently issued a security advisory detailing a flaw that allows unauthenticated attackers to execute arbitrary commands. Organizations are urged to implement mitigations or discontinue use of the…
-
Malicious Packages Disguised as Laravel Utilities Deploy PHP RAT and Enables Remote Access
Malicious Packages Disguised as Laravel Utilities Deploy PHP RAT and Enables Remote Access A supply chain attack targeting the PHP developer community has surfaced through Packagist, the official package repository for PHP and Laravel projects. Threat actor nhattuanbl published several packages that disguised a fully functional remote access trojan (RAT) inside what looked like standard Laravel utility…
-
Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity
Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention is performed. System administrators across Reddit’s r/sysadmin community are raising alarms as the issue originally observed during Windows 10-to-11 migrations has…
-
Coruna Exploit Kit With 23 Exploits Hacked Thousands of iPhones
Coruna Exploit Kit With 23 Exploits Hacked Thousands of iPhones Google’s Threat Intelligence Group (GTIG) has uncovered Coruna, a sophisticated iOS exploit kit containing 23 exploits across five full exploit chains that compromised thousands of iPhones running iOS 13.0 through 17.2.1 throughout 2025. The Coruna exploit kit is an advanced, modular iOS attack framework discovered…
-
SloppyLemming Espionage Campaign Uses BurrowShell Backdoor and Rust RAT to Hit Pakistan and Bangladesh Targets
SloppyLemming Espionage Campaign Uses BurrowShell Backdoor and Rust RAT to Hit Pakistan and Bangladesh Targets A suspected India-aligned threat group known as SloppyLemming has been conducting a sustained espionage campaign against government agencies, defense organizations, nuclear oversight bodies, and critical infrastructure operators in Pakistan and Bangladesh. Active since 2021 and also tracked as Outrider Tiger…
-
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been…
-
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five…
-
Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the…
-
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP…
-
AI Agents: The Next Wave Identity Dark Matter – Powerful, Invisible, and Unmanaged
AI Agents: The Next Wave Identity Dark Matter – Powerful, Invisible, and Unmanaged The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can…
-
Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies
Hacktivist campaigns increase as United States, Iran, and Israel conflict intensifies Rising tensions have sparked an increase in regional hacktivist activity, but impact has been minimal Categories: Threat Research Tags: hacktivism, Iran, israel, Operation Epic Fury Go to sophos
-
ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)
ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
Bruteforce Scans for CrushFTP , (Tue, Mar 3rd) CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape the VFS sandbox and achieve…
-
They seized $4.8m in crypto… then gave the master key to the internet
They seized $4.8m in crypto… then gave the master key to the internet South Korea’s National Tax Service (NTS) has found itself in the middle of a deeply embarrassing – and costly – blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet. Read more in my article on the Hot for…
-
171: Melody Fraud
171: Melody Fraud What if the music charts you see aren’t real? What if the numbers that define success can be manufactured? We talked to Andrew, a man who has spent his career on both sides of this battle. He once profited from the loopholes in streaming platforms, but now, his job is to close…
-
Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate
Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants.…
-
Vehicle Tire Pressure Sensors Enable Silent Tracking
Vehicle Tire Pressure Sensors Enable Silent Tracking Like many other features and systems in modern cars, tire pressure sensors leak sensitive data that can be abused by threat actors. Jai Vijayan Go to gbhackers.com
-
Qualcomm Zero-Day Exploited in Targeted Android Attacks
Qualcomm Zero-Day Exploited in Targeted Android Attacks The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. Alexander Culafi Go to gbhackers.com
-
Speakeasies to Shadow AI: Banning AI Browsers Will Fail
Speakeasies to Shadow AI: Banning AI Browsers Will Fail Lessons from history highlight why AI-enabled browsers require controlled enablement. Or Eshed Go to gbhackers.com
-
AI Agent Overload: How to Solve the Workload Identity Crisis
AI Agent Overload: How to Solve the Workload Identity Crisis Workloads keep getting more complicated and organizations are struggling to keep up. So what’s the play? Alexander Culafi Go to gbhackers.com
-
As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks
As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks Iran and its supporters have taken to cyberspace to retaliate for US-Israeli military action, with an aim to cause economic and physical disruption. Elizabeth Montalbano Go to gbhackers.com
-
