Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios One of npm’s most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer’s account and slipped a remote-access trojan (RAT) into two…
Lloyds Data Security Incident Impacts 450,000 Individuals
A faulty software update led to the exposure of mobile banking users’ transactions to other users of the application. The post Lloyds Data Security Incident Impacts 450,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs
Remotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years. The post StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: StrongSwan Flaw Allows…
Change Intelligence and Deployment Connectors for Liquibase Secure
Liquibase Secure introduces Change Intelligence and Deployment Connectors for ServiceNow, GitHub, Harness, and Terraform to improve database change governance and visibility. The post Change Intelligence and Deployment Connectors for Liquibase Secure appeared first on Security Boulevard. This article has been…
Intel puts its data center performance knowledge on GitHub
Intel engineers have published a centralized repository of data center performance knowledge on GitHub, giving practitioners direct access to tuning guides, configuration recommendations, and optimization recipes that previously required hunting across forums and scattered documentation. The repository, called Optimization Zone,…
Ransomware in 2025: Blending in is the strategy
A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. This article has been indexed from Cisco Talos Blog Read the original article: Ransomware in 2025:…
Double Agents: Exposing Security Blind Spots in GCP Vertex AI
Unit 42 uncovers a “double agent” flaw in Google Cloud’s Vertex AI, demonstrating how overprivileged AI agents can compromise cloud environments. The post Double Agents: Exposing Security Blind Spots in GCP Vertex AI appeared first on Unit 42. This article…
Mistral Raises $830m In Debt To Buy Nvidia Chips
French AI start-up Mistral raises new debt to purchase computing power for data centre outside Paris, with Swedish facility also in works This article has been indexed from Silicon UK Read the original article: Mistral Raises $830m In Debt To…
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of…
Rspamd 4.0.0 ships memory savings, a new scan protocol, and a required migration step
The open-source spam filtering platform Rspamd released version 4.0.0, delivering infrastructure changes across its scan protocol, memory model, hash storage, and configuration system. Several of the changes are breaking, and at least one requires a migration step before upgrade. A…
IT Security News Hourly Summary 2026-03-31 12h : 11 posts
11 posts were published in the last hour 9:36 : Meta Tests Paid Instagram Subscriptions 9:36 : Regulator Says Humans Remain Responsible For AI Audit Errors 9:36 : EvilTokens Launches New Phishing Service Targeting Microsoft Accounts 9:36 : Phishing SMS:…
Meta Tests Paid Instagram Subscriptions
Facebook parent Meta tests paid subscriptions for Instagram with additional features, including ability to view Stories in stealth mode This article has been indexed from Silicon UK Read the original article: Meta Tests Paid Instagram Subscriptions
Regulator Says Humans Remain Responsible For AI Audit Errors
UK accountancy regulator publishes first guidance on AI use, warning auditors that they cannot blame mistakes on AI This article has been indexed from Silicon UK Read the original article: Regulator Says Humans Remain Responsible For AI Audit Errors
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than traditional credential phishing. The service sells a turnkey Microsoft device code phishing kit that has been in active use…
Phishing SMS: How to Recognize Fraudulent Messages and Protect Yourself Effectively
A short message pops up: a supposed SMS from a delivery service announces a package, a warning from your bank urges you to immediately confirm your account details, or a supposed friend reaches out from a new number. These text…
Let’s Stop Sovereignty Washing
Don’t fall for “sovereignty washing.” Learn the technical difference between data residency and true digital sovereignty, the impact of the U.S. CLOUD Act, and the rise of European “Geopatriation.” The post Let’s Stop Sovereignty Washing appeared first on Security Boulevard. This…
NCSC Urges Immediate Patching of F5 BIG-IP Bug
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521 This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Urges Immediate Patching of F5 BIG-IP Bug
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally. Originally launched for beta testing in September 2025, these security enhancements are designed to minimize…
Cuties AI – 144,250 breached accounts
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to…
California Gets Serious About Regulation (Again)
California’s privacy regime has evolved. As of January 1, 2026, the CCPA/CPRA now mandates risk assessments, automated decision-making (AI) oversight, and independent cybersecurity audits. The post California Gets Serious About Regulation (Again) appeared first on Security Boulevard. This article has…
The Quantum Clock is Ticking and Your Encryption is Running Out of Time
With 90% of organizations unprepared for quantum threats, the shift to post-quantum cryptography (PQC) is a structural necessity. Explore the “harvest now, decrypt later” risk and the NIST PQC standards. The post The Quantum Clock is Ticking and Your Encryption is Running…
Google Drive now detects ransomware and helps restore affected files
To help organizations minimize the impact of malware attacks on personal computers, Google launched ransomware detection and file restoration in beta in September 2025. These features are now generally available. End user alert in Drive for desktop when ransomware is…
DeepSeek AI Service Experiences Prolonged Outage
DeepSeek’s hundreds of millions of users deprived of tool during outage of multiple hours extending into early Monday morning This article has been indexed from Silicon UK Read the original article: DeepSeek AI Service Experiences Prolonged Outage
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature
Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks. This defense intercepts potentially harmful commands before they are pasted into the Terminal application, breaking the infection…