Frankfurt am Main, Germany, 2nd March 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat
Category: EN
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality…
Hackers Launch Massive SonicWall Firewall Attack Using 4,000+ IP Addresses
Hackers are actively mapping SonicWall firewalls worldwide, launching more than 84,000 SonicOS scanning sessions from over 4,000 unique IP addresses in just four days to identify SSL VPN targets for future credential and vulnerability attacks. Three operationally distinct infrastructure clusters…
Ukrainian hacker pleads guilty to running OnlyFake AI ID scam site
Ukrainian citizen Yurii Nazarenko admitted running OnlyFake, an AI-driven site that sold over 10,000 fake IDs worldwide. Ukrainian man Yurii Nazarenko pleaded guilty to operating OnlyFake, an AI-powered site that generated and sold more than 10,000 counterfeit IDs globally. “United…
Purchase order attachment isn’t a PDF. It’s phishing for your password
A fake purchase order attachment turned out to be a phishing page designed to harvest your login details. This article has been indexed from Malwarebytes Read the original article: Purchase order attachment isn’t a PDF. It’s phishing for your password
Purpose-built AI Security Agent Detected 92% of DeFi Contracts Vulnerabilities
Baseline coding agents didn’t fare too well against purpose-built AI security agents in detecting flaws in DeFi contracts underscoring that organizations must not rely on audits and must press AI into use for detecting vulnerabilities. The post Purpose-built AI Security Agent Detected…
Angular SSR Flaw Enables Unauthorized Server-Side Requests in Web Apps
A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to perform Server-Side Request Forgery (SSRF) and Header Injection attacks. Tracked as CVE-2026-27739, this flaw enables unauthorized server-side requests in web applications, potentially leading to…
Lovora – 495,556 breached accounts
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the…
OCRFix Botnet Uses ClickFix Phishing and EtherHiding to Mask Blockchain C2 Infrastructure
OCRFix is a multi-stage botnet Trojan campaign that abuses a fake Tesseract OCR download site, ClickFix-style PowerShell execution, and EtherHiding on BNB Smart Chain to conceal a rotating blockchain-backed command infrastructure. The fake site gates content behind a bogus CAPTCHA…
US Military Reportedly Used Claude in Iran Strikes Despite Trump’s Ban
The U.S. Department of Defense deployed Anthropic’s Claude AI during Operation Epic Fury, a joint offensive with Israel against Iran on February 28, just hours after President Trump designated Anthropic as a national security “supply chain risk” and ordered all…
Pixel Perfect Extension Abuse Enables Covert Script Injection and Security Header Removal
A browser extension that once earned a Featured badge from Google quietly turned into a remote code execution tool after its ownership changed hands, exposing thousands of users to covert script injection and full browser security header stripping. The campaign,…
Gottumukkala ousted, Wyden blocks Rudd, Hackers weaponize Claude
Gottumukkala ousted as CISA Director Ron Wyden blocks Rudd confirmation to lead Cyber Command, NSA Hackers Weaponize Claude Code in Mexican government cyberattack Get the show notes here: https://cisoseries.com/cybersecurity-news-gottumukkala-ousted-wyden-blocks-rudd-hackers-weaponize-claude/ Huge thanks to our sponsor, Adaptive Security This episode is brought…
A week in security (February 23 – March 1)
A list of topics we covered in the week of February 23 to March 1 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (February 23 – March 1)
Middle East AWS Outage Sends Shockwaves Through Cloud Infrastructure Service
A severe infrastructure incident in the Middle East has triggered a massive Amazon Web Services (AWS) outage, disrupting critical cloud operations across the region. The event, which aggressively impacted the ME-CENTRAL-1 (United Arab Emirates) and ME-SOUTH-1 (Bahrain) regions, left countless…
CISA Leadership Shakeup, OpenClaw Hijack, Robot Vacuums and More
OpenClaw AI Agent Hijack, CISA Leadership Shakeup, Iran Cyber Campaign, Air-Gap Malware, and Robot Vacuum Flaw Jim Love covers multiple cybersecurity stories: Oasis Security revealed “ClawJacked,” a high-severity OpenClaw AI agent framework flaw caused by missing rate limiting on the…
CISA Alerts on RESURGE Malware Exploiting Ivanti Connect Secure Zero-Days
The Cybersecurity and Infrastructure Security Agency (CISA) has released a Malware Analysis Report (MAR) detailing a new malware family dubbed RESURGE, which is actively exploiting a zero-day vulnerability in Ivanti Connect Secure devices. According to CISA, RESURGE builds upon the…
Hacked Prayer App Used as Cyber Weapon During US-Israel Strikes on Iran
As Israeli and US forces launched joint preemptive airstrikes on Tehran, a sophisticated cyber-psychological operation unfolded simultaneously. According to a report by Wired Middle East, millions of Iranian citizens and military personnel were jolted awake not only by explosions but…
Claude Code Security: The AI Shockwave Hitting Cybersecurity
Anthropic’s Claude Code Security research preview promises AI-powered code analysis and vulnerability detection at scale. The announcement triggered strong reactions across the cybersecurity community and sent several vendor stocks lower. In this episode, we break down what the tool actually…
Security debt is becoming a governance issue for CISOs
Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational pattern, fixes lag discovery, and older weaknesses stay open across release cycles. 2026 findings against the 2025 baseline…
Your dependencies are 278 days out of date and your pipelines aren’t protected
Applications continue to ship with known weaknesses even as development workflows speed up. A new Datadog State of DevSecOps 2026 report examines how dependency management and pipeline practices are influencing exposure across cloud native environments. Across the environments studied, 87%…