AI agents are already deployed broadly across enterprise environments. The problem is that organizations can’t tell what they’re doing. That’s the core finding of a new survey report released at RSAC 2026 by the Cloud Security Alliance, commissioned by Aembit.…
Category: EN
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)
Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active session tokens from the memory of affected devices. Anil Shetty, senior VP of Engineering with Cloud Software…
New Npm ‘Ghost Campaign’ Uses Fake Install Logs to Hide Malware
Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data This article has been indexed from www.infosecurity-magazine.com Read the original article: New Npm ‘Ghost Campaign’ Uses Fake Install Logs to Hide Malware
Cyber Briefing: 2026.03.24
Tax phishing surges, messaging apps targeted, Oracle RCE patched, supply-chain attacks hit CI/CD, major breach claims emerge, and global cybercrime crackdowns expand. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.03.24
Detecting IP KVMs, (Tue, Mar 24th)
I have written about how to use IP KVMs securely, and recently, researchers at Eclypsium published yet another report on IP KVM vulnerabilities. But there is another issue I haven't mentioned yet with IP KVMs: rogue IP KVMs. IP KVMs are often…
Citrix NetScaler critical flaw could leak data, update now
Citrix warns of a critical NetScaler flaw (CVE-2026-3055) that could leak sensitive data; users are urged to apply security updates immediately. Citrix issued security updates for two NetScaler vulnerabilities, including a critical memory overread, tracked as CVE-2026-3055 (CVSS score of…
FBI, CISA warn of Russian hackers hijacking Signal and WhatsApp accounts
The FBI and CISA join European agencies in warning of a widespread, easily scalable social engineering campaign targeting messaging apps. This article has been indexed from Malwarebytes Read the original article: FBI, CISA warn of Russian hackers hijacking Signal and…
Chrome 146 Update Patches High-Severity Vulnerabilities
The software refresh fixes eight memory safety bugs affecting seven Chrome components. The post Chrome 146 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Chrome 146 Update Patches High-Severity…
Extortion Group Claims It Hacked AstraZeneca
The Lapsus$ hackers allegedly compromised internal code repositories, credentials, and employee data. The post Extortion Group Claims It Hacked AstraZeneca appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Extortion Group Claims It Hacked…
Introducing Castle’s Research Team
How we think about research at Castle Bot detection and fraud prevention are adversarial by default. It is a cat-and-mouse game: attackers iterate, defenders respond, and the cycle keeps moving. AI has accelerated this dynamic on both sides. Attackers use…
Trivy’s March Supply Chain Attack Shows Where Secret Exposure Hurts Most
The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious…
Cybercriminals Misuse Microsoft Azure Monitor Alerts for Phishing Operations
Using trusted enterprise monitoring systems as a tool for credentialing their deception, threat actors have begun to make a subtle but highly effective shift in phishing tradecraft. Through the use of Microsoft Azure Monitor alerting mechanisms, attackers are orchestrating callback…
Microsoft Alerts 29,000 Users Hit by IRS-Themed Phishing Wave
Microsoft is warning of a major IRS‑themed phishing wave that hit 29,000 users in a single day, using tax‑season panic to steal credentials and deploy remote access malware. The campaigns piggyback on the urgency of the U.S. tax season,…
Russian initial access broker helped ransomware gangs extort millions, sentenced to 81 months
A Russian citizen, Aleksei Volkov, was sentenced to 81 months in prison for helping ransomware groups carry out attacks causing over $9 million in actual losses and over $24 million in intended losses, after being arrested in Italy and extradited…
Mimecast expands Incydr with runtime data security for AI and human risk
Mimecast has announced a major expansion of its Incydr offering with new data security capabilities and a preview of the Agent Risk Center. These enhancements deliver runtime data security through a unified approach to detect, govern, and remediate data exposure…
Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe
Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraine’s hybrid war experience This article has been indexed from www.infosecurity-magazine.com Read the original article: Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber…
DarkSword Exploit Chain That Can Hack Millions of iPhones Leaked Online
A powerful iOS exploit toolkit known as DarkSword has been publicly leaked on GitHub, dramatically lowering the barrier for cybercriminals to target hundreds of millions of iPhones and iPads still running outdated software. Security researchers are sounding the alarm as…
APT Hackers Attacking RDP Servers to Deploy Malicious Payloads and Establish Persistence
One of the world’s most dangerous state-backed hacking groups is actively targeting Remote Desktop Protocol (RDP) servers across critical infrastructure, defense organizations, and government agencies. The threat actor, known as APT-C-13 and widely tracked as Sandworm, APT44, Seashell Blizzard, and…
HackerOne slams supplier for delayed breach notice after staff data exposed
Nearly 300 employees caught up in intrusion at benefits provider Navia Almost 300 HackerOne employees are caught up in a data breach, with the bug bounty biz slamming a third-party benefits provider for a weeks-long delay in notification.… This article…
Novee introduces autonomous AI red teaming to hunt LLM vulnerabilities
Novee today introduced AI Red Teaming for LLM Applications for its AI penetration testing platform, designed to uncover security vulnerabilities in LLM-powered applications before attackers can exploit them. Enterprises are deploying AI-enabled software, from customer-facing chatbots to internal copilots and…