Analysis of SaaS sprawl amplified by AI integrations arguing for continuous discovery, application-layer visibility, policy enforcement, and real-time remediation to tame shadow IT and API‑level risk. The post SaaS Sprawl has Become the New Shadow IT: Why Traditional Security Struggles to See…
Jozu Agent Guard targets AI agents that evade controls
Jozu has announced the launch of Jozu Agent Guard, a zero-trust AI runtime that executes agents, models, and MCP servers in secure environments with built-in policy enforcement and guardrails that cannot be disabled. As enterprises adopt AI agents, MCP servers,…
Proofpoint addresses AI threats with intent-based security
Proofpoint has announced Proofpoint AI Security, the newest security solution that combines intent-based detection, multi-surface control points, and a comprehensive implementation framework to secure how humans and AI agents use AI across the enterprise. Based on the Agent Integrity Framework,…
Average Number of Daily API Attacks Up 113% Annually
Akamai says 87% of organizations suffered an API-related security incident last year This article has been indexed from www.infosecurity-magazine.com Read the original article: Average Number of Daily API Attacks Up 113% Annually
IT Security News Hourly Summary 2026-03-17 12h : 14 posts
14 posts were published in the last hour 10:35 : Apple’s AirPods Max 2 Adds Live Translation 10:34 : Glassworm Malware Infects Popular React Native npm Packages 10:34 : Angular XSS Vulnerability Threatens Thousands of Web Applications 10:34 : Sears…
Apple’s AirPods Max 2 Adds Live Translation
New over-ear headphones add features already integrated into AirPods Pro, including live translation, gesture-based AI interactions This article has been indexed from Silicon UK Read the original article: Apple’s AirPods Max 2 Adds Live Translation
Glassworm Malware Infects Popular React Native npm Packages
A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an…
Angular XSS Vulnerability Threatens Thousands of Web Applications
A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-32635, has been discovered in Angular, one of the world’s most widely used web application frameworks. This flaw resides in the Angular runtime and compiler and affects internationalisation (i18n) attribute bindings. If…
Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud. This article has been indexed from Security Latest Read the original article: Sears Exposed AI Chatbot…
AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks
Akamai warns that Layer 7 DDoS, API abuse and AI-powered attacks are merging into coordinated, multi-vector campaigns that are harder to detect and defend against. The post AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks appeared first…
Google cracks down on Android apps abusing accessibility
Malware has been abusing Android’s accessibility features for years. Google just made that a lot harder. This article has been indexed from Malwarebytes Read the original article: Google cracks down on Android apps abusing accessibility
Microsoft zeroes in on AI-driven data risks in Fabric
New Microsoft Purview innovations for Microsoft Fabric help organizations secure data and accelerate AI adoption. The updates focus on identifying risks, preventing data oversharing, and strengthening governance and data quality across the data estate. Integration between Microsoft Purview and Microsoft…
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians…
UK Cyber Monitoring Centre Sets Its Sights on US Expansion One Year After Launch
The US Cyber Monitoring Center should be operational in 2027, said the UK CMC leadership This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Cyber Monitoring Centre Sets Its Sights on US Expansion One Year After Launch
Open, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models
Unit 42 research unveils LLM guardrail fragility using genetic algorithm-inspired prompt fuzzing. Discover scalable evasion methods and critical GenAI security implications. The post Open, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models appeared first…
Broadcast Highlights Dangers Of AI ‘Poisoning’
Chinese investigative broadcast shows how generative AI optimisation companies can bias or falsify AI chatbots’ responses This article has been indexed from Silicon UK Read the original article: Broadcast Highlights Dangers Of AI ‘Poisoning’
Packagist Themes Deliver Trojanized jQuery in OphimCMS Supply Chain Attack
A new OphimCMS supply chain attack in which six Packagist themes ship trojanized jQuery and other JavaScript to compromise site visitors rather than servers. Researchers found six malicious Composer packages under the “ophimcms” namespace on Packagist that pretend to be…
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting…
Millions of UK firms on alert after Companies House data exposure
Companies House, the UK’s official company registry, said its WebFiling service is back online after being shut down on Friday to fix a security issue that may have exposed the personal data of millions of firms. An investigation indicates the…
Researchers Urge Regulation Of AI Toys For Toddlers
Cambridge University researchers find awkward interactions in OpenAI-powered plush toy for under-fives, raising safety questions This article has been indexed from Silicon UK Read the original article: Researchers Urge Regulation Of AI Toys For Toddlers
Sweet Minecraft Mods – The Dark Tale of SugarSMP Scam, Malware & Extortion
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Security Blog G Data Software AG Read the original article: Sweet Minecraft Mods – The Dark Tale…
Malicious npm Packages Deliver PylangGhost RAT in New Software Supply Chain Campaign
A remote access trojan known as PylangGhost has appeared on the npm registry for the first time, concealed inside two malicious JavaScript packages. The malware, first publicly disclosed by Cisco Talos in June 2025 and attributed to the North Korean…
Attackers Hijacking Legitimate Websites to Attack Microsoft Teams users
A multi-vector phishing campaign using compromised WordPress sites to steal login credentials from Microsoft Teams and Xfinity users. By hijacking these trusted sites, attackers can bypass security filters and trick victims into disclosing sensitive information. The threat actors are not…
CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks
An urgent warning regarding two highly critical zero-day vulnerabilities affecting Google Chrome and related products. These flaws have been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that malicious hackers are actively exploiting them in the wild. With…