Iran-linked hacking groups have increased their cyber activity after recent missile strikes by the US and Israel. Thank you for being a Ghacks reader. The post Iranian Hackers Ramp Up Cyberattacks on US and Israel After Recent Strikes appeared first…
Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild
Uncover real-world indirect prompt injection attacks and learn how adversaries weaponize hidden web content to exploit LLMs for high-impact fraud. The post Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild appeared first on Unit 42. This article…
New ‘StegaBin’ Campaign Deploys Multi-Stage Credential Stealer via 26 Malicious npm Packages
A new supply-chain attack dubbed StegaBin is targeting JavaScript developers through 26 malicious npm packages that appear to be popular open-source libraries but secretly deploy a multi-stage credential-stealing toolkit and a Remote Access Trojan (RAT). The campaign is linked to…
Anthropic poaches users from rival chatbots with easier migration
The controversy over Anthropic’s negotiations with the Pentagon has driven increased interest in Claude. Negotiations between the Department of Defense and Anthropic collapsed after a deadline for an agreement expired without a deal. The Pentagon had pressed the company to…
Amazon UAE Data Centre Hit By ‘Objects’ Amid Iran Strikes
Amazon Web Services says facilities in United Arab Emirates shut down after fire, amid Iran strikes across region This article has been indexed from Silicon UK Read the original article: Amazon UAE Data Centre Hit By ‘Objects’ Amid Iran Strikes
Fortinet FortiGate Devices Targeted by CyberStrikeAI, Allowing Hackers to Bypass Security
Threat intelligence researchers at Team Cymru have uncovered an open-source AI-powered offensive security tool called CyberStrikeAI, actively used to target Fortinet FortiGate devices at scale, with its developer carrying suspected ties to China’s Ministry of State Security (MSS). CyberStrikeAI is…
Cybercriminals swipe 15.8M medical records from French doctors ministry
Third-party software supplier breached leading to leak of doctors’ notes Around 15.8 million administrative files were stolen after attackers breached a software supplier to France’s health ministry.… This article has been indexed from The Register – Security Read the original…
Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise
Improper input sanitization in the framework can be exploited through the Shell tool, allowing attackers to modify system files and steal data. The post Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise appeared first on SecurityWeek. This article…
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks
Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches This article has been indexed from www.infosecurity-magazine.com Read the original article: Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks
IT Security News Hourly Summary 2026-03-03 12h : 11 posts
11 posts were published in the last hour 10:34 : Judge Blocks Virginia Law Limiting Youth Social Media Time 10:34 : Hackers Exploit Telegram for Initial Access to Corporate VPN, RDP, and Cloud Systems 10:34 : Microsoft Warns OAuth Redirect…
Judge Blocks Virginia Law Limiting Youth Social Media Time
US federal judge says Virginia law passed last year likely to infringe on free speech rights of under-16s, as regulators seek protections This article has been indexed from Silicon UK Read the original article: Judge Blocks Virginia Law Limiting Youth…
Hackers Exploit Telegram for Initial Access to Corporate VPN, RDP, and Cloud Systems
Hackers are increasingly abusing Telegram as an initial access marketplace, turning stealer logs and leaked credentials into direct entry points for corporate VPN, RDP, and cloud environments. The platform now acts as a high-speed bridge between compromised credentials and full…
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal…
Android devices hit by exploited Qualcomm flaw CVE-2026-21385
Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks. Google has confirmed that CVE-2026-21385 (CVSS score of 7.8), a high-severity vulnerability affecting an open-source Qualcomm component used in Android devices, has been actively exploited. “There are…
Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign
Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Iranian Cyber Threat Actor Targets Iraqi Government…
Apple Releases Updated iPhone 17e, iPad Air
Lower-cost iPhone 17e boosts storage, CPU, in-house modem, while iPad Air gets M4 update, as low-cost MacBook said to be on the way This article has been indexed from Silicon UK Read the original article: Apple Releases Updated iPhone 17e,…
Epic Fury Cyber Shock: Iran’s Internet Down, Hacktivists Hit Back
On Feb. 28, 2026, the United States and Israel launched coordinated military operations against Iran, codenamed Operation Epic Fury by the U.S. and Operation Roaring Lion by Israel, opening a new phase where cyber operations are tightly coupled with kinetic…
How Journalists Are Reporting From Iran With No Internet
After strikes killed senior Iranian officials, Iran cut off internet access. Journalists are relying on satellite links, encrypted apps, and smuggled footage to report from inside the country. This article has been indexed from Security Latest Read the original article:…
Hackerbot-Claw Bot Attacks Microsoft and DataDog via GitHub Actions CI/CD Misconfiguration
Between February 21 and February 28, 2026, an autonomous bot named hackerbot-claw launched a week-long attack campaign against major open source repositories. It targeted GitHub Actions CI/CD pipelines belonging to Microsoft, DataDog, the Cloud Native Computing Foundation, and several other…
Researchers Uncover Method to Track Cars via Tire Sensors
Using low-cost receivers deployed along roads, academic researchers tracked drivers and their movement patterns. The post Researchers Uncover Method to Track Cars via Tire Sensors appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation
The Android March 2026 security patch addresses vulnerabilities across dozens of components and includes one CVE confirmed under active exploitation. Devices running a patch level of 2026-03-05 or later receive fixes for all disclosed issues. Android March 2026 security patch…
US Considers Nvidia Sales Limits For Chinese Firms
US officials discuss 75,000 unit cap on sales of Nvidia H200 AI accelerator chips to Chinese companies, as 2025 export deal remains in limbo This article has been indexed from Silicon UK Read the original article: US Considers Nvidia Sales…
Chrome security flaw enabled spying via Gemini Live assistant
A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini…
Burger King AI To Rank Employee Friendliness
Burger King to trial OpenAI-powered headsets to observe staff interactions with guests, create ‘friendliness scores’ This article has been indexed from Silicon UK Read the original article: Burger King AI To Rank Employee Friendliness