A security bulletin has been issued regarding a vulnerability in the AutoPass License Server (APLS) that could allow attackers to remotely bypass authentication controls. The issue is tracked as CVE-2026-23600 and is rated important with a CVSS base score of…
MS-Agent Vulnerability Let Attackers Hijack AI Agent to Gain Full System Control
A critical security vulnerability has been discovered in a lightweight framework designed to enable AI agents to perform autonomous tasks. According to a vulnerability note published by the CERT/CC, this flaw allows attackers to trick the AI into executing malicious commands,…
Critical XSS Vulnerability in Angular i18n Enables Malicious Code Execution
A high-severity Cross-Site Scripting (XSS) vulnerability, designated as CVE-2026-27970, has been discovered in Angular’s internationalization (i18n) pipeline. The vulnerability allows attackers to execute malicious JavaScript if they can compromise an application’s translation files. Angular’s i18n process allows developers to extract…
IPVanish VPN for macOS Vulnerability Let Attackers Escalate Privilege and Execute Arbitrary Code
A critical privilege escalation vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local user to execute arbitrary code as root without requiring user interaction. The security failure completely bypasses macOS security features,…
The vulnerability that turns your AI agent against you
Zenity Labs disclosed PleaseFix, a family of critical vulnerabilities affecting agentic browsers, including Perplexity Comet, that allow attackers to hijack AI agents, access local files, and steal credentials within authenticated user sessions. The vulnerabilities can be triggered through malicious content…
Want More XWorm?, (Wed, Mar 4th)
And another XWorm[1] wave in the wild! This malware family is not new and heavily spread but delivery techniques always evolve and deserve to be described to show you how threat actors can be imaginative! This time, we are facing…
Chinese Tech Firms See Disruption In Middle East
Year of aggressive expansion by autonomous taxi companies, food delivery firms capped by disruption from Iran military strikes This article has been indexed from Silicon UK Read the original article: Chinese Tech Firms See Disruption In Middle East
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that’s functional on Windows, macOS, and Linux systems. The names of the packages are listed below…
Amazon Says Drones Damaged Cloud Centres In UAE, Bahrain
Amazon Web Services says two data centres in UAE directly hit by Iranian drone strikes, as Bahrain site also sees ‘physical impacts’ This article has been indexed from Silicon UK Read the original article: Amazon Says Drones Damaged Cloud Centres…
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
Ransomware operators are increasingly abusing Microsoft’s trusted Azure data transfer utility, AzCopy, to quietly exfiltrate sensitive data before encryption, turning a routine cloud migration tool into a stealthy theft channel. Instead of relying on obviously malicious tools like Rclone or…
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to…
Critical FreeScout Vulnerability Leads to Full Server Compromise
A patch bypass for an authenticated code execution bug, the flaw leads to zero-click remote code execution attacks. The post Critical FreeScout Vulnerability Leads to Full Server Compromise appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. The new schedule begins with the stable release of Chrome 153 on…
AI Driven Warfare
AI-Driven Warfare, Open-Source Attack Tooling, CISA Shakeups, Healthcare Ransomware, and GPS Jamming Risks Host David Shipley covers reports that hacked Tehran traffic cameras and an AI-powered targeting system helped a joint U.S.-Israeli operation (“Epic Fury”) track and strike Iran’s leadership,…
Fifth Military Drone Maker Sets Up In Swindon
California-based Neros Technologies establishes UK subsidiary in Swindon, amid broader use of UAVs in military and espionage This article has been indexed from Silicon UK Read the original article: Fifth Military Drone Maker Sets Up In Swindon
CISA Warns of VMware Aria Operations Vulnerability Actively Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, identified as CVE-2026-22719, is currently being exploited in the wild, prompting urgent calls…
IPVanish VPN for macOS Flaw Enables Privilege Escalation and Code Execution
A high-severity security vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local user to execute arbitrary code with root privileges without requiring any user interaction. The attack bypasses standard macOS security features,…
ACI Connetic for Cards unifies card, A2A payments and fraud management on one platform
ACI Worldwide has launched ACI Connetic for Cards, an integrated card payments suite within ACI Connetic, its cloud-native payments hub. The platform brings together account-to-account payments, card payments, and fraud prevention in one system. ACI’s acquiring, issuing, and ATM and…
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. “Silver Dragon gains its initial access by…
Prison Drone Smuggling Gang Jailed
Seven men jailed who accounted for estimated 75 percent of drone smuggling flights into London prisons, including Wormwood Scrubs, Brixton This article has been indexed from Silicon UK Read the original article: Prison Drone Smuggling Gang Jailed
Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals
A ransomware attack on the University of Hawaiʻi Cancer Center exposed personal data of 1.2 million people. A 2025 ransomware attack targeting the University of Hawaiʻi Cancer Center compromised the personal information of about 1.2 million individuals. The attack hit…
Retail Authentication Security: Preventing Credential Stuffing, Account Takeover, and Bot Attacks
Retail platforms face rising identity-based attacks like credential stuffing and ATO. Learn how to secure authentication and protect customer accounts from fraud. Act now! The post Retail Authentication Security: Preventing Credential Stuffing, Account Takeover, and Bot Attacks appeared first on…
Secure Authentication Architecture for Ecommerce and Retail Platforms
Secure Authentication Architecture for Ecommerce and Retail Platforms The post Secure Authentication Architecture for Ecommerce and Retail Platforms appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Secure Authentication Architecture for Ecommerce…
Arkose Device ID uses AI to recognize devices across changing fingerprints
Arkose Labs has announced the latest release of Arkose Device ID, a solution within the new Arkose Titan platform. It layers AI-driven similarity analysis on top of exact-match identification, enabling recognition of the same device across evolving fingerprints while maintaining…