A Local Privilege Escalation (LPE) vulnerability in default installations of Ubuntu Desktop 24.04 and later allows an unprivileged local attacker to gain full root access. Tracked as CVE-2026-3888, uncovered by The Qualys Threat Research Unit, the flaw exploits an unintended…
Category: EN
Cybercriminals scale up, government sector hit hardest
Government agencies faced the highest volume of cyberattack campaigns in 2025, according to new findings from HPE Threat Labs, which tracked 1,186 active campaigns over the course of the year. The data covers activity observed between January 1 and December…
Tufin introduces AI agents to take on network security work
Tufin is launching a new collection of AI agents designed to take on network security tasks for teams that are already stretched thin. This helps free up scarce expertise to focus on higher-level risks, critical decisions, and defending the enterprise.…
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in…
Energy strategy, scammer accord, font-rendering attack
Energy Department to release first cyber strategy Tech giants sign on to fight scammers Font-rendering hides malicious commands from AI in plain sight Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-energy-strategy-scammer-accord-font-rendering-attack/ Huge thanks to our episode sponsor,…
Over one billion customer records belonging to IDMerit users left unprotected online
Cyber researchers discovered more than one billion unprotected IDMerit customer records online. The records included details of people from all over the world, with hundreds… The post Over one billion customer records belonging to IDMerit users left unprotected online appeared…
Researchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM Access
Researchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as “RegPwn”. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how Windows handles registry configurations for…
New Kubernetes NFS CSI Vulnerability Enables Unauthorized Directory Deletion and Changes
A newly disclosed security flaw in the Kubernetes Container Storage Interface (CSI) Driver for Network File System (NFS) exposes storage servers to unauthorized directory modification and deletion. Tracked as CVE-2026-3864 with a medium-severity CVSS v3.1 score of 6.5, this vulnerability…
Exposed Ollama Servers: Security Risks of Publicly Accessible LLM Infrastructure
Learn how exposed Ollama servers can allow unauthorized model access, prompt abuse, and GPU resource consumption when LLM inference APIs are publicly accessible. The post Exposed Ollama Servers: Security Risks of Publicly Accessible LLM Infrastructure appeared first on Indusface. The…
Stop building security goals around controls
In this Help Net Security interview, Devin Rudnicki, CISO at Fitch Group, argues that security strategy fails when it loses its connection to business outcomes. Rudnicki walks through how to align security goals with corporate priorities, why CISOs must present…
Fake Telegram Download Site Delivers Stealthy In-Memory Malware Loader
A newly discovered malware campaign is exploiting user trust in Telegram by distributing a trojanized installer through a typosquatted website, telegrgam[.]com. The site closely mimics the official Telegram download portal and delivers a malicious executable named tsetup-x64.6.exe, making it appear legitimate…
Nordic MSPs Can Now Access Heimdal’s Unified Security and Compliance Platform Through Elovade
Copenhagen, Denmark – 18 March 2026 – Heimdal has appointed Elovade as its official distributor in the Nordic region. The move gives MSPs and resellers across Sweden, Norway, Denmark, Iceland, and Finland direct access to Heimdal’s consolidated cybersecurity platform through…
FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion
Cybersecurity researchers have a detailed a critical security flaw in Fortinet’s FortiClient Enterprise Management Server (EMS). Tracked as CVE-2026-21643, this severe pre-authentication SQL injection vulnerability carries a near-maximum CVSS severity score of 9.1. It allows unauthenticated attackers to execute arbitrary…
Global fraud losses climb to $442 billion
Online fraud is reaching more victims and generating larger losses, driven by digital tools and organized networks operating across borders. Global trends in financial fraud (Source: Interpol) In INTERPOL’s March 2026 Global Financial Fraud Threat Assessment, financial fraud sits among…
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score…
Apps, APIs, and DDoS 2026: The Industrialization of Cyberattack Campaigns
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Apps, APIs, and DDoS 2026: The Industrialization of Cyberattack Campaigns
The Agentic Security Crisis: Why You Need to Act Now
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Agentic Security Crisis: Why You Need to Act Now
Join Us at Wasm I/O 2026
Akamai is sponsoring Wasm IO 2026 as part of our commitment to WebAssembly. Get all the details. This article has been indexed from Blog Read the original article: Join Us at Wasm I/O 2026
Judicial Targets Hit by COVERT RAT via Court Docs and GitHub Payloads
Attackers are abusing fake court documents and GitHub‑hosted payloads in a focused spear‑phishing campaign that deploys a stealthy Rust‑based COVERT RAT against Argentina’s judicial sector. This operation chains Windows LNK shortcuts, BAT loaders, and PowerShell to quietly fetch and execute…
AWS Bedrock AgentCore Sandbox Bypass Enables Stealthy C2 and Data Exfiltration
A newly disclosed vulnerability in AWS Bedrock AgentCore Code Interpreter allows threat actors to bypass network isolation and establish stealthy command-and-control (C2) channels. AWS originally advertised this mode as providing complete isolation without external access, researchers found that it permits…