DarkSword emerges from suspected Russian hackers “ShieldGuard” dismantled after malware discovery North Korea’s fake IT worker army rakes in $500M/year Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-darksword-emerges-shieldguard-dismantled-nk-it-worker-army-rakes-in-money/ Huge thanks to our episode sponsor, Adaptive Security This…
Aura Confirms Data Breach Exposing 900,000 Customer Records
Digital security provider Aura has confirmed a data breach affecting approximately 900,000 user records following a targeted social engineering attack. The incident highlights the ongoing threat of sophisticated phishing campaigns aimed at bypassing technical defenses by exploiting human elements within…
Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network
A misconfigured open directory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a single actor stitched together a 15-node network across Iran and Finland using commodity tools and sloppy operational security. The…
CVE-2026-3342: Critical Out-of-Bounds Write Vulnerability in WatchGuard Fireware OS
Key Takeaways CVSS v3.1 base score of 7.2 (High) according to NVD analysis Affects WatchGuard Fireware OS versions 11.9-11.12.4_Update1, 12.0-12.11.7, and 2025.1-2026.1.1 Authenticated privileged administrators can execute arbitrary code with root permissions via management interface NVD published March 3, 2026;…
CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution
Key Takeaways CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA Delta Electronics COMMGR2 contains an out-of-bounds write vulnerability (CWE-787) enabling unauthenticated remote code execution NVD lists the vulnerability as analyzed; vendor advisory Delta-PCSA-2026-00005 is…
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities…
ScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack Sessions
ConnectWise has released a critical security update for its ScreenConnect remote desktop software to address a severe vulnerability that allows attackers to hijack user sessions. The flaw, which compromises the protection of server-level cryptographic material, prompted the company to issue…
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack
A North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the…
RSAC 2026 Innovation Sandbox | Clearly AI: Automated Software Security Platform Empowered by AI
Company Profile Founded in 2024, Clearly AI is a company focused on automating enterprise security and privacy audits, headquartered in Seattle, Washington, USA. The company was co-founded by Emily Choi-Greene and Joe Choi-Greene, and the core team has deep practical…
AI got it wrong with high confidence. Now what?
In this Help Net Security interview, Christian Debes, Head of Data Analytics & AI at SPRYFOX, talks about the growing gap between what AI models do and what their operators can explain. He argues this gap is already a liability,…
Betterleaks: Open-source secrets scanner
Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to…
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users. ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family.…
Elite members of North Korean society fake their way into Western paychecks
Increased federal activity, including indictments over the past year, has drawn attention to a pattern that has been unfolding inside corporate hiring pipelines. North Korean nationals are securing roles as remote IT contractors and full-time staff within organizations across North…
New iOS Exploit Uses Advanced iPhone Hacking Tools to Steal Personal Data
Google Threat Intelligence Group (GTIG) has uncovered a highly sophisticated iOS full-chain exploit dubbed DarkSword. Active since November 2025, this exploit leverages multiple zero-day vulnerabilities to compromise Apple devices running iOS 18.4 through 18.7 fully. DarkSword is highly unusual because…
The Ultimate Guide to MCP Security Vulnerabilities
7 min readThis guide catalogs the MCP-specific vulnerabilities you face today, explains why they are uniquely dangerous and outlines actionable defense strategies that work. The post The Ultimate Guide to MCP Security Vulnerabilities appeared first on Aembit. The post The…
Your APIs are under siege, and attackers are just getting warmed up
Internet-facing systems are handling sustained levels of malicious traffic across APIs, web applications, and DDoS channels. Akamai’s State of the Internet security report places these patterns within the same operating environment, with activity increasing across each area through 2025. The…
Cisco Firewall Zero-Day Actively Exploited to Deliver Interlock Ransomware
Security research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors compromised enterprise environments for…
A Guide to Agentic AI Risks in 2026
Simulators don’t just teach pilots how to fly the plane; they also teach judgment. When do you escalate? When do you hand off to air traffic control? When do you abort the mission? These are human decisions, trained under pressure,…
Europe Targets Chinese and Iranian Entities in Response to Cyber Threats
Council of the European Union, in response to the escalation of state-linked cyber intrusions, has tightened its defensive posture by imposing targeted sanctions on a cluster of entities and individuals allegedly engaged in sophisticated digital attacks against European interests…
How a Brute-Force Attack Exposed a Wider Ransomware Ecosystem
What initially appeared to be a routine brute-force alert ultimately revealed a far more complex ransomware-linked infrastructure, demonstrating how even low-level signals can expose deeper cybercriminal operations. According to analysis by Huntress, an investigation that began with a single…
ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 19th, 2026…
Anomalous Prompt Detection via Quantum-Safe Neural Telemetry
Discover how to secure Model Context Protocol deployments using quantum-safe neural telemetry and lattice-based cryptography to detect anomalous prompts and puppet attacks. The post Anomalous Prompt Detection via Quantum-Safe Neural Telemetry appeared first on Security Boulevard. This article has been…
IT Security News Hourly Summary 2026-03-19 03h : 2 posts
2 posts were published in the last hour 1:36 : 2026-03-17: Seven days of scans and probes and web traffic hitting my web server 1:11 : Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
2026-03-17: Seven days of scans and probes and web traffic hitting my web server
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2026-03-17: Seven days of scans and probes and web…