A list of topics we covered in the week of March 23 to March 29 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (March 23 – March 29)
F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild
Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue. The post F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild appeared first on SecurityWeek. This article has been indexed…
The EU CRA – Treating Cybersecurity as Product Liability
The EU’s Cyber Resilience Act (Regulation 2024/2847) shifts cybersecurity responsibility upstream. Explore the March 2026 guidance on secure-by-design requirements, software bills of materials (SBOM), and the impact on U.S. manufacturers. The post The EU CRA – Treating Cybersecurity as Product…
SystemRescue 13 updates its kernel to Linux 6.18 LTS, adds new recovery tools
Bootable Linux recovery environments occupy a specific niche in the systems administration and incident response toolkit. SystemRescue, an Arch-based live distribution built for repairing unbootable systems and recovering data from damaged drives, has shipped version 13.00 with a new long-term…
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.” The campaigns have led to the deployment of various malware families, including…
FBI email theft, Lloyds Bank glitch, API keys running loose
FBI confirms theft of director’s personal emails Lloyds customer data exposed in IT glitch Hundreds of valid API keys discovered on the Web Get the show notes here: https://cisoseries.com/cybersecurity-news-fbi-email-theft-lloyds-bank-glitch-api-keys-running-loose/ Huge thanks to our sponsor, ThreatLocker Most breaches don’t start with…
New widespread EvilTokens kit: device code phishing as-a-service – Part 1
This post was originally distributed as a private FLINT report to our customers on 25 March 2026. Introduction In March 2026, through our monitoring of phishing-focused cybercrime communities, Sekoia’s Threat Detection & Research (TDR) team uncovered EvilTokens, a new turnkey…
Co-Op Chief Steps Down As Hack Leads To £125m Loss
Retail group Co-op sees £125m annual loss after damaging cyber-attack shuts down systems, leads to empty shelves, loss of customer data This article has been indexed from Silicon UK Read the original article: Co-Op Chief Steps Down As Hack Leads…
CanisterWorm Targets Docker, Kubernetes, and Redis to Steal Secrets
A financially motivated cybercrime group known as TeamPCP is actively exploiting poorly secured cloud environments using a self-propagating malware called “CanisterWorm.” The campaign targets exposed Docker APIs, Kubernetes clusters, Redis servers, and known vulnerabilities like React2Shell to gain unauthorized access,…
IT Security News Hourly Summary 2026-03-30 09h : 4 posts
4 posts were published in the last hour 6:7 : Hackers Probe Citrix NetScaler Systems Ahead of Suspected CVE-2026-3055 Exploitation 6:7 : 10 Best Log Monitoring Tools in 2026 6:7 : 10 Best Spam Filter Tools 2026 6:7 : Why risk…
Hackers Probe Citrix NetScaler Systems Ahead of Suspected CVE-2026-3055 Exploitation
Cybersecurity researchers are warning organizations about imminent cyberattacks targeting a newly disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligence firms watchTowr and Defused Cyber have uncovered active reconnaissance campaigns targeting CVE-2026-3055, a severe flaw that allows…
10 Best Log Monitoring Tools in 2026
As enterprises adopt more cloud-native technologies, containers, and microservices-based architectures, log monitoring and management are now critical. According to many market research assessments, the global log management industry is anticipated to increase from $1.9 billion in 2020 to $4.1 billion…
10 Best Spam Filter Tools 2026
Spam filter tools use advanced algorithms and machine learning techniques to detect and block unwanted email messages. They analyze email content, sender reputation, and patterns to effectively identify and filter out spam, ensuring inboxes remain clutter-free. These tools offer customizable…
Why risk alone doesn’t get you to yes
I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most security leaders will face is not identifying a threat, but getting…
Anthropic’s Latest AI Test Pressures Cybersecurity Stocks Lower
Major cybersecurity stocks took a steep dive on Friday after news broke that Anthropic is testing a highly capable new artificial intelligence model. Codenamed “Mythos” under the broader “Capybara” testing tier, this new AI possesses advanced capabilities for discovering complex…
FIFA World Cup 2026: A Match Between Fans and Scammers
Scammers are already gearing up for the FIFA World Cup 2026 with phishing attacks, online scams and a whole lot of social engineering as emotions and reckless behavior runs high among fans. The post FIFA World Cup 2026: A Match…
ShipSec Studio brings open-source workflow orchestration to security operations
Security teams have long relied on a mix of shell scripts, cron jobs, and loosely connected tools to chain reconnaissance and vulnerability scanning work together. ShipSec Studio, an open-source security workflow automation platform from ShipSec AI, aims to replace that…
CISA Warns of Actively Exploited F5 BIG-IP Vulnerability in Ongoing Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an actively exploited flaw in F5 BIG-IP systems. The vulnerability has been officially added to the Known Exploited Vulnerabilities (KEV) catalog, signaling that threat actors are successfully…
VoidLink Proves AI-Assisted Malware Is No Longer Experimental
VoidLink shows that AI-assisted malware is now a mature, operational tool rather than a lab experiment, compressing what once required a full team into days of work by a single developer. At the same time, threat actors are cautiously testing…
US foreign router ban criticized for being ‘industrial policy disguised as cybersecurity’
Public policy professor says it will make America less secure but hits Netgear’s lobbying goals The United States’ ban on foreign-made SOHO routers won’t improve security, and only makes sense as “industrial policy disguised as cybersecurity,” according to Milton Mueller,…
Breaking out: Can AI agents escape their sandboxes?
Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without direct access to the host. The SandboxEscapeBench benchmark, developed by researchers at the University of…
US foreign router ban criticized as ‘industrial policy disguised as cybersecurity’
Public policy professor says it will make America less secure but hits Netgear’s lobbying goals The United States’ ban on foreign-made SOHO routers won’t improve security, and only makes sense as “industrial policy disguised as cybersecurity,” according to Milton Mueller,…
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as…
The Hidden Tracking Risk Inside Your Tires
In this episode, Tom Eston and co-host Scott Wright discuss research showing that Tire Pressure Monitoring Systems (TPMS) can create privacy risks because the sensors broadcast unencrypted, uniquely identifying wireless signals that could be used to track vehicles. They reference…