Keysight Technologies has launched Keysight SBOM Manager, a new solution designed to help organizations meet growing global cybersecurity and software transparency requirements, led by the European Union’s Cyber Resilience Act (CRA). The solution provides a unified approach to generating, managing,…
Arcjet enables inline defense against prompt injection in production AI systems
Arcjet has released AI Prompt Injection Protection, a new capability designed to stop prompt injection attacks before they reach production AI models. The feature detects hostile prompts at the application boundary and gives developers a decision point inside the request…
Chrome Extension “Save Image as Type” Was Hijacked, Putting Over 1 Million Users at Risk
Google has taken down the Chrome extension “Save Image as Type” after security researchers uncovered it had been hijacked and altered to redirect user traffic f Thank you for being a Ghacks reader. The post Chrome Extension "Save Image as…
UK Steps Back From AI Copyright Reforms
UK government changes tack on reforming copyright law to boost AI training, after backlash from copyright holders, but leaves options open This article has been indexed from Silicon UK Read the original article: UK Steps Back From AI Copyright Reforms
Open VSX Extension Delivers RAT and Stealer via GitHub Downloader
An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads as of March 17, 2026,…
Java 26 ships with new cryptography API and HTTP/3 support
Oracle released JDK 26, the 17th consecutive feature release delivered under the six-month cadence the project adopted in 2018. The release includes ten JDK Enhancement Proposals spanning language changes, garbage collection improvements, cryptographic tooling, and network protocol support. PEM encoding…
IT Security News Hourly Summary 2026-03-19 09h : 8 posts
8 posts were published in the last hour 7:32 : New SnappyClient Implant Combines Remote Access, Data Theft and Advanced Evasion 7:32 : Omnix AI Advisor brings real-time credential threat insights to enterprise security teams 7:31 : DarkSword emerges, “ShieldGuard”…
New SnappyClient Implant Combines Remote Access, Data Theft and Advanced Evasion
A dangerous new malware implant called SnappyClient has quietly emerged as a serious threat to Windows users, combining remote access, data theft, and sophisticated evasion techniques in one compact C++ package. First spotted in December 2025, this command-and-control (C2) framework…
Omnix AI Advisor brings real-time credential threat insights to enterprise security teams
Dashlane has unveiled Omnix AI Advisor, a natural-language AI security assistant embedded into the Dashlane Omnix platform. Built upon Omnix’s advanced credential protection and visibility capabilities, Omnix AI Advisor accelerates enterprises’ transition to a proactive security posture by turning real-time…
DarkSword emerges, “ShieldGuard” dismantled, NK IT worker army rakes in money
DarkSword emerges from suspected Russian hackers “ShieldGuard” dismantled after malware discovery North Korea’s fake IT worker army rakes in $500M/year Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-darksword-emerges-shieldguard-dismantled-nk-it-worker-army-rakes-in-money/ Huge thanks to our episode sponsor, Adaptive Security This…
Aura Confirms Data Breach Exposing 900,000 Customer Records
Digital security provider Aura has confirmed a data breach affecting approximately 900,000 user records following a targeted social engineering attack. The incident highlights the ongoing threat of sophisticated phishing campaigns aimed at bypassing technical defenses by exploiting human elements within…
Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network
A misconfigured open directory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a single actor stitched together a 15-node network across Iran and Finland using commodity tools and sloppy operational security. The…
CVE-2026-3342: Critical Out-of-Bounds Write Vulnerability in WatchGuard Fireware OS
Key Takeaways CVSS v3.1 base score of 7.2 (High) according to NVD analysis Affects WatchGuard Fireware OS versions 11.9-11.12.4_Update1, 12.0-12.11.7, and 2025.1-2026.1.1 Authenticated privileged administrators can execute arbitrary code with root permissions via management interface NVD published March 3, 2026;…
CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution
Key Takeaways CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA Delta Electronics COMMGR2 contains an out-of-bounds write vulnerability (CWE-787) enabling unauthenticated remote code execution NVD lists the vulnerability as analyzed; vendor advisory Delta-PCSA-2026-00005 is…
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities…
ScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack Sessions
ConnectWise has released a critical security update for its ScreenConnect remote desktop software to address a severe vulnerability that allows attackers to hijack user sessions. The flaw, which compromises the protection of server-level cryptographic material, prompted the company to issue…
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack
A North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the…
RSAC 2026 Innovation Sandbox | Clearly AI: Automated Software Security Platform Empowered by AI
Company Profile Founded in 2024, Clearly AI is a company focused on automating enterprise security and privacy audits, headquartered in Seattle, Washington, USA. The company was co-founded by Emily Choi-Greene and Joe Choi-Greene, and the core team has deep practical…
AI got it wrong with high confidence. Now what?
In this Help Net Security interview, Christian Debes, Head of Data Analytics & AI at SPRYFOX, talks about the growing gap between what AI models do and what their operators can explain. He argues this gap is already a liability,…
Betterleaks: Open-source secrets scanner
Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to…
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users. ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family.…
Elite members of North Korean society fake their way into Western paychecks
Increased federal activity, including indictments over the past year, has drawn attention to a pattern that has been unfolding inside corporate hiring pipelines. North Korean nationals are securing roles as remote IT contractors and full-time staff within organizations across North…
New iOS Exploit Uses Advanced iPhone Hacking Tools to Steal Personal Data
Google Threat Intelligence Group (GTIG) has uncovered a highly sophisticated iOS full-chain exploit dubbed DarkSword. Active since November 2025, this exploit leverages multiple zero-day vulnerabilities to compromise Apple devices running iOS 18.4 through 18.7 fully. DarkSword is highly unusual because…
The Ultimate Guide to MCP Security Vulnerabilities
7 min readThis guide catalogs the MCP-specific vulnerabilities you face today, explains why they are uniquely dangerous and outlines actionable defense strategies that work. The post The Ultimate Guide to MCP Security Vulnerabilities appeared first on Aembit. The post The…