Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a…
Apple’s Camera Indicator Lights
A thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording. The reason it’s tempting to think that a dedicated camera indicator light…
Critical Fortinet Forticlient EMS Vulnerability Exploited in Attacks
A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-21643, is actively being exploited in the wild. Threat actors have been leveraging this flaw in attacks starting four days ago, despite it not yet appearing…
TeamPCP Supply Chain Attack Allegedly Compromised Databricks Platform
Databricks is currently investigating an alleged security compromise connected to the massive TeamPCP software supply chain attack after being alerted by threat intelligence researchers. According to International Cyber Digest, Databricks was notified of the potential breach last week. The organization…
Critical n8n Vulnerability Let Attackers Achieve Remote Code Execution
A critical security flaw in n8n, a widely used open-source workflow automation platform, exposes host servers to Remote Code Execution (RCE) attacks. Tracked as CVE-2026-33660, this critical vulnerability allows authenticated threat actors to bypass built-in security restrictions, access sensitive data,…
Critical Grafana Vulnerabilities Let Attackers Achieve Remote Code Execution
Urgent security updates for Grafana version 12.4.2 address two critical vulnerabilities that could allow attackers to achieve full remote code execution (RCE) and execute denial-of-service (DoS) attacks. System administrators utilizing Grafana for data visualization are strongly advised to apply these…
Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare
Iran-linked hacking groups are turning to high-volume, low-impact cyberattacks, and AI is providing a boost. The post Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare appeared first on SecurityWeek. This article has been indexed…
European Commission Reports Cyber Intrusion and Data Theft
The ShinyHunters hacker group claimed to have stolen over 350GB of information from European Commission cloud systems. The post European Commission Reports Cyber Intrusion and Data Theft appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Second data breach at European Commission this year leaves questions over resilience
The European Commission confirmed that a cyberattack impacted cloud infrastructure hosting its web presence on the Europa.eu platform. Authorities said the cyberattack was discovered on 24 March, and early findings from the ongoing investigation suggest data were taken from the…
Critical Citrix NetScaler Vulnerability Exploited in the Wild
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Citrix NetScaler Vulnerability Exploited in the Wild
TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials
Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
New Homoglyph Tricks Let Cybercriminals Mimic Trusted Domains
New homoglyph attack techniques are turning tiny visual differences in text into a reliable way to spoof trusted domains, steal credentials, and bypass weak Unicode handling in security stacks. By abusing Internationalized Domain Names (IDNs), Punycode, and Unicode “confusables,” attackers…
Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution
Attackers are exploiting a critical Fortinet FortiClient EMS flaw (CVE-2026-21643) that allows remote code execution via SQL injection. A critical Fortinet FortiClient EMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1), is now being actively exploited. Defused researchers warn that…
Telnyx Targeted in Growing TeamPCP Supply Chain Attack
Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux. The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Charity Fraud: How to Avoid Falling for Fake Donation Campaigns
Charity is built on trust, but scammers often misuse this goodwill to run fake donation campaigns. These schemes are designed to exploit emotions, especially during crises, natural disasters, or urgent causes. Understanding how charity fraud works and checking donation requests…
Android 17 tweaks location privacy with one-time access
Google introduced a suite of location privacy features in Android 17 Beta 3 to give users more control and provide developers with tools for data minimization and product safety. Location button overview Android 17 introduces a new UI element called…
ICO Fines UK Nuisance Call Scammers £100,000
The UK Information Commissioner’s Office has handed a £100,000 fine to Birmingham-based TMAC This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Fines UK Nuisance Call Scammers £100,000
European Commission admits attackers broke into public web systems, but says little else
Brussels notifying ‘Union entities’ whose data may’ve been snatched in websites breach The European Commission has admitted that attackers broke into its public-facing web infrastructure and siphoned off data in a bare-bones disclosure that answers the what but ducks most…
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to…
Critical Fortinet FortiClient EMS Vulnerability Actively Exploited in Attacks
Threat intelligence researchers have detected active exploitation of a critical vulnerability in Fortinet’s FortiClient Enterprise Management Server (EMS). The security flaw, identified as CVE-2026-21643, allows malicious actors to execute unauthorized database commands. While attacks have been occurring in the wild…
Telnyx Python SDK Backdoored on PyPI to Steal Cloud Credentials
The popular Telnyx Python SDK on PyPI to deploy a multi‑stage credential‑stealing operation that targets cloud infrastructure, Kubernetes clusters, and developer environments at scale. On March 27, 2026, TeamPCP uploaded two malicious Telnyx SDK releases, versions 4.87.1 and 4.87.2, directly…
MIWIC26: Laura Price, Cyber Skills & Partnership Lead at BT
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected…
IT Security News Hourly Summary 2026-03-30 12h : 12 posts
12 posts were published in the last hour 9:32 : Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover 9:32 : LiteLLM supply chain attack exposes millions to credential theft 9:32 : World Back Up Day 2026 –…
Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover
Security researchers recently uncovered a critical stored Cross-Site Scripting (XSS) vulnerability within Atlassian’s Jira Work Management platform. This flaw allows an attacker with limited administrative permissions to execute a full organization takeover. Jira Work Management is heavily relied upon by…