A prompt injection attack in Perplexity’s Comet browser can trick its AI agent into leaking sensitive local files. The post Perplexity Comet Browser Bug Leaks Local Files via AI Prompt Injection appeared first on eSecurity Planet. This article has been…
6 Minutes and a Prayer: The Math Your SOC Doesn’t Want You to See
Your SOC can’t triage every alert — the math proves it. See why 75% of alerts go uninvestigated and how AI-autonomous triage closes the gap. The post 6 Minutes and a Prayer: The Math Your SOC Doesn’t Want You to…
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware
A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks This article has been indexed…
Automate or orchestrate? Implementing a streamlined remediation program to shorten MTTR
Security teams want lower MTTR, but flaws persist. How to use automation vs. orchestration to reduce risk effectively? Almost all security teams want to reduce their Mean Time to Remediate (MTTR). And for good reason: research from 2024 found that…
Malware-laced OpenClaw installers get Bing AI search boost
Think before you download OpenClaw, the AI agent that can manage just about anything, is risky all by itself, but now fake installers for it are wreaking havoc. Users who searched Bing’s AI results for “OpenClaw Windows” were directed to…
NDSS 2025 – On The Realism Of LiDAR Spoofing Attacks Against Autonomous Driving Vehicle
Session 14D: Autonomous Vehicles Authors, Creators & Presenters: Ningfei Wang (University of California, Irvine), Shaoyuan Xie (University of California, Irvine), Takami Sato (University of California, Irvine), Yunpeng Luo (University of California, Irvine), Kaidi Xu (Drexel University), Qi Alfred Chen (University…
Sekoia achieves SOC2 compliance
Today, we are pleased to celebrate a major achievement for Sekoia with the attainment of the SOC2 Type 1 certification for its entire infrastructure. In this blog post, we’ll explain the journey to this high-end certification. What is the SOC2…
MS-Agent Flaw Enables Remote Code Execution via AI Agents
A critical MS-Agent flaw could allow attackers to use prompt injection to execute system commands through AI agents. The post MS-Agent Flaw Enables Remote Code Execution via AI Agents appeared first on eSecurity Planet. This article has been indexed from…
The Verification Imperative: How One Framework Is Reshaping Trust in Financial Code
The software that moves money, processes trades, and manages accounts is among the most scrutinized code on earth. Yet even in highly regulated financial environments, a vulnerability persists that traditional perimeter security cannot address: the integrity of the code itself…
IT Security News Hourly Summary 2026-03-04 21h : 7 posts
7 posts were published in the last hour 19:34 : Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files 19:34 : US and EU police shut down LeakBase, a site accused of sharing stolen passwords and hacking tools…
Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files
Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites. The post Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files appeared first on TechRepublic. This article has been…
US and EU police shut down LeakBase, a site accused of sharing stolen passwords and hacking tools
Authorities say LeakBase was “one of the world’s largest online forums for cybercriminals,” and maintained an archive of hacked databases containing hundreds of millions of passwords. This article has been indexed from Security News | TechCrunch Read the original article:…
Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next
Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional cyber activity is rising. Organizations should take action to strengthen cyber hygiene, rotate credentials, and reduce exposure. This article has…
Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations
Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle (AitM) proxying. This article has been indexed from Trend Micro Research, News and Perspectives Read the original…
Tycoon 2FA Phishing Platform Dismantled in Global Takedown
The phishing-as-a-service platform was used to send fraudulent emails to over 500,000 organizations every month. The post Tycoon 2FA Phishing Platform Dismantled in Global Takedown appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Randall Munroe’s XKCD ‘Groundhog Day Meaning’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Groundhog Day Meaning’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall…
The Instagram API Scraping Crisis: When ‘Public’ Data Becomes a 17.5 Million User Breach
17.5 million Instagram accounts leaked through API scraping. Meta denies breach, but your data is on the dark web. Here’s what actually happened. The post The Instagram API Scraping Crisis: When ‘Public’ Data Becomes a 17.5 Million User Breach appeared…
Virginia Appeals Order Suspending Social Media Law
US state appeals judge’s preliminary injunction barring it from enforcing 1-hour social media time limit for children under 16 This article has been indexed from Silicon UK Read the original article: Virginia Appeals Order Suspending Social Media Law
Windows 10 Update KB5068164 Breaks Windows Recovery Environment
Microsoft’s October 2025 Windows Recovery Environment update for Windows 10 introduced a critical boot failure issue, rendering WinRE inaccessible on affected systems, with a fix confirmed only in March 2026. Released on October 14, 2025, KB5068164 was designed to automatically…
Tycoon 2FA Phishing Kit Disrupted by Microsoft, Europol and Partners
Microsoft, Europol, and partners have dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform, seizing 330 domains used for credential theft and MFA bypass. This coordinated action disrupts a service active since 2023 that powered tens of millions of phishing emails monthly.…
New LexisNexis Data Breach Confirmed After Hackers Leak Files
The hackers claim to have stolen 2GB of files, including 400,000 personal information records. The post New LexisNexis Data Breach Confirmed After Hackers Leak Files appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
BYOVD Attacks Turn Trusted Windows Drivers Into Security Threats
Cybersecurity researchers are warning about a growing wave of attacks that exploit legitimate Windows drivers to bypass security protections and gain deep control over targeted systems. The technique, known as Bring Your Own Vulnerable Driver or BYOVD, involves attackers…
Rhysida Claims Responsibility for November 2025 Ransomware Attack on Southold, New York
A ransomware gang known as Rhysida has claimed it was behind a cyberattack carried out in November 2025 against the local government of Southold, New York. Town authorities first disclosed the incident on November 24, 2025, revealing that a…
University of Hawaiʻi Cancer Center Suffers Data Breach from Ransomware Attacks
A ransomware attack on the University of Hawaii Cancer Center’s epidemiology division last year resulted in information leaks for up to 1.2 million people. About the incident According to a statement issued by the organization last week, hackers gained access…