Fortinet FortiGate Devices Targeted by CyberStrikeAI, Allowing Hackers to Bypass Security
Fortinet FortiGate Devices Targeted by CyberStrikeAI, Allowing Hackers to Bypass Security Threat intelligence researchers at Team Cymru have uncovered an open-source AI-powered offensive security tool called CyberStrikeAI, actively used to target Fortinet FortiGate devices at… Go to gbhackers.com
-
Hackers Exploit Telegram for Initial Access to Corporate VPN, RDP, and Cloud Systems
Hackers Exploit Telegram for Initial Access to Corporate VPN, RDP, and Cloud Systems Hackers are increasingly abusing Telegram as an initial access marketplace, turning stealer logs and leaked credentials into direct entry points for corporate VPN, RDP,… Go to gbhackers.com
-
Epic Fury Cyber Shock: Iran’s Internet Down, Hacktivists Hit Back
Epic Fury Cyber Shock: Iran’s Internet Down, Hacktivists Hit Back On Feb. 28, 2026, the United States and Israel launched coordinated military operations against Iran, codenamed Operation Epic Fury by the U.S. and Operation… Go to gbhackers.com
-
MS-Agent Vulnerability Exposes AI Agents to Remote Hijacking, Granting Full System Control
MS-Agent Vulnerability Exposes AI Agents to Remote Hijacking, Granting Full System Control A critical vulnerability has been discovered in the MS-Agent framework, a lightweight software tool used to build and run autonomous AI agents. Tracked as… Go to gbhackers.com
-
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads
Malvertising Campaign Spreads AMOS ‘malext’ macOS Infostealer via Fake Text-Sharing Ads A large-scale malvertising operation targets macOS users with fake Google Ads leading to malicious text-sharing sites. These lures deliver the AMOS infostealer variant, dubbed… Go to gbhackers.com
-
UH Cancer Center data breach affects nearly 1.2 million people
UH Cancer Center data breach affects nearly 1.2 million people The University of Hawaii confirmed that a ransomware gang stole the data of nearly 1.2 million individuals in August 2025 after breaching its Cancer Center’s Epidemiology Division. […] Sergiu Gatlan Go to bleepingcomputer
-
Android gets patches for Qualcomm zero-day exploited in attacks
Android gets patches for Qualcomm zero-day exploited in attacks Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. […] Sergiu Gatlan Go to bleepingcomputer
-
CyberStrikeAI tool adopted by hackers for AI-powered attacks
CyberStrikeAI tool adopted by hackers for AI-powered attacks Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. […] Lawrence Abrams Go to bleepingcomputer
-
Fake Google Security site uses PWA app to steal credentials, MFA codes
Fake Google Security site uses PWA app to steal credentials, MFA codes A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims’ browsers. […] Ionut Ilascu Go to bleepingcomputer
-
Alabama man pleads guilty to hacking, extorting hundreds of women
Alabama man pleads guilty to hacking, extorting hundreds of women A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). […] Sergiu Gatlan Go to bleepingcomputer
-
Hackerbot-Claw Bot Attacks Microsoft and DataDog via GitHub Actions CI/CD Misconfiguration
Hackerbot-Claw Bot Attacks Microsoft and DataDog via GitHub Actions CI/CD Misconfiguration Between February 21 and February 28, 2026, an autonomous bot named hackerbot-claw launched a week-long attack campaign against major open source repositories. It targeted GitHub Actions CI/CD pipelines belonging to Microsoft, DataDog, the Cloud Native Computing Foundation, and several other widely used projects. Over…
-
New Claude Memory Feature Allow Users to Transfer Data from ChatGPT and Other AI Providers
New Claude Memory Feature Allow Users to Transfer Data from ChatGPT and Other AI Providers Anthropic has introduced a new memory import tool for Claude that allows users to seamlessly transfer their stored preferences, habits, and context from other AI platforms, including ChatGPT, Google Gemini, and Microsoft Copilot, directly into Claude’s memory system, eliminating the…
-
Threat Actors Exploit OpenVSX Aqua Trivy with Malicious AI Prompts to Hijack Local Coding Tools
Threat Actors Exploit OpenVSX Aqua Trivy with Malicious AI Prompts to Hijack Local Coding Tools A supply chain attack targeting developers surfaced on March 2, 2026, when unauthorized code was found inside two versions of the Aqua Trivy VS Code extension on the OpenVSX registry. The compromised versions — 1.8.12 and 1.8.13 — were uploaded…
-
Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices
Hackers Leveraged CyberStrikeAI Tool to Breach Fortinet FortiGate Devices A new artificial intelligence (AI) offensive security tool called CyberStrikeAI, which is being actively leveraged by threat actors to target edge devices, particularly Fortinet FortiGate appliances. This open-source platform, developed by a China-based individual with potential ties to state-sponsored operations, represents a significant escalation in the…
-
Android Security Update – Patch for 129 Vulnerabilities and Actively Exploited Zero-Day
