View CSAF Summary Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. The following versions of PX4 Autopilot are affected: Autopilot v1.16.0_SITL_latest_stable (CVE-2026-1579) CVSS Vendor Equipment…
Anritsu Remote Spectrum Monitor
View CSAF Summary Successful exploitation of this vulnerability could allow attackers with network access to alter operational settings, obtain sensitive signal data, or disrupt device availability. The following versions of Anritsu Remote Spectrum Monitor are affected: Remote Spectrum Monitor MS27100A…
Amazon sends AI agents into pen testing and DevOps
Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changing the way we secure and operate software. AWS Security Agent compresses penetration testing timelines from 2-6 weeks to…
AWS Security Agent on-demand penetration testing now generally available
AWS Security Agent on-demand penetration testing is now generally available, enabling you to run comprehensive security tests across all your applications, not only your most critical ones. This milestone transforms penetration testing from a periodic bottleneck into an on-demand capability…
Iran actors’ claims raise questions about larger cyber threat to US, allies
Questions are being raised about the veracity and tactics of Iran-linked actors, amid claims that a large trove of Lockheed Martin data is on the market. This article has been indexed from Cybersecurity Dive – Latest News Read the original…
Hacker hijacks Axios open-source project, used by millions, to push malware
A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack. This article has been indexed from Security News | TechCrunch Read the original article: Hacker hijacks Axios open-source project,…
The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust
Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. The post The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust appeared first on SecurityWeek. This article has been indexed…
Censys Raises $70 Million for Internet Intelligence Platform
The latest funding round brings the total venture capital investment in Censys to $149 million. The post Censys Raises $70 Million for Internet Intelligence Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
IT Security News Hourly Summary 2026-03-31 18h : 14 posts
14 posts were published in the last hour 16:4 : Latest Xloader Obfuscation Methods and Network Protocol 15:36 : Hackers Weaponize Legitimate Windows Tools to Disable Antivirus Before Ransomware Attacks 15:36 : Stolen Logins Are Fueling Everything From Ransomware to…
Beyond the Spectacle – RSAC 2026 and The 5 Layers of AI Security – FireTail Blog
Mar 31, 2026 – Jeremy Snyder – If you were at RSA Conference last year, you probably remember the goats. Or the puppies. Or the miniature petting zoos. It was a year of “over-the-top” spectacle. A bit of a circus,…
Latest Xloader Obfuscation Methods and Network Protocol
Introduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of…
Hackers Weaponize Legitimate Windows Tools to Disable Antivirus Before Ransomware Attacks
Ransomware attacks have gone far beyond simple malicious code. Today, attackers operate with the precision of a well-planned business, using trusted Windows tools to quietly tear down defenses before ransomware even enters the picture. This shift has made modern ransomware…
Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks
Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access. The post Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks appeared first on SecurityWeek.…
WhatsApp malware campaign delivers VBS payloads and MSI backdoors
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and cloud-hosted payloads to install MSI backdoors and maintain persistent access to compromised systems. The post WhatsApp malware…
DoControl provides security coverage for Google Gemini Gems
DoControl announced new capabilities that provide visibility, monitoring, and automated control for Google Gemini Gems, a newly introduced feature within Google Gemini that enables teams to create customizable AI GPTs. With this launch, DoControl is the first platform to provide…
Codenotary AgentMon monitors agentic AI activity and behavior
Codenotary launched AgentMon, an enterprise-grade monitoring designed specifically for agentic networks, providing organizations with real-time visibility into the security, performance and cost of AI-driven agents operating across the enterprise. As adoption of AI accelerates, agentic systems, semi-autonomous software agents that…
Axios supply chain attack chops away at npm trust
Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan This article has been indexed from Malwarebytes Read the original article: Axios supply chain attack chops away at npm trust
Health data giant CareCloud says hackers accessed patients’ medical records
CareCloud, a major provider of medical records storage, said hackers accessed one of its repositories of patient data earlier in March. It provides technnology for more than 45,000 providers covering millions of patients. This article has been indexed from Security…
Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident
Lloyds Banking Group data incident exposed transactions of ~450,000 mobile banking users due to a faulty update. A faulty software update at Lloyds Banking Group exposed transaction details of nearly 450,000 mobile banking users on March 12. The issue caused…
Venom Stealer Raises Stakes With Continuous Credential Harvesting
Licensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets. The post Venom Stealer Raises Stakes With Continuous Credential Harvesting appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Between AI Urgency and AI Fatigue at RSAC 2026
AI was everywhere at RSAC 2026, but the real focus was operational security: managing agents, protecting secrets, and controlling trusted integrations at scale. The post Between AI Urgency and AI Fatigue at RSAC 2026 appeared first on Security Boulevard. This…
BSidesSLC 2025 – Considering Cloud Coverage In SIEM/XDR Design
Author, Creator & Presenter: Chris Beckman – Principal Security Engineer at TaxBit Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink The post BSidesSLC 2025 – Considering Cloud…
Google Maps’ Biggest Overhaul in a Decade: 8 Key Navigation Upgrades
Google has unveiled its most significant Google Maps overhaul in a decade, introducing eight key enhancements to streamline navigation and enhance user experience for commuters worldwide. This comprehensive update, rolled out across Android and iOS platforms, focuses on smarter…
EvilTokens ramps up device code phishing targeting Microsoft 365 users
Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service via Telegram. What is device…