We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer. This article has been indexed from Malwarebytes Read the original article: Hacked sites deliver Vidar infostealer to Windows users
Lessons in incident response from the Olympics, World Cup
<p>While the goal of every team is to keep possession, they often must hold the line, defend the goal and mount a comeback to win the game.</p> <p>This is as true in cybersecurity as it is in sports.</p> <p>Take high-profile…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and…
Fake FileZilla Downloads Lead to RAT Infections Through Stealthy Multi-Stage Loader
A new malware campaign has been discovered delivering a Remote Access Trojan through fake websites impersonating the official FileZilla download page. Attackers designed these fraudulent sites to closely mirror the real FileZilla page, tricking users into downloading malicious installer files.…
Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer
China’s largest cybersecurity firm, Qihoo 360, has inadvertently exposed its own wildcard SSL private key by bundling it directly inside the public installer of its newly launched AI assistant, 360Qihoo (Security Claw). The flaw discovered on March 16, 2026, is…
IBM Uncovers ‘Slopoly,’ Likely AI-Generated Malware Used in Hive0163 Ransomware Attack
A concerning development has emerged in early 2026, as IBM X-Force uncovered a likely AI-generated malware strain they named “Slopoly,” deployed during a ransomware attack by the financially motivated threat group Hive0163. The group is primarily focused on large-scale data…
Calculating the ROI of AI in cybersecurity
<p>As with many technologies, AI and cybersecurity are becoming increasingly intertwined. An organization can expect AI to support the cybersecurity mission in multiple ways, including reducing overall risk, boosting efficiency and making security more cost-effective.</p> <p>What’s not easy to determine…
Microsoft Exchange Online Mailbox Access Outage Affects Users Globally
Microsoft is currently investigating a service disruption affecting Exchange Online users who are experiencing difficulties accessing their mailboxes through one or more connection methods. The issue, tracked under Microsoft 365’s service health dashboard, has prompted multiple status updates throughout Monday,…
New ACRStealer Variant Uses Syscall Evasion, TLS C2 and Secondary Payload Delivery
A new variant of ACRStealer has emerged with upgraded capabilities that make it significantly harder to detect and more dangerous to the systems it targets. First reported by Proofpoint in early 2025 as a rebranded version of the Amatera Stealer,…
Zombie ZIP method can fool antivirus during the first scan
Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that’s up for debate) that can bypass a first AV inspection. This article has been indexed from Malwarebytes Read the original article: Zombie ZIP method can fool antivirus during…
AI finally delivers those elusive productivity gains… for cybercriminals
Interpol says fraud schemes using the tech are 4.5x more profitable AI is apparently good for the bottom line if your business is crime. Financial fraud schemes carried out with the help of artificial intelligence are 4.5 times more profitable…
DPRK IT Worker Fraud: Hiring an Insider Threat
Nisos DPRK IT Worker Fraud: Hiring an Insider Threat Here at Nisos, we’ve spent years helping organizations understand and mitigate complex, human risk-related threats, such as insider risk, executive protection and employment fraud… The post DPRK IT Worker Fraud: Hiring…
Help on the line: How a Microsoft Teams support call led to compromise
A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them. The post Help on the line: How a Microsoft Teams support call led to compromise…
IT Security News Hourly Summary 2026-03-16 18h : 5 posts
5 posts were published in the last hour 16:32 : Companies House Restores WebFiling After Flaw Exposed Director Details 16:32 : Stryker attack raises concerns about role of device management tool 16:32 : Telus Digital confirms hack as ShinyHunters claims…
Companies House Restores WebFiling After Flaw Exposed Director Details
Companies House fixed a WebFiling flaw that allowed users to view director details and alter company records before the service was taken offline and restored. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
Stryker attack raises concerns about role of device management tool
Researchers warn that Microsoft Intune may have been weaponized to wipe critical devices. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Stryker attack raises concerns about role of device management tool
Telus Digital confirms hack as ShinyHunters claims credit for massive data theft
The Canadian business-process outsourcer, which counts many major businesses among its customers, still isn’t sure what the hackers stole. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Telus Digital confirms hack as ShinyHunters…
FBI launches inquiry into Steam games spreading malware
The FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigation. The FBI is seeking gamers who downloaded Steam games later found to contain malware. According…
Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact
Broadcom, Bechtel, Estée Lauder, and Abbott Technologies are the only major companies that have yet to issue a public statement. The post Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact appeared first on SecurityWeek. This article…
⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical…
Former Germany’s foreign intelligence VP hit in Signal account takeover campaign
Former BND VP Arndt Freytag von Loringhoven was targeted in a Signal cyberattack, part of a wave hitting officials and politicians in Germany. A cyberattack targeting Signal and WhatsApp users has hit high-ranking German officials, including former BND Vice President…
Delete doesn’t mean gone. Here’s how File Shredder fixes that
When you delete a file, it’s not really gone. We explain what really happens to deleted files and how File Shredder erases them for good. This article has been indexed from Malwarebytes Read the original article: Delete doesn’t mean gone.…
Security Firm Executive Targeted in Sophisticated Phishing Attack
The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages. The post Security Firm Executive Targeted in Sophisticated Phishing Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Don’t confuse asset inventory with exposure management
Asset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You…