Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded secrets in public GitHub commits in 2025, extending a multi-year rise in exposed access…
Category: EN
Windows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM Access
Microsoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper permission…
Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms
A sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware…
Anthropic’s Leaked Drafts Expose Powerful New AI Model “Claude Mythos”
Anthropic has inadvertently exposed highly sensitive internal documents, revealing the existence of a powerful, unreleased AI model dubbed “Claude Mythos.” The leak, which stems from an unsecured and publicly searchable data cache, has raised immediate alarms within the cybersecurity community,…
AI frenzy feeds credential chaos, secrets spread through code, tools, and infrastructure
Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded secrets in public GitHub commits in 2025, extending a multi-year rise in exposed access…
ISC Issues Critical Warning Over Kea DHCP Vulnerability That Could Remotely Crash Services
The Internet Systems Consortium (ISC) has released a critical security advisory addressing a high-severity vulnerability in its Kea DHCP server software. Kea is a modern, high-performance DHCP server widely used by enterprise networks and internet service providers to manage network…
Fake Cloudflare CAPTCHA Pages Deliver Infiniti Stealer Malware on macOS
A newly discovered macOS infostealer dubbed Infiniti Stealer is being actively distributed through deceptive Cloudflare-style CAPTCHA pages, marking a notable evolution in social engineering attacks targeting Apple users. Initially tracked as “NukeChain” during threat hunting efforts, the malware’s true identity was confirmed…
Hackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent Access
A China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor. Instead of…
Anonymous Tip System Breach May Expose Tipsters
Anonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack,…
Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem
The False Sense of Security SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes the calculus by removing the prerequisite of admin…
BreachForums Version 5 – 339,778 breached accounts
In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as “Version 5” was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes. This article has…
AI Infrastructure LiteLLM Supply Chain Poisoning Alert
Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain poisoning by the TeamPCP group on PyPI. It…
BreachForums Verion 5 – 339,778 breached accounts
In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as “Version 5” was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes. This article has…
Critical NVIDIA Vulnerabilities Enables RCE and DoS Attacks
Critical March 2026 security updates have been released to fix multiple vulnerabilities across enterprise and AI software systems. The latest advisories highlight severe flaws that could enable attackers to execute arbitrary code, trigger denial-of-service (DoS) conditions, or escalate privileges within compromised…
Claude Chrome Extension 0-Click Vulnerability Enables Silent Prompt Injection Attacks
A critical zero-click vulnerability in Anthropic’s Claude Chrome Extension exposed over 3 million users to silent prompt-injection attacks, allowing malicious websites to hijack the AI assistant without user interaction. The flaw, now patched, could have enabled attackers to steal Gmail…
How to Use a Risk Prioritization Matrix: Step By Step
Key Takeaways What Is a Risk Prioritization Matrix? A risk prioritization matrix is a way to compare risks using the concept of a table. The matrix is built like a grid. One side measures how likely the risk is to…
ISC Stormcast For Friday, March 27th, 2026 https://isc.sans.edu/podcastdetail/9868, (Fri, Mar 27th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 27th, 2026…
New Ghost Campaign Uses Fake npm Progress Bars to Phish Sudo Passwords
ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and…
Make OpenAI’s models misbehave and earn a reward
OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce the risk of misuse that could lead to harm. This program complements the…
Top product launches at RSAC 2026
RSAC 2026 showcased a wave of innovation, with vendors unveiling technologies poised to redefine cybersecurity. From AI-powered defense to breakthroughs in identity protection, this year’s conference delivered a glimpse into the future. Here are the most interesting products that caught…