A new phase of the Iran war is unfolding in which ballistic missiles, drones, electronic warfare, and cyber operations are being deployed in parallel, with cyber activity increasingly tied to kinetic targeting, damage assessment, and strategic messaging. Iran’s leadership has…
Category: EN
Tracking the Iran War: A Month of Escalation and Regional Impact
Iran war likely prolonged, increasing cyber threats, energy disruption, and instability, with companies in the Middle East facing higher risk. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Iran) This article has been indexed from Security Affairs Read the original article: Tracking the…
Robotic surgery firm Intuitive reports data breach after targeted phishing attack
Intuitive suffered a phishing attack leading to a data breach exposing customer, employee, and corporate information. Intuitive is an American company that designs, manufactures, and sells robotic systems for minimally invasive surgery. Its most well-known products include the da Vinci…
Attackers Abuse Court Documents, GitHub Payloads to Infect Judicial Targets With COVERT RAT
A new wave of targeted attacks is quietly hitting Argentina’s judicial system, using fake court documents to lure legal professionals into installing a dangerous piece of malware. The campaign, formally called Operation Covert Access, deploys a Rust-built Remote Access Trojan…
Boggy Serpens Targets Diplomats and Critical Infrastructure in Multi-Wave Espionage Campaign
A well-resourced Iranian nation-state group known as Boggy Serpens — also tracked as MuddyWater — has sharply escalated its cyberespionage operations, running sustained and targeted campaigns against diplomatic missions, energy companies, maritime operators, and financial institutions. Attributed to Iran’s Ministry…
Big tech companies step in to support the open source security ecosystem
Backed by new funding commitments from major technology players, open source security efforts are moving beyond threat identification toward practical solutions for defenders. The Linux Foundation announced $12.5 million in grant funding backed by Anthropic, AWS, GitHub, Google, Google DeepMind,…
Abnormal AI Attune 1.0 targets AI-driven attacks with behavioral detection
Abnormal AI has unveiled the launch of Attune 1.0, a behavioral foundation model for cybersecurity. Trained on more than one billion derived behavioral signals, Attune now powers 85% of detections across the Abnormal Behavior Platform and establishes a shared intelligence…
AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner
Gartner has urged security teams to get involved in AI projects from the start to avoid costly incident response This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Issues Will Drive Half of Incident Response Efforts by…
Chancellor Commits £1bn To Commercial Quantum Computers
Government to buy commercial-scale quantum computers from UK companies, in strategy to boost viability of British-based tech firms This article has been indexed from Silicon UK Read the original article: Chancellor Commits £1bn To Commercial Quantum Computers
Ubuntu Desktop Vulnerability Lets Attackers Escalate Privileges to Full Root Access
The Qualys Threat Research Unit (TRU) has disclosed a critical Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. Tracked as CVE-2026-3888, this high-severity flaw carries a CVSS v3.1 score of 7.8 and allows…
Is Wix Secure Enough? Understanding the Next Layer of Protection for Growing Websites
You click “Publish” on your Wix site and breathe easy. HTTPS? Check. Automatic updates? Check. Hosting handled? Check. Your website feels bulletproof. But here is the catch: security is not. The post Is Wix Secure Enough? Understanding the Next Layer…
Theori brings Xint Code to market for large-scale AI code security analysis
Theori has made Xint Code commercially available, an LLM-native static application security testing (SAST) tool capable of analyzing millions of lines of source code, configuration files, and binaries in less than 12 hours. Xint Code’s approach to deep scanning and…
Island Enterprise Platform delivers unified control for workspaces and AI
Island has launched the Island Enterprise Platform. This unified enterprise environment extends the security, productivity, and user experience of the Island Enterprise Browser to also include consumer browsers, desktop applications, and networks. The Island Enterprise Platform provides universal policies and…
Major tech companies invest $12.5 million in open source security
The Linux Foundation announced $12.5 million in grant funding backed by Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen open source security. The funding will be directed through the foundation’s Alpha-Omega Project and the Open Source Security…
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of…
US Court Stays Amazon Order Barring Perplexity Bots
Order granted by US district court barring Perplexity shopping agent from accessing Amazon’s platform stayed while appeal is considered This article has been indexed from Silicon UK Read the original article: US Court Stays Amazon Order Barring Perplexity Bots
Microsoft Teams-Based Vishing Attack Tricks Victims Into Quick Assist Takeover
Threat actors are increasingly relying on social engineering rather than complex software vulnerabilities to breach corporate networks. In November 2025, Microsoft’s Detection and Response Team (DART) investigated a notable identity-first intrusion where attackers successfully used Microsoft Teams voice phishing (vishing)…
Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access
A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue…
‘RegPwn’ Windows Registry Vulnerability Enables Full System Access to Attackers
A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was…
Microsoft to Stop Force Installation of 365 Copilot App on Windows Devices
Microsoft has temporarily halted the automatic installation of the Microsoft 365 Copilot app on Windows devices. According to a recent update in the Microsoft 365 Message Center on March 16, 2026, the company paused the mandatory rollout, originally scheduled to…