A joint law enforcement operation has dismantled LeakBase, one of the world’s largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members…
Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit, which first emerged…
Threat Actors Intensify Targeting of IP Cameras Across the Middle East Amid Ongoing Conflict
Cyber operations have once again become an integral component of the ongoing conflict across the Middle East, with researchers identifying a wave of attacks against Internet-connected IP cameras beginning on February 28, 2026. According to CPR, the observed campaigns appear to…
Cisco Secure Firewall Vulnerability Exposes Networks to Authentication Bypass Attacks
Cisco recently disclosed a critical vulnerability in its Secure Firewall Management Centre (FMC) Software that allows unauthenticated remote attackers to gain complete root access to affected devices. Holding a maximum severity CVSS score of 10.0, this flaw demands immediate attention…
Google uncovers Coruna iOS Exploit Kit targeting iOS 13–17.2.1
Google warns of the Coruna iOS exploit kit, using 23 exploits across five chains to target iPhones running iOS 13–17.2.1, but not the latest iOS. Google’s Threat Intelligence Group has identified a powerful new iOS exploit kit called Coruna (also…
Fake Tech Support Scams Deliver Advanced Command-and-Control Malware
Fake tech support scams are not new. Historically, the goal was simple: convince someone to hand over a few hundred dollars in gift cards or give attackers remote access to a computer. However, new research from Huntress highlights how familiar social-engineering tricks are evolving…
Google Releases Emergency Chrome Update to Fix 10 Security Vulnerabilities
Google has released a critical security update for Chrome, pushing the Stable channel to version 145.0.7632.159/160 for Windows and Mac, and 145.0.7632.159 for Linux. The update addresses 10 security vulnerabilities, including three rated Critical, and is rolling out to users…
Cisco Catalyst SD-WAN Flaws Expose Devices to Root Access, Threatening Network Security
Cisco has issued critical software updates to address multiple vulnerabilities in the Catalyst SD-WAN Manager (formerly SD-WAN vManage) that could allow attackers to bypass authentication, elevate privileges to root, and execute arbitrary commands. The advisory (cisco-sa-sdwan-authbp-qwCX8D4v), originally published on February…
Workers reviewing Meta Ray-Ban footage encounter users’ intimate moments
Bank details and intimate moments captured without people realizing they are being recorded are the new privacy nightmare behind the latest tech fashion hit, Meta Ray-Ban smart glasses. A joint investigation by Svenska Dagbladet and Göteborgs-Posten found that footage and…
As AI agents start making purchases, security teams must rethink risk
In this Help Net Security interview, Donald Kossmann, CTO at fintech company Chargebacks911, talks about the emerging security, fraud, and governance risks of “agentic commerce,” where AI agents can autonomously make purchasing decisions on behalf of users or organizations. He…
Operation Leak: Authorities Dismantle LeakBase Forum, Secure User Data and IP Logs
The FBI, working alongside international law enforcement agencies, has successfully dismantled the notorious cybercriminal forum LeakBase. Dubbed “Operation Leak,” this coordinated global effort resulted in the seizure of the platform’s domains and its underlying infrastructure. LeakBase was a prominent online…
Tycoon 2FA Phishing Operation Dismantled in Joint Raid by Microsoft and Europol
Microsoft, Europol, and industry partners have successfully dismantled the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform. Operating since August 2023, this immense adversary-in-the-middle (AiTM) operation allowed cybercriminals to bypass multi-factor authentication (MFA) and infiltrate over 96,000 distinct victims globally. This coordinated disruption…
Cyberattack Alert: Hackers Impersonate LastPass Support to Steal Vault Passwords
A new phishing campaign impersonating LastPass support emails is targeting users to steal their vault passwords and account credentials. The phishing campaign uses fake email chains that appear to be forwarded internal messages about suspicious account activity. Attackers craft messages to make it appear that…
Protecting education: How MDR can tip the balance in favor of schools
The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative? This article has been indexed from WeLiveSecurity Read the original…
Fake FileZilla Website Distributes Malware-Infected Download
A fraudulent website is distributing a modified portable edition of FileZilla version 3.69.5 that contains embedded malware. The archive appears legitimate and includes the authentic open-source FTP client, but attackers inserted one additional file, a rogue dynamic-link library named…
Engineering trust: A security blueprint for autonomous AI agents
AI agents have evolved from just chatbots, answering questions to executing actions using various integrated tools, often autonomously, and as such the traditional security models have become less efficient. I have seen that firsthand as a security lead for the…
IT Security News Hourly Summary 2026-03-05 06h : 1 posts
1 posts were published in the last hour 4:36 : Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks
Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks
Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns. The post Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks appeared first on SecurityWeek. This article…
Post-Quantum Cryptographic Agility in MCP Resource Governance
Learn how to secure Model Context Protocol (mcp) deployments with post-quantum cryptographic agility and granular resource governance to prevent quantum threats. The post Post-Quantum Cryptographic Agility in MCP Resource Governance appeared first on Security Boulevard. This article has been indexed…
Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
[This is a Guest Diary by Joseph Gruen, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Differentiating Between a Targeted Intrusion and…
2025 ISO and CSA STAR certificates are now available with one additional service and one new region
Amazon Web Services (AWS) successfully completed the annual recertification audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. The objective of the audit was to…
‘Hundreds’ of Iranian hacking attempts have hit surveillance cameras since the missile strikes
Attack infrastructure attributed to ‘several Iran-nexus threat actors’ Multiple Iranian hacking crews have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war started on February 28, according to Check Point security researchers. … This article…
Cisco fixes maximum-severity Secure FMC bugs threatening firewall security
Cisco patched two critical Secure FMC vulnerabilities that could let attackers gain root access to managed firewalls. Cisco addressed two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) that could allow attackers to gain root access. Cisco Secure Firewall…
IT Security News Hourly Summary 2026-03-05 00h : 10 posts
10 posts were published in the last hour 22:55 : IT Security News Daily Summary 2026-03-04 22:36 : Institutional DeFi: Building Secure Bridges Between Decentralized Protocols and Corporate Treasury 22:36 : How a Single Overprivileged Service Turned the LexisNexis Breach…