A powerful iPhone exploit kit named “Coruna,” initially created for Western intelligence by U.S. contractor L3Harris, has fallen into the hands of Russian spies and Chinese cybercriminals. The Coruna toolkit features 23 different hacking components designed to compromise Apple iPhones.…
Apache ZooKeeper Vulnerability Allow Attackers to Access Sensitive Data
Two “Important” severity vulnerabilities have been disclosed in Apache ZooKeeper, a widely used service for configuration management and naming in distributed applications, making timely security updates critical. These newly discovered flaws could allow attackers to access sensitive configuration data or…
Anthropic Sued the U.S. Government for Labelling Claude as ‘Supply Chain Risk’
Artificial intelligence leader Anthropic has filed an unprecedented lawsuit against the United States government after being designated a “supply chain risk”. The legal action, filed in a California federal court on Monday, targets the executive office of President Donald Trump,…
Rising Cyber Threats Linked to Ongoing Middle East Conflict
A geopolitical crisis has historically been fought on physical battlefields, but its effects are seldom confined to borders in the modern threat landscape. While tensions are swirling across the Middle East as a result of the United States’ military operations…
Escape lands $18 million funding to scale AI-driven offensive security automation
Escape has raised $18 million in Series A funding to automate the entire security lifecycle with AI agents. The round, led by Balderton Capital with participation from Uncorrelated Ventures and existing investors Iris Capital and Y Combinator, will help lean…
Ukraine Deploys Robot Battalion To Fight Russia
Unmanned ground robots reportedly being used extensively on front lines to defend Ukrainian positions, attack Russian troops with machine guns This article has been indexed from Silicon UK Read the original article: Ukraine Deploys Robot Battalion To Fight Russia
Datadog MCP server delivers live observability to AI agents and IDEs
Datadog has announced the general availability of its MCP Server. For developers embedding AI agents into development and operational workflows, the Datadog MCP Server provides access to live observability data, enabling teams to debug with their preferred AI coding agents…
SailPoint expands AI-powered identity security with adaptive identity framework
SailPoint announced significant advancements to its AI-powered SailPoint Platform, introducing the first in a series of capabilities that advance its adaptive identity vision, an approach designed to address the critical security challenges of IT environments. New features include: Privilege: SailPoint…
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Salesforce has warned of an increase in threat actor activity that’s aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves…
InstallFix spreads fake Claude sites, UNC4899 breaches crypto, UK cyber-fraud crackdown
InstallFix attacks spread fake Claude code sites UNC4899 breaches crypto firm via trojanized file UK launches cyber-fraud crackdown unit Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-installfix-spreads-fake-claude-sites-unc4899-breaches-crypto-uk-cyber-fraud-crackdown/ Huge thanks to our sponsor, Dropzone AI It is 3…
Russian Hackers Target Signal, WhatsApp
Widespread informal use of encrypted consumer apps make them prime target for social engineering-based espionage hacks, Dutch officials say This article has been indexed from Silicon UK Read the original article: Russian Hackers Target Signal, WhatsApp
iPhone Hacking Toolkit Tied to Russian Espionage May Have Originated in the U.S.
A highly advanced iPhone hacking toolkit, originally developed for Western intelligence agencies, has leaked into the hands of Russian spies and Chinese cybercriminals. The exploit framework, known internally as “Coruna,” was likely created by Trenchant, the hacking and surveillance division…
IT Security News Hourly Summary 2026-03-10 09h : 11 posts
11 posts were published in the last hour 8:5 : SurxRAT Android Malware Uses LLMs for Phishing and Data Theft 8:4 : Chinese APT Campaign Targets Qatar With PlugX Lures Tied to Middle East Conflict 8:4 : Signed Malware Masquerading…
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft
A new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware‑as‑a‑service (MaaS) ecosystem. The malware, marketed under the SURXRAT V5 branding, enables cybercriminals to create customized Android malware builds…
Chinese APT Campaign Targets Qatar With PlugX Lures Tied to Middle East Conflict
A Chinese-linked advanced persistent threat group known as Camaro Dragon launched a targeted cyberespionage campaign against entities in Qatar just one day after the outbreak of new hostilities in the Middle East on March 1, 2026. The group used war-themed…
Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors
A newly uncovered phishing campaign is actively targeting enterprise users by disguising malware as widely used workplace applications, including Microsoft Teams, Zoom, and Adobe Acrobat Reader. What makes this threat stand out is that the malicious files carry legitimate-looking digital…
Signed malware posing as Teams and Zoom apps drops RMM backdoors
A wave of phishing campaigns that used signed malware posing as popular workplace apps like Microsoft Teams, Zoom, and Adobe Reader to deploy remote monitoring and management (RMM) backdoors. The activity, attributed to an as-yet unidentified threat actor, highlights how…
Meta’s Smart Glasses Privacy Scandal Expands After Sama Credentials Found on the Dark Web
A privacy controversy surrounding Meta Platforms’ Ray-Ban smart glasses has taken a new turn after security researchers uncovered dozens of exposed credentials linked to the company’s data-annotation contractor. Last week, Swedish outlets Svenska Dagbladet and Göteborgs-Posten reported that footage captured by Meta’s smart glasses…
Cylake Raises $45 Million to Secure Organizations Barred From Cloud
The company, founded by Palo Alto Networks’ Nir Zuk, has developed a platform that focuses on data sovereignty. The post Cylake Raises $45 Million to Secure Organizations Barred From Cloud appeared first on SecurityWeek. This article has been indexed from…
Singulr AI’s Agent Pulse delivers enforceable runtime governance and visibility for AI agents
Singulr AI has announced the launch of Agent Pulse, extending its Unified AI Control Plane to autonomous AI agents and model context protocol (MCP) servers. Agent Pulse delivers enforceable runtime governance, contextual discovery, and measurable oversight for the agentic enterprise.…
OneTrust expands AI governance with real-time monitoring and guardrail enforcement
OneTrust has announced the expansion of its solution to include real‑time monitoring and enforcement capabilities across agents, models, and data. Designed for data, risk, and AI teams, these enhancements empower organizations to shift AI governance from static compliance workflows to…
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows – CVE-2021-22054 (CVSS score: 7.5) – A…
Signal Confirms Sophisticated Phishing Scheme Caused Account Compromises
The secure messaging platform Signal recently confirmed active, targeted phishing campaigns resulting in severe account takeovers. These sophisticated attacks have successfully compromised the accounts of high-profile individuals, specifically targeting government officials and journalists. Despite these high-profile breaches, Signal explicitly clarified…
How Piggybacking Attacks Threaten Organizational Security?
Organizations invest heavily in advanced cybersecurity technologies such as endpoint detection, identity access management, zero trust architecture, and continuous monitoring. However, a significant number of security incidents still originate from physical security weaknesses rather than purely digital vulnerabilities. Such often…