Android Security Update – Patch for 129 Vulnerabilities and Actively Exploited Zero-Day Google has released its highly anticipated March 2026 Android Security Bulletin, delivering critical fixes for 129 security vulnerabilities across the Android ecosystem. This massive update represents one of the highest numbers of patches issued in a single month in recent years. The rollout…
-
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case…
-
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. “To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates…
-
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features…
-
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
How to Protect Your SaaS from Bot Attacks with SafeLine WAF Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating.…
-
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the…
-
Cyber Advisory: Increased Cyber Risk Amid U.S.–Israel–Iran Escalation
Cyber Advisory: Increased Cyber Risk Amid U.S.–Israel–Iran Escalation <p>Insights and recommended defensive measures from Sophos X-Ops Counter Threat Unit</p> Categories: Security Operations Tags: Sophos CTU, Iran, Operation Epic Fury Go to sophos
-
LLM-Assisted Deanonymization
LLM-Assisted Deanonymization Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision and scales to tens of thousands of candidates. While it has been…
-
ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)
ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Quick Howto: ZIP Files Inside RTF, (Mon, Mar 2nd)
Quick Howto: ZIP Files Inside RTF, (Mon, Mar 2nd) In diary entry “Quick Howto: Extract URLs from RTF files” I mentioned ZIP files. There are OLE objects inside this RTF file: They can be analyzed with oledump.py like this: Options –storages and -E %CLSID% are used to show the abused CLSID. Stream CONTENTS contains…
-
Wireshark 4.6.4 Released, (Mon, Mar 2nd)
Wireshark 4.6.4 Released, (Mon, Mar 2nd) Wireshark release 4.6.4 fixes 3 vulnerabilities and 15 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Weekly Update 493
Weekly Update 493 The Odido breach leaks were towards the beginning during this week’s update. I recorded it the day after the second dump of data had hit, with a third dump coming a few hours later, and a final dump of everything the day after that. From what I hear, it dominated the news…
-
Critical OpenClaw Vulnerability Exposes AI Agent Risks
Critical OpenClaw Vulnerability Exposes AI Agent Risks The now-patched flaw is the latest in a growing string of security issues associated with the viral AI tool, which has seen rapid adoption among developers. Jai Vijayan Go to gbhackers.com
-
30 Alleged Members of ‘The Com’ Arrested in Project Compass
30 Alleged Members of ‘The Com’ Arrested in Project Compass The global law enforcement crackdown, which began in January 2025, also identified nearly 180 members of the notorious cybercriminal collective. Rob Wright Go to gbhackers.com
-
Bug in Google’s Gemini AI Panel Opens Door to Hijacking
Bug in Google’s Gemini AI Panel Opens Door to Hijacking Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. Elizabeth Montalbano Go to gbhackers.com
-
Project Compass Operation Cracks Down on “The Com” Cybercrime Collective – 30 Arrested, 179…
Project Compass Operation Cracks Down on “The Com” Cybercrime Collective – 30 Arrested, 179… An international law enforcement operation named Project Compass has launched a major offensive against “The Com,” a dangerous transnational virtual network (TVN). The operation,… Go to gbhackers.com
-
Hackers Launch Massive SonicWall Firewall Attack Using 4,000+ IP Addresses
Hackers Launch Massive SonicWall Firewall Attack Using 4,000+ IP Addresses Hackers are actively mapping SonicWall firewalls worldwide, launching more than 84,000 SonicOS scanning sessions from over 4,000 unique IP addresses in just four days… Go to gbhackers.com
-
Angular SSR Flaw Enables Unauthorized Server-Side Requests in Web Apps
Angular SSR Flaw Enables Unauthorized Server-Side Requests in Web Apps A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to perform Server-Side Request Forgery (SSRF) and Header Injection… Go to gbhackers.com
-
OCRFix Botnet Uses ClickFix Phishing and EtherHiding to Mask Blockchain C2 Infrastructure
OCRFix Botnet Uses ClickFix Phishing and EtherHiding to Mask Blockchain C2 Infrastructure OCRFix is a multi-stage botnet Trojan campaign that abuses a fake Tesseract OCR download site, ClickFix-style PowerShell execution, and EtherHiding on BNB Smart Chain… Go to gbhackers.com
-
Middle East AWS Outage Sends Shockwaves Through Cloud Infrastructure Service
Middle East AWS Outage Sends Shockwaves Through Cloud Infrastructure Service A severe infrastructure incident in the Middle East has triggered a massive Amazon Web Services (AWS) outage, disrupting critical cloud operations across the region…. Go to gbhackers.com
-
ClawJacked attack let malicious websites hijack OpenClaw to steal data
ClawJacked attack let malicious websites hijack OpenClaw to steal data Security researchers have disclosed a high-severity vulnerability dubbed “ClawJacked” in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. […] Lawrence Abrams Go to bleepingcomputer
-
Samsung TVs to stop collecting Texans’ data without express consent
