The OpenID Foundation warns that fragmented policies on posthumous digital accounts could open the door for fraudsters to exploit AI deepfakes This article has been indexed from www.infosecurity-magazine.com Read the original article: Calls for Global Digital Estate Standard as Posthumous…
IT Security News Hourly Summary 2026-03-04 12h : 10 posts
10 posts were published in the last hour 10:38 : Telegram Increasingly Used to Sell Access, Malware and Stolen Logs 10:38 : Mobile malware evolution in 2025 10:38 : HPE AutoPass Vulnerability Let Attackers Bypass Authentication Remotely 10:38 : MS-Agent…
Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
Cybercriminals are now increasingly using Telegram to sell corporate access, malware subscriptions, and stealer logs, turning the messaging app into a fast cybercrime hub. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
Mobile malware evolution in 2025
Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet, and Mamont banking Trojans. This article has been indexed from Securelist Read the original article: Mobile malware…
HPE AutoPass Vulnerability Let Attackers Bypass Authentication Remotely
A security bulletin has been issued regarding a vulnerability in the AutoPass License Server (APLS) that could allow attackers to remotely bypass authentication controls. The issue is tracked as CVE-2026-23600 and is rated important with a CVSS base score of…
MS-Agent Vulnerability Let Attackers Hijack AI Agent to Gain Full System Control
A critical security vulnerability has been discovered in a lightweight framework designed to enable AI agents to perform autonomous tasks. According to a vulnerability note published by the CERT/CC, this flaw allows attackers to trick the AI into executing malicious commands,…
Critical XSS Vulnerability in Angular i18n Enables Malicious Code Execution
A high-severity Cross-Site Scripting (XSS) vulnerability, designated as CVE-2026-27970, has been discovered in Angular’s internationalization (i18n) pipeline. The vulnerability allows attackers to execute malicious JavaScript if they can compromise an application’s translation files. Angular’s i18n process allows developers to extract…
IPVanish VPN for macOS Vulnerability Let Attackers Escalate Privilege and Execute Arbitrary Code
A critical privilege escalation vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local user to execute arbitrary code as root without requiring user interaction. The security failure completely bypasses macOS security features,…
The vulnerability that turns your AI agent against you
Zenity Labs disclosed PleaseFix, a family of critical vulnerabilities affecting agentic browsers, including Perplexity Comet, that allow attackers to hijack AI agents, access local files, and steal credentials within authenticated user sessions. The vulnerabilities can be triggered through malicious content…
Want More XWorm?, (Wed, Mar 4th)
And another XWorm[1] wave in the wild! This malware family is not new and heavily spread but delivery techniques always evolve and deserve to be described to show you how threat actors can be imaginative! This time, we are facing…
Chinese Tech Firms See Disruption In Middle East
Year of aggressive expansion by autonomous taxi companies, food delivery firms capped by disruption from Iran military strikes This article has been indexed from Silicon UK Read the original article: Chinese Tech Firms See Disruption In Middle East
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems. The names of the packages are listed below…
Amazon Says Drones Damaged Cloud Centres In UAE, Bahrain
Amazon Web Services says two data centres in UAE directly hit by Iranian drone strikes, as Bahrain site also sees ‘physical impacts’ This article has been indexed from Silicon UK Read the original article: Amazon Says Drones Damaged Cloud Centres…
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
Ransomware operators are increasingly abusing Microsoft’s trusted Azure data transfer utility, AzCopy, to quietly exfiltrate sensitive data before encryption, turning a routine cloud migration tool into a stealthy theft channel. Instead of relying on obviously malicious tools like Rclone or…
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to…
Critical FreeScout Vulnerability Leads to Full Server Compromise
A patch bypass for an authenticated code execution bug, the flaw leads to zero-click remote code execution attacks. The post Critical FreeScout Vulnerability Leads to Full Server Compromise appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. The new schedule begins with the stable release of Chrome 153 on…
AI Driven Warfare
AI-Driven Warfare, Open-Source Attack Tooling, CISA Shakeups, Healthcare Ransomware, and GPS Jamming Risks Host David Shipley covers reports that hacked Tehran traffic cameras and an AI-powered targeting system helped a joint U.S.-Israeli operation (“Epic Fury”) track and strike Iran’s leadership,…
Fifth Military Drone Maker Sets Up In Swindon
California-based Neros Technologies establishes UK subsidiary in Swindon, amid broader use of UAVs in military and espionage This article has been indexed from Silicon UK Read the original article: Fifth Military Drone Maker Sets Up In Swindon
CISA Warns of VMware Aria Operations Vulnerability Actively Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, identified as CVE-2026-22719, is currently being exploited in the wild, prompting urgent calls…
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution
A high-severity security vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local user to execute arbitrary code with root privileges without requiring any user interaction. The attack bypasses standard macOS security features,…
ACI Connetic for Cards unifies card, A2A payments and fraud management on one platform
ACI Worldwide has launched ACI Connetic for Cards, an integrated card payments suite within ACI Connetic, its cloud-native payments hub. The platform brings together account-to-account payments, card payments, and fraud prevention in one system. ACI’s acquiring, issuing, and ATM and…
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. “Silver Dragon gains its initial access by…
Prison Drone Smuggling Gang Jailed
Seven men jailed who accounted for estimated 75 percent of drone smuggling flights into London prisons, including Wormwood Scrubs, Brixton This article has been indexed from Silicon UK Read the original article: Prison Drone Smuggling Gang Jailed