Exabeam has announced the expansion of Exabeam Agent Behavior Analytics (ABA). Without direct visibility into how employees use AI assistants, what they query, what data they share, how frequently they interact, and from where, organizations cannot establish a baseline for…
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in…
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence…
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor…
Block the Prompt, Not the Work: The End of “Doctor No”
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say “No.” No to ChatGPT. No to DeepSeek. No to…
Ransomware Crashes Jackson County Systems
The Jackson County Sheriff’s Office is currently rebuilding its entire computer network following a devastating ransomware attack that occurred last week. This article has been indexed from CyberMaterial Read the original article: Ransomware Crashes Jackson County Systems
Hacker Takes Over School Facebook Page
A public school district near Schenectady is advising the community to avoid its Facebook page after a hacker took control and began sharing inappropriate videos. This article has been indexed from CyberMaterial Read the original article: Hacker Takes Over School…
Android Dev Verification Rollout Begins
Google is implementing mandatory identity verification for all Android developers to prevent malicious actors from using anonymity to distribute harmful applications. This article has been indexed from CyberMaterial Read the original article: Android Dev Verification Rollout Begins
OpenAI Ends Sora App Over Deepfake Fears
OpenAI is shuttering Sora, its viral short-form video application, just months after its high-profile launch. This article has been indexed from CyberMaterial Read the original article: OpenAI Ends Sora App Over Deepfake Fears
Criminal Service Monetizes Ransomware Data
A new cybercrime platform called Leak Bazaar aims to transform raw stolen data into structured, profitable intelligence, escalating the threat of large-scale exploitation. This article has been indexed from CyberMaterial Read the original article: Criminal Service Monetizes Ransomware Data
TeamPCP Supply Chain Campaign: Update 005 – First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, and…
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
New research from Seqrite explains the ‘dual-use dilemma,’ where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Ransomware Groups Exploit…
Google Warns of New Chrome Zero-Day Under Active Exploitation – Users Urged to Update Immediately
Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is actively being exploited in the wild. Users are strongly urged to update their browsers immediately to version…
Ethereum-Based EtherRAT, EtherHiding Power Stealthy Malware Campaigns
Hackers are abusing the Ethereum blockchain to hide and control a new Node.js backdoor called EtherRAT, using a stealthy technique known as EtherHiding to make their command‑and‑control (C2) infrastructure difficult to disrupt. EtherRAT, previously profiled by Sysdig and linked to…
IT Security News Hourly Summary 2026-04-01 15h : 6 posts
6 posts were published in the last hour 12:34 : Microsoft Teams to Improve Privacy With EXIF Data Removal Feature 12:34 : AI Due Diligence Checklist 2026: How to Avoid AI Implementation Failures, Security Risks, and Cost Overruns 12:34 :…
Microsoft Teams to Improve Privacy With EXIF Data Removal Feature
Microsoft is rolling out a wave of privacy and security updates for Microsoft Teams, headlining with a critical new feature that automatically removes EXIF metadata from shared images. These upcoming changes are designed to protect user privacy by default, streamline…
AI Due Diligence Checklist 2026: How to Avoid AI Implementation Failures, Security Risks, and Cost Overruns
AI has moved from experimentation to core business systems. In first quarter of 2026, we saw companies push AI into production faster than ever. Copilots…Read More The post AI Due Diligence Checklist 2026: How to Avoid AI Implementation Failures, Security…
Chinese Hackers Target European Governments in Espionage Campaigns
Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Hackers Target European Governments in Espionage Campaigns
Cisco Faces Alleged Data Leak as ShinyHunters Claims Responsibility
Cisco is actively dealing with a major cybersecurity incident after threat actors breached its internal development networks. The notorious hacking group ShinyHunters has claimed responsibility for the attack, alleging they stole sensitive source code and data affecting Cisco, Salesforce, Aura,…
CultureAI Launches on Microsoft Marketplace to Accelerate Secure AI Adoption
This week, CultureAI has announced the availability of its platform on Microsoft Marketplace, marking a step aimed at simplifying how organisations discover, deploy and manage AI usage controls. Microsoft Marketplace, a unified storefront combining Azure Marketplace and AppSource, enables organisations…
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools,…
Vim Modeline Vulnerability Opens Door to Arbitrary OS Command Execution
Vim is a widely used, highly configurable text editor, but a recently disclosed flaw highlights the risks associated with its file-parsing features. Tracked as CVE-2026-34982, a high-severity vulnerability allows attackers to execute arbitrary operating system commands simply by tricking a…
Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2026
In today’s fast-paced software development world, where applications are released at an unprecedented rate, ensuring their security is more critical than ever. Dynamic Application Security Testing (DAST) has emerged as a fundamental practice for modern development teams. DAST tools, often…
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)
Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, information about the fixed zero-day is limited, and there’s no details about the exploit (or how/if…