Samsung TVs to stop collecting Texans’ data without express consent Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs […] Bill Toulas Go to bleepingcomputer
-
Pixel Perfect Extension Abuse Enables Covert Script Injection and Security Header Removal
Pixel Perfect Extension Abuse Enables Covert Script Injection and Security Header Removal A browser extension that once earned a Featured badge from Google quietly turned into a remote code execution tool after its ownership changed hands, exposing thousands of users to covert script injection and full browser security header stripping. The campaign, centered on a…
-
US Military Reportedly Used Claude in Iran Strikes Despite Trump’s Ban
US Military Reportedly Used Claude in Iran Strikes Despite Trump’s Ban The U.S. Department of Defense deployed Anthropic’s Claude AI during Operation Epic Fury, a joint offensive with Israel against Iran on February 28, just hours after President Trump designated Anthropic as a national security “supply chain risk” and ordered all federal agencies to cease…
-
Hacked Prayer App Used as Cyber Weapon During US-Israel Strikes on Iran
Hacked Prayer App Used as Cyber Weapon During US-Israel Strikes on Iran As Israeli and US forces launched joint preemptive airstrikes on Tehran, a sophisticated cyber-psychological operation unfolded simultaneously. According to a report by Wired Middle East, millions of Iranian citizens and military personnel were jolted awake not only by explosions but also by unauthorized…
-
AWS Power Outage in Middle East Triggers Major Disruption to EC2 and Networking Services
AWS Power Outage in Middle East Triggers Major Disruption to EC2 and Networking Services A major power outage in the AWS me-central-1 (Middle East) region on March 1, 2026, resulted from an unusual physical incident where external objects struck a data center, triggering sparks and a fire. The event caused significant disruptions to Amazon Elastic…
-
ISC Stormcast For Monday, March 2nd, 2026 https://isc.sans.edu/podcastdetail/9830, (Mon, Mar 2nd)
ISC Stormcast For Monday, March 2nd, 2026 https://isc.sans.edu/podcastdetail/9830, (Mon, Mar 2nd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software
Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software Threat actors are executing sophisticated phishing campaigns that impersonate Zoom and Google Meet to silently deploy Teramind onto Windows devices. While Teramind is a… Go to gbhackers.com
-
QuickLens Chrome extension steals crypto, shows ClickFix attack
QuickLens Chrome extension steals crypto, shows ClickFix attack A Chrome extension named “QuickLens – Search Screen with Google Lens” has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. […] Lawrence Abrams Go to bleepingcomputer
-
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
$4.8M in crypto stolen after Korean tax agency exposes wallet seed South Korea’s National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency. […] Bill Toulas Go to bleepingcomputer
-
OpenClaw 0-Click Vulnerability Allows Malicious Websites to Hijack Developer AI Agents
OpenClaw 0-Click Vulnerability Allows Malicious Websites to Hijack Developer AI Agents A critical zero-interaction vulnerability in OpenClaw, one of the fastest-growing open-source AI agent frameworks in history, has been discovered by Oasis Security researchers, allowing any malicious website to silently seize full control of a developer’s AI agent without requiring plugins, extensions, or any user…
-
Phishing Schemes Abuse .arpa TLD and IPv6 Tunnels to Evade Detection
Phishing Schemes Abuse .arpa TLD and IPv6 Tunnels to Evade Detection Cybersecurity researchers at Infoblox Threat Intel have uncovered a highly sophisticated phishing campaign that exploits the foundational plumbing of the internet to bypass enterprise security controls. In a novel evasion tactic, threat actors are weaponizing the .arpa top-level domain (TLD) and utilizing IPv6 tunnels to host…
-
Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery
Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery Cybercriminals are increasingly abusing a legacy feature within Windows File Explorer to distribute malware, bypassing traditional web browser security and endpoint detection controls. According to a threat report by Kahng An of the Cofense Intelligence Team, threat actors are leveraging Web-based Distributed Authoring and…
-
This month in security with Tony Anscombe – February 2026 edition
This month in security with Tony Anscombe – February 2026 edition In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools Go to eset
-
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. “Our vulnerability lives in the core system itself – no plugins, no…
-
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google…
-
Hackers Exploit Windows File Explorer and WebDAV to Distribute Malware
Hackers Exploit Windows File Explorer and WebDAV to Distribute Malware Cybersecurity researchers at Cofense Intelligence have uncovered an ongoing campaign where threat actors abuse Windows File Explorer to distribute malware. By exploiting the legacy… Go to gbhackers.com
