The ongoing supply chain attack targeting Aqua Security’s Trivy ecosystem has escalated, with new compromised Docker images discovered on Docker Hub. According to Socket’s analysis, two new Docker image tags, 0.69.5 and 0.69.6, were published on March 22 without corresponding…
$30 IP-KVM Flaws Could Enable BIOS-Level Enterprise Network Attacks
Recent threat research reveals a severe security crisis affecting low-cost IP-KVM devices. Security experts discovered nine vulnerabilities across four popular vendors, transforming these cheap management tools into powerful attack platforms. Compromising a single KVM device grants an attacker complete physical-level…
Building a Layered Security Stack: Identity, Network and Device Protection
Build a layered security stack with identity network and device protection using MFA SSO VPN and endpoint tools to reduce cyber risks. The post Building a Layered Security Stack: Identity, Network and Device Protection appeared first on Security Boulevard. This…
IT Security News Hourly Summary 2026-03-23 09h : 8 posts
8 posts were published in the last hour 7:34 : A week in security (March 16 – March 22) 7:34 : Deceptive VPN Websites Become Gateway for Corporate Data Theft 7:34 : Booz Allen’s Vellox brings AI vs. AI defense…
A week in security (March 16 – March 22)
A list of topics we covered in the week of March 16 to March 22 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (March 16 – March 22)
Deceptive VPN Websites Become Gateway for Corporate Data Theft
The financial motivation of a threat group tracked by Microsoft as Storm-2561 has been quietly exploiting the familiarity of enterprise VPN ecosystems in a campaign intended to demonstrate how easy it is to weaponize trust in routine IT processes. …
Booz Allen’s Vellox brings AI vs. AI defense to protect critical infrastructure and national security
Booz Allen Hamilton’s new Vellox suite showcases how AI-native cyber defense can counter growing threats to U.S. national security and critical infrastructure. The company’s new threat report, When Cyberattacks Happen at AI Speed, shows that AI is widening the gap…
International botnet takedown, California city ransomed, Azure Monitor phishing
Law enforcement seizes botnet infrastructure California city and LA transit agency report cybersecurity issues Microsoft Azure Monitor alerts used for callback phishing attacks Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-cybersecurity-news-international-botnet-takedown-california-city-ransomed-azure-monitor-phishing/ Huge thanks to our sponsor, ThreatLocker Most…
ChatGPT confessions: AI’s role in personal lives
People increasingly turn to ChatGPT and generative AI for deeply personal matters, from venting emotions to seeking therapy-like advice. OpenAI’s own data reveals this intimate… The post ChatGPT confessions: AI’s role in personal lives appeared first on Panda Security Mediacenter.…
Microsoft Emergency Out-of-Band Update for Windows 11 to Fix Microsoft Account Sign-In Failure
Microsoft has issued an out-of-band (OOB) update for Windows 11 versions 25H2 and 24H2, identified as KB5085516, addressing a critical sign-in bug introduced by the March 2026 Patch Tuesday release. The update carries OS builds 26200.8039 and 26100.8039 and was…
Your AI agents are moving sensitive data. Do you know where?
In this Help Net Security interview, Gidi Cohen, CEO at Bonfy.AI, addresses what he sees as the most pressing gap in AI agent security: data-layer risk. While the industry focuses on prompt injection and model behavior, Cohen argues the deeper…
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments…
CISA Issues Warning on Apple Vulnerabilities Exploited Through DarkSword iOS Chain
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding three critical security flaws affecting the Apple ecosystem. Officially added to the Known Exploited Vulnerabilities (KEV) catalog on March 20, 2026, these bugs are actively being abused…
CanisterWorm Hijacks npm Publisher Accounts, Steals Tokens
A highly automated npm supply chain campaign, dubbed “CanisterWorm,” in which threat actors steal npm access tokens and weaponize legitimate publisher accounts at scale. The group, tracked as “TeamPCP,” has compromised trusted namespaces including @emilgroup and @teale.io, pushing new SDK…
VoidStealer Steals Chrome Secrets Without Injection or Privilege Escalation
A new variant of the MaaS infostealer VoidStealer has become the first malware observed in the wild to weaponize a debugger‑based bypass for Google Chrome’s Application‑Bound Encryption (ABE), using hardware breakpoints to steal Chrome’s v20_master_key directly from browser memory. Unlike…
Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek. This article has been indexed from…
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings, and required templates go missing. An open-source tool called Plumber automates the detection of those…
Crunchyroll Data Breach Allegedly Exposes 100 GB of User Data
A major data breach has reportedly compromised Crunchyroll, the popular Sony-owned anime streaming service. Threat actors claim to have successfully stolen 100 GB of personally identifiable information (PII) from the platform. The breach allegedly took place on March 12, 2026,…
NIST updates its DNS security guidance for the first time in over a decade
DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure Domain Name System Deployment Guide,…
AstraZeneca Data Breach Allegedly Claimed by LAPSUS$ as Internal Data Access Reported
The notorious hacking collective known as LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving multinational pharmaceutical giant AstraZeneca. The threat actors are reportedly attempting to sell a compressed 3GB internal data dump, indicating a potential compromise…
Crunchyroll Data Breach — Threat Actor Claims Exfiltration of 100 GB of User Data
A threat actor has allegedly exfiltrated approximately 100 GB of personally identifiable information (PII) from Crunchyroll, the Sony-owned anime streaming giant, after gaining access through a compromised employee at the platform’s outsourcing partner, Telus. The breach, which reportedly occurred on…
The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson
Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated…
IT Security News Hourly Summary 2026-03-23 03h : 5 posts
5 posts were published in the last hour 2:3 : ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd) 2:3 : Side-Channel Attack Mitigation for Quantum-Resistant MCP Metadata 2:3 : Booz Allen Rolls Out Vellox, a Five-Product AI…
ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, March 23rd, 2026…