The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Aquasecurity Trivy flaw, tracked as CVE-2026-33634 (CVSS score of 9.3), to its Known Exploited…
Red Hat Warns of Malware Code Embedded in Popular Linux Tool Allow Unauthorized Access to Systems
Red Hat has issued a critical security warning regarding malicious code discovered in recent versions of the “xz” compression tools and libraries. Tracked as CVE-2024-3094, this highly sophisticated supply chain compromise could allow threat actors to bypass authentication and gain…
Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack
The official Telnyx Python SDK on PyPI was compromised this morning as part of an escalating, weeks-long supply chain campaign orchestrated by the threat actor group TeamPCP. Malicious versions 4.87.1 and 4.87.2 of the telnyx package were uploaded to PyPI…
Hackers Use Phishing ZIP Files to Deploy PXA Stealer Against Financial Firms
A new wave of cyberattacks is putting financial institutions on high alert, as threat actors ramp up the use of PXA Stealer — a powerful information-stealing malware — against organizations worldwide. The surge follows law enforcement’s successful dismantling of major…
Bogus Avast website fakes virus scan, installs Venom Stealer instead
A fake Avast scan tells you your PC is infected, then installs the malware that steals passwords, session data and crypto wallets. This article has been indexed from Malwarebytes Read the original article: Bogus Avast website fakes virus scan, installs…
Coruna iOS Exploit Kit Likely an Update to Operation Triangulation
Coruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago. The post Coruna iOS Exploit Kit Likely an Update to Operation Triangulation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
RSAC 2026 Conference Announcements Summary (Days 3-4)
A summary of the announcements made by vendors on the third and fourth days of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Days 3-4) appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently disclosed code injection vulnerability in Langflow, an open-source framework for building AI agents and workflows, and CVE-2026-33634, an…
IT Security News Hourly Summary 2026-03-27 12h : 7 posts
7 posts were published in the last hour 10:34 : AI Agents Are Reshaping Cyber Threats, Making Traditional Kill Chains Less Relevant 10:34 : FBI Escalates Enforcement Against Thai Fraud Rings Targeting US Individualsa 10:34 : Ajax data breach exposed…
AI Agents Are Reshaping Cyber Threats, Making Traditional Kill Chains Less Relevant
In September 2025, Anthropic disclosed a case that highlights a major evolution in cyber operations. A state-backed threat actor leveraged an AI-powered coding agent to conduct an automated cyber espionage campaign targeting 30 organizations globally. What stands out is…
FBI Escalates Enforcement Against Thai Fraud Rings Targeting US Individualsa
Digital exchanges that begin with a polite greeting, an apparent genuine conversation, or a quiet offer of companionship increasingly become entry points into a far more calculated form of transnational fraud. For many Americans, these interactions are not merely…
Ajax data breach exposed season tickets, supporter bans open to tampering
AFC Ajax, the Dutch football club from Amsterdam, disclosed that an unknown hacker gained access to parts of its IT systems and obtained the email addresses of a few hundred people. The hack exploited vulnerabilities in Ajax’s app and website,…
Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. “Bearlyfy…
CISA Adds Critical Aquasecurity Trivy Scanner Vulnerability to KEV Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targets continuous integration and continuous…
SEC Rules – Crypto IS A Security – Sometimes
Cryptocurrency is a speculative asset, a payment system, and critical infrastructure all at once. Explore why this “Shimmer” problem creates an unstable security model where users bear 100% of the risk. The post SEC Rules – Crypto IS A Security…
The Danger of Treating CyberCrime as War – The New National Cybersecurity Strategy
The March 2026 Cyber Strategy shifts focus from private sector compliance to national power and adversary disruption. Explore the tension between geopolitical deterrence and the economic realities of cybercrime. The post The Danger of Treating CyberCrime as War – The…
Silver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing Scams
A threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to coincide with the country’s busy tax-filing and corporate restructuring season. The campaign focuses heavily on manufacturers and enterprises that are…
CISA Flags Critical PTC Vulnerability That Had German Police Mobilized
Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
The Endpoint Paradox: Why Legacy Software Makes Enterprise PAM Solutions Wrong for Most Organizations
PAM tools are too complex for most orgs. Here’s why legacy apps drive risk and how PEDM offers a simpler fix. The post The Endpoint Paradox: Why Legacy Software Makes Enterprise PAM Solutions Wrong for Most Organizations appeared first on…
Apple To Allow Multiple Chatbots Within Siri
Apple reportedly plans to allow multiple installed AI apps to be accessed through Siri assistant, replacing exclusive ChatGPT deal This article has been indexed from Silicon UK Read the original article: Apple To Allow Multiple Chatbots Within Siri
TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects
The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artificial…
Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information
Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting customer-managed NetScaler ADC and NetScaler Gateway appliances. These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow remote attackers to leak sensitive information or cause user…
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large…
Dutch Court Tells xAI To Halt Grok Child Pornography
Court in Netherlands issues injunction ordering xAI to immediately stop offering tools for non-consensual nudification, child pornography This article has been indexed from Silicon UK Read the original article: Dutch Court Tells xAI To Halt Grok Child Pornography