Security researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network Graphics (PNG) image files. These critical flaws allow remote attackers to trigger process crashes, leak sensitive heap memory, and potentially achieve arbitrary…
Telegram-Based ResokerRAT Adds Screenshot Capture and Persistence
Hackers are deploying a new Windows malware called ResokerRAT, a Telegram‑based Remote Access Trojan (RAT) that gives attackers stealthy remote control over infected systems. Instead of relying on a traditional command‑and‑control (C2) server, ResokerRAT abuses the Telegram Bot API to receive…
Cybercriminals Abuse IRS and Tax Filing Lures to Push Malware in New Campaigns
Tax season brings a reliable wave of phishing attacks, but 2026 has already shown a bigger and more organized push than in previous years. Cybercriminals are actively impersonating the Internal Revenue Service (IRS), national tax authorities, and company HR departments…
CISA Warns of Citrix NetScaler Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability affecting Citrix NetScaler products. Identified as CVE-2026-3055, this security flaw has been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog following confirmed evidence…
Apple New macOS Tahoe Feature Warns Users on ClickFix Attacks
Apple has introduced a new security mechanism in the macOS Tahoe 26.4 release candidate to protect users against social engineering campaigns known as ClickFix attacks. Discovered by users testing the latest OS build and highlighted in a popular Reddit post…
Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines
Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios One of npm’s most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer’s account and slipped a remote-access trojan (RAT) into two…
Lloyds Data Security Incident Impacts 450,000 Individuals
A faulty software update led to the exposure of mobile banking users’ transactions to other users of the application. The post Lloyds Data Security Incident Impacts 450,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs
Remotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years. The post StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: StrongSwan Flaw Allows…
Change Intelligence and Deployment Connectors for Liquibase Secure
Liquibase Secure introduces Change Intelligence and Deployment Connectors for ServiceNow, GitHub, Harness, and Terraform to improve database change governance and visibility. The post Change Intelligence and Deployment Connectors for Liquibase Secure appeared first on Security Boulevard. This article has been…
Intel puts its data center performance knowledge on GitHub
Intel engineers have published a centralized repository of data center performance knowledge on GitHub, giving practitioners direct access to tuning guides, configuration recommendations, and optimization recipes that previously required hunting across forums and scattered documentation. The repository, called Optimization Zone,…
Ransomware in 2025: Blending in is the strategy
A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. This article has been indexed from Cisco Talos Blog Read the original article: Ransomware in 2025:…
Double Agents: Exposing Security Blind Spots in GCP Vertex AI
Unit 42 uncovers a “double agent” flaw in Google Cloud’s Vertex AI, demonstrating how overprivileged AI agents can compromise cloud environments. The post Double Agents: Exposing Security Blind Spots in GCP Vertex AI appeared first on Unit 42. This article…
Mistral Raises $830m In Debt To Buy Nvidia Chips
French AI start-up Mistral raises new debt to purchase computing power for data centre outside Paris, with Swedish facility also in works This article has been indexed from Silicon UK Read the original article: Mistral Raises $830m In Debt To…
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of…
Rspamd 4.0.0 ships memory savings, a new scan protocol, and a required migration step
The open-source spam filtering platform Rspamd released version 4.0.0, delivering infrastructure changes across its scan protocol, memory model, hash storage, and configuration system. Several of the changes are breaking, and at least one requires a migration step before upgrade. A…
IT Security News Hourly Summary 2026-03-31 12h : 11 posts
11 posts were published in the last hour 9:36 : Meta Tests Paid Instagram Subscriptions 9:36 : Regulator Says Humans Remain Responsible For AI Audit Errors 9:36 : EvilTokens Launches New Phishing Service Targeting Microsoft Accounts 9:36 : Phishing SMS:…
Meta Tests Paid Instagram Subscriptions
Facebook parent Meta tests paid subscriptions for Instagram with additional features, including ability to view Stories in stealth mode This article has been indexed from Silicon UK Read the original article: Meta Tests Paid Instagram Subscriptions
Regulator Says Humans Remain Responsible For AI Audit Errors
UK accountancy regulator publishes first guidance on AI use, warning auditors that they cannot blame mistakes on AI This article has been indexed from Silicon UK Read the original article: Regulator Says Humans Remain Responsible For AI Audit Errors
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than traditional credential phishing. The service sells a turnkey Microsoft device code phishing kit that has been in active use…
Phishing SMS: How to Recognize Fraudulent Messages and Protect Yourself Effectively
A short message pops up: a supposed SMS from a delivery service announces a package, a warning from your bank urges you to immediately confirm your account details, or a supposed friend reaches out from a new number. These text…
Let’s Stop Sovereignty Washing
Don’t fall for “sovereignty washing.” Learn the technical difference between data residency and true digital sovereignty, the impact of the U.S. CLOUD Act, and the rise of European “Geopatriation.” The post Let’s Stop Sovereignty Washing appeared first on Security Boulevard. This…
NCSC Urges Immediate Patching of F5 BIG-IP Bug
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521 This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Urges Immediate Patching of F5 BIG-IP Bug
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally. Originally launched for beta testing in September 2025, these security enhancements are designed to minimize…
Cuties AI – 144,250 breached accounts
In March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum. The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to…