Threat actors are increasingly relying on social engineering rather than complex software vulnerabilities to breach corporate networks. In November 2025, Microsoft’s Detection and Response Team (DART) investigated a notable identity-first intrusion where attackers successfully used Microsoft Teams voice phishing (vishing)…
Category: EN
Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access
A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue…
‘RegPwn’ Windows Registry Vulnerability Enables Full System Access to Attackers
A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was…
Microsoft to Stop Force Installation of 365 Copilot App on Windows Devices
Microsoft has temporarily halted the automatic installation of the Microsoft 365 Copilot app on Windows devices. According to a recent update in the Microsoft 365 Message Center on March 16, 2026, the company paused the mandatory rollout, originally scheduled to…
Inside a network of 20,000+ fake shops
A sprawling network of fake shops, all built for one purpose: to steal your payment details and personal data. This article has been indexed from Malwarebytes Read the original article: Inside a network of 20,000+ fake shops
Cayosoft adds AI identity visibility and incident response for hybrid environments
Cayosoft has announced updates to its Cayosoft Guardian platform. Cayosoft Guardian will now bring AI agent identities into existing identity threat detection and response (ITDR) workflows, giving security teams visibility, reporting, alerting, and automated rollback, without adding another dashboard. Cayosoft…
1Password Users API for Partners helps automate identity response during incidents
1Password has announced the public preview of Users API for Partners, which allows security teams to respond to incidents faster during active security events. Launch partners like CrowdStrike, in addition to BlinkOps, Elastic, Sumo Logic, Tines, and Torq enable mutual…
Linux Foundation secures $12.5 million to strengthen open source security and support maintainers
The Linux Foundation has announced a total of $12.5 million in grants from Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen the security of the open source software ecosystem. The funding will be managed by Alpha-Omega and…
Oppo Updates Foldable With ‘Imperceptible’ Crease
New Oppo Find N6 features improved technology to reduce screen crease, but prices rise as memory becomes ‘more expensive than gold’ This article has been indexed from Silicon UK Read the original article: Oppo Updates Foldable With ‘Imperceptible’ Crease
Vidar Stealer 2.0 Spreads via Fake Game Cheats Shared on GitHub and Reddit
Large‑scale campaigns abusing GitHub and Reddit to spread Vidar Stealer 2.0 through fake “free game cheats,” targeting players of popular online titles across the board. The operation shows how the takedown of other infostealers has shifted criminal demand toward Vidar,…
Delegated Trust Is Becoming the Largest Attack Surface in Modern Security
Over the next decade, the way we define security failures is going to change. No longer will it begin with an unpatched server or a careless employee clicking the wrong link. The root cause will be something far more ordinary,…
ManageEngine expands Endpoint Central with EDR and secure access
ManageEngine has announced the expansion of its unified endpoint management and security (UEMS) platform, Endpoint Central, to include endpoint detection and response (EDR) and secure private access capabilities. The additions bolster Endpoint Central’s endpoint security capabilities by enabling AI-powered threat…
Virtue AI brings continuous stress testing to enterprise AI agents
Virtue AI has announced Agent ForgingGround with built-in Red-Teaming Agents, the first enterprise-scale testing ground designed to continuously evaluate and stress-test AI agents (including multi-agent systems) before, during, and after deployment. As organizations adopt large-scale AI agents, many enterprises are…
Police To Deploy Live Facial Recognition In Norwich
Live facial recognition van to be stationed in Norwich city centre on Sunday, amid government plans to expand tech’s use This article has been indexed from Silicon UK Read the original article: Police To Deploy Live Facial Recognition In Norwich
Cyberattacks Soar 245% as War Triggers Global Digital Offensive
Since the outbreak of the Middle East conflict on 28 February 2026, Akamai has seen a surge of 245% in cyberattacks against key businesses and institutions in North America, Europe, and some Asian Pacific countries. One group in particular, Handala (widely believed to have…
UK’s Companies House exposed data linked to millions of firms
Companies House, the UK’s official registrar of companies, has disclosed a security flaw in its WebFiling service that exposed sensitive data tied to more than five million registered businesses. The issue traces back to a system update rolled out in October 2025 and went unnoticed for five months…
Boggy Serpens Hits Diplomats, Critical Infrastructure in Espionage Waves
Boggy Serpens, also known as MuddyWater, has escalated its cyberespionage operations over the past year, focusing on diplomats and critical infrastructure organizations in a coordinated, multi-wave campaign. Boggy Serpens has moved beyond its earlier noisy, high-volume phishing style to prioritize…
Iran’s cyberattack against med tech firm is ‘just the beginning’
Even without a navy, or air power, ‘They’ll still have the ability to hack’ Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.… This article has been indexed from The Register…
‘CrackArmor’ Exposes Nine Vulnerabilities in Linux AppArmor
The Qualys Threat Research Unit (TRU) has identified nine vulnerabilities in AppArmor, a Linux Security Module. The vulnerability has been present since 2017 (version v4.11). AppArmor is the default mandatory access control system for Ubuntu, Debian, SUSE, and several cloud platforms. Its presence in all…
Aura – 903,080 breached accounts
In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected.…