-
Trump Bans Anthropic AI in Federal Agencies Amid Growing Security Concerns
Trump Bans Anthropic AI in Federal Agencies Amid Growing Security Concerns The United States government has taken a massive step by banning federal agencies from using Anthropic, a domestic AI company known for its model,… Go to gbhackers.com
-
Researchers Unveil Aeternum C2 Infrastructure with Advanced Evasion and Persistence Tactics
Researchers Unveil Aeternum C2 Infrastructure with Advanced Evasion and Persistence Tactics For years, defenders have relied on a simple strategy to dismantle botnets find and seize their command-and-control (C2) servers. That weakness enabled global law… Go to gbhackers.com
-
Stored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at Risk
Stored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at Risk A critical security flaw has been identified in the RustFS Console, exposing administrators to a high risk of account takeover. Tracked as CVE-2026-27822, this… Go to gbhackers.com
-
Study Finds 87% of Organizations Exposed to Attacks Due to Known Vulnerabilities
Study Finds 87% of Organizations Exposed to Attacks Due to Known Vulnerabilities The 2026 State of DevSecOps report reveals a critical tension between development velocity and security. While organizations rapidly adopt AI-assisted coding, many fail to… Go to gbhackers.com
-
Microsoft testing Windows 11 batch file security improvements
Microsoft testing Windows 11 batch file security improvements Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. […] Sergiu Gatlan Go to bleepingcomputer
-
APT37 hackers use new malware to breach air-gapped networks
APT37 hackers use new malware to breach air-gapped networks North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. […] Bill Toulas Go to bleepingcomputer
-
Europol-led crackdown on The Com hackers leads to 30 arrests
Europol-led crackdown on The Com hackers leads to 30 arrests A yearlong Europol-coordinated operation dubbed “Project Compass” has led to 30 arrests and 179 suspects being tied to “The Com,” an online cybercrime collective that targets children and teenagers. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA warns that RESURGE malware can be dormant on Ivanti devices
CISA warns that RESURGE malware can be dormant on Ivanti devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. […] Bill Toulas Go to bleepingcomputer
-
Third-Party Patching and the Business Footprint We All Share
Third-Party Patching and the Business Footprint We All Share Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. […] Sponsored by Action1 Go to bleepingcomputer
-
Metasploit Adds New Modules Targeting Linux RC4, BeyondTrust, and Registry Persistence
Metasploit Adds New Modules Targeting Linux RC4, BeyondTrust, and Registry Persistence The latest Metasploit update, released on February 27, 2026, brings significant firepower to security professionals and penetration testers. The release introduces seven new modules, nine feature enhancements, and critical bug fixes. Standout additions include unauthenticated remote code execution (RCE) exploits for Ollama, BeyondTrust, and…
-
Trump Bans Anthropic AI in Federal Agencies — Pentagon Flags Claude as Security Risk
Trump Bans Anthropic AI in Federal Agencies — Pentagon Flags Claude as Security Risk The U.S. government has taken unprecedented action against domestic AI firm Anthropic, directing all federal agencies to immediately stop using its AI model Claude and officially designating the company a supply chain risk to national security, a classification historically reserved for…
-
Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features
Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain, and watching the network go dark. Law enforcement used this method to dismantle major operations like Emotet, TrickBot, and QakBot. A newly discovered botnet loader called Aeternum C2…
-
Vshell Gains Traction Among Threat Actors as an Alternative to Cobalt Strike
Vshell Gains Traction Among Threat Actors as an Alternative to Cobalt Strike A Go-based command-and-control (C2) framework originally marketed within Chinese-speaking offensive security communities has been quietly expanding its reach, drawing growing attention from threat actors seeking flexible and cost-effective alternatives to expensive commercial tools. Known as Vshell, the tool has evolved well beyond its…
-
New Dohdoor Malware Attacking Schools and Health Care Sectors in U.S. via Multi-Stage Attack Chain
New Dohdoor Malware Attacking Schools and Health Care Sectors in U.S. via Multi-Stage Attack Chain A newly discovered malware campaign has been quietly targeting educational institutions and healthcare organizations across the United States since at least December 2025. The threat, tracked under the actor designation “UAT-10027,” deploys a previously unknown backdoor called “Dohdoor,” which uses…
-
Mobile app permissions (still) matter more than you may think
Mobile app permissions (still) matter more than you may think Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks. Go to eset