As Apple’s macOS footprint grows in both consumer and enterprise environments, dedicated infostealers like MioLab (aka Nova) show that Macs are no longer a niche target but a priority for cybercrime ecosystems. Marketed as a premium Malware‑as‑a‑Service (MaaS) on Russian‑language…
511,000+ End-of-Life IIS Instances Found Online, Raising Security Risks
Security researchers at The Shadowserver Foundation have identified a massive internet-facing attack surface, discovering more than 511,000 End-of-Life Microsoft Internet Information Services (IIS) instances currently active online. This widespread deployment of outdated web servers presents a significant security risk to…
The 6 Best Free Antivirus Software Providers for Mac in 2026
Security-conscious Mac users may need more protection than their built-in tools provide. Learn about the extra features and functionality offered by the best free antivirus software providers for Mac in 2026. The post The 6 Best Free Antivirus Software Providers…
IT Security News Hourly Summary 2026-03-23 12h : 18 posts
18 posts were published in the last hour 10:35 : CISA Warns of Craft CMS Code Injection Flaw Exploited in Active Attacks 10:35 : 6 Best Unified Threat Management (UTM) Devices & Software 10:34 : What Happens When You Can’t…
CISA Warns of Craft CMS Code Injection Flaw Exploited in Active Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Craft CMS to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-32432, this code injection flaw is currently being exploited in active attacks across the wild.…
6 Best Unified Threat Management (UTM) Devices & Software
Compare the 6 best UTM devices and software for 2026. Explore top solutions with IPS, sandboxing, and advanced threat protection. The post 6 Best Unified Threat Management (UTM) Devices & Software appeared first on eSecurity Planet. This article has been…
What Happens When You Can’t Get a Death Certificate in Gaza
For families of the missing, systemic obstacles to identifying remains and locating people in Israeli detention has created a kind of social and legal purgatory. This article has been indexed from Security Latest Read the original article: What Happens When…
Hassan Took a Bike Ride. Now He’s One of the Thousands Missing in Gaza
In a place denied access to basic forensic technology—and where people disappear into Israeli detention—the fate of thousands remains unknown. One of them is an autistic teenager. This article has been indexed from Security Latest Read the original article: Hassan…
Q&A: “If It’s Not Secure, You Can’t Trust It”
Dewayne Hart brings frontline cyber experience to a field increasingly defined by speed, risk and constant change. A former U.S. Navy Chief Petty Officer with over two decades in defence systems and leadership training, he now works at the intersection…
MIWIC26: Meera Tamboli, Digital Forensics and Incident Response Analyst, AVEVA
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top…
The drone swarm is coming, and NATO air defenses are too expensive to cope
Ukraine’s battlefield lessons show quantity and affordability now trump exquisite hardware NATO is unprepared to deal with attacks by cheap, mass-produced drones and urgently needs layered, affordable air defense systems to counter the threat, taking a cue from the experience…
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
Attack volumes are back to pre-disruption levels, and the adversary tactics have remained unchanged. The post Tycoon 2FA Fully Operational Despite Law Enforcement Takedown appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Tycoon…
CISA Orders US Government to Patch Maximum Severity Cisco Flaw
CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Orders US Government to Patch Maximum Severity Cisco Flaw
Startup Accused Of Helping Fake Privacy and Security Audits
Compliance Startup Audit-Faking Claims, Trivy Supply-Chain Backdoor, Russia Targets Signal/WhatsApp, and Iran-Linked Stryker Disruption Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in…
Digital Security for Celebrities
A practical guide to personal cyber defense for celebrities, leaders, and other high-exposure profiles facing elevated digital risk. This article has been indexed from CyberMaterial Read the original article: Digital Security for Celebrities
Global Crackdown Dismantles 4 Botnets Behind Major DDoS Attacks
Global crackdown dismantles Aisuru, KimWolf, JackSkid and Mossad botnets behind major DDoS attack campaigns targeting millions of devices worldwide. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Global Crackdown…
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
A newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed as a malware-as-a-service (MaaS) platform, it is sold on cybercrime forums with subscription plans starting at $300 per month. Unlike…
Iran-linked actors use Telegram as C2 in malware attacks on dissidents
Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Security (MOIS) runs cyber campaigns using Telegram as a command-and-control infrastructure to deliver…
CISA Warns of Apple Vulnerabilities Linked to DarkSword iOS Exploit Chain Exploited in Attacks
An urgent warning regarding three critical Apple vulnerabilities that threat actors are actively exploiting in the wild. These security flaws, officially tracked as CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, were recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Security researchers have…
New CanisterWorm Steals npm Tokens and Spreads Through Compromised Publisher Accounts
A new wave of supply chain attacks is hitting the npm ecosystem through a self-propagating malware campaign known as CanisterWorm. The threat, linked to a group tracked as “TeamPCP,” compromises legitimate publisher namespaces and pushes poisoned package versions, effectively turning…
Proofpoint unifies email, data, and AI security to reduce enterprise blind spots
Proofpoint has unveiled innovations across its Collaboration Security and Data Security portfolios, strengthening protection for the agentic workspace, where people and AI agents interact across communication and data environments to execute business-critical work. As organizations deploy AI assistants and autonomous…
KeeThief
GhostPack tool for extracting KeePass 2.X key material from memory and interacting with the KeePass trigger system. This article has been indexed from CyberMaterial Read the original article: KeeThief
Zero Networks Kubernetes Access Matrix exposes hidden access paths and blast radius
Zero Networks has announced the Kubernetes Access Matrix, a real time visual map that exposes every allowed and denied rule inside Kubernetes clusters. The new capability enables security and DevOps teams to see, understand, and control Kubernetes access at scale,…
Russian hackers go after high-value targets through Signal
Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of intelligence interest, including government personnel, journalists, and others with access to sensitive communications. It is…