Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group This article has been indexed from www.infosecurity-magazine.com Read the original article: TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Amnezia Releases AmneziaWG 2.0 To Bypass Advanced Internet Censorship Systems
Amnezia has introduced AmneziaWG 2. Thank you for being a Ghacks reader. The post Amnezia Releases AmneziaWG 2.0 To Bypass Advanced Internet Censorship Systems appeared first on gHacks. This article has been indexed from Cybersecurity News: Threats, Vulnerabilities & Privacy…
Linux Ransomware Pay2Key Targets Servers, Virtualization Hosts, and Cloud Workloads
Linux-focused ransomware Pay2Key is actively targeting enterprise servers, VMware ESXi virtualization hosts, and cloud workloads, underscoring how far Linux ransomware has evolved beyond simple file lockers. Originally known for fast, human-operated Windows intrusions against Israeli and Brazilian organizations, Pay2Key has re-emerged…
Sen. Wyden Warns of Another Section 702 Abuse
Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the…
Could AI Replace the CEO? Zuckerberg’s ‘CEO Agent’ Sparks Debate
Mark Zuckerberg is building a personal AI agent to help him run Meta, and the move has reignited a debate that the tech industry has long been circling: could AI one day replace the most senior roles in business? According…
Njordium AI blocks fake invoices and fraudulent payments
Njordium Cyber Group has launched its new AI Fraud Detection Module, a self-learning AI engine integrated into the recently released Vendor Management System (VMS). The module instantly detects and neutralises fake invoices, phantom services or products, and inflated pricing. Fully…
Akamai Brand Guardian detects and removes AI-driven brand impersonation
Akamai has introduced Akamai Brand Guardian, an evolution of Brand Protector that uses AI to identify and manage brand impersonation at scale. Scammers are exploiting the widespread availability of generative AI to deploy sophisticated fake websites and digital identities in…
OpenAI Shuts Down Sora Video-Generation Tool
In surprise move, OpenAI to discontinue Sora video-generation service, six months after launching stand-alone app, as it shifts focus This article has been indexed from Silicon UK Read the original article: OpenAI Shuts Down Sora Video-Generation Tool
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
SmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RAT
A recent SmartApeSG campaign observed on March 24, 2026, highlights the growing sophistication of ClickFix-based attack chains, which deliver multiple remote access trojans (RATs) and information stealers through a staged infection process. The infection begins with the ClickFix technique, where…
Hackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account Access
A critical vulnerability dubbed “PolyShell” is actively being exploited across Magento and Adobe Commerce platforms. Discovered by the Sansec Forensics Team and published on March 17, 2026, this flaw allows unauthenticated attackers to upload executable files via the platform’s REST…
F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File
F5 has disclosed a high-severity vulnerability (CVE-2026-32647) in the NGINX ngx_http_mp4_module that allows attackers execute arbitrary code or cause a denial-of-service (DoS) using crafted MP4 files. This flaw impacts NGINX Plus and NGINX Open Source deployments where the MP4 streaming module is…
IT Security News Hourly Summary 2026-03-25 12h : 17 posts
17 posts were published in the last hour 11:5 : Anatomy of a Cyber World Global Report 2026 11:4 : Microsoft hands Entra ID users new option for MFA 11:4 : Experts Sound Alarm Over “Prompt Poaching” Browser Extensions 10:32…
Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca
Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information. The Lapsus$ group claims it breached AstraZeneca, stealing about 3GB of sensitive data. The alleged leak includes credentials, tokens, internal code repositories (Java,…
Anatomy of a Cyber World Global Report 2026
The Kaspersky Security Services report describes cyberattack trends and statistics revealed by the Managed Detection and Response service. The report also includes Incident Response findings based on real-world cases identified and mitigated in 2025. This article has been indexed from…
Microsoft hands Entra ID users new option for MFA
Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, expanding support for third-party identity providers. Configure external MFA in Microsoft Entra ID (Source:…
Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Expel has warned of malicious Chrome extensions stealing users’ AI conversations This article has been indexed from www.infosecurity-magazine.com Read the original article: Experts Sound Alarm Over “Prompt Poaching” Browser Extensions
Apple Tests Stand-Alone Siri App Amid Chatbot Shift
Apple reportedly testing stand-alone app for digital assistant, as it revamps Siri into chatty tool with broad access to data This article has been indexed from Silicon UK Read the original article: Apple Tests Stand-Alone Siri App Amid Chatbot Shift
ClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top Skill
Silverfort researchers recently uncovered a critical security flaw in ClawHub, the main public registry for the OpenClaw agent ecosystem. This vulnerability allowed attackers to artificially boost download numbers, pushing malicious code to the top of the search results. This created…
MIWIC26: Adenike Ajayi-lweka, Cybersecurity Consultant at Accenture
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected…
LiteLLM PyPI Package With 95 Million Downloads Compromised by TeamPCP Hackers
A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests across various LLM providers and have over 95 million monthly downloads, were found to contain a…
FCC Banned Foreign-made Consumer Routers Over Security Risks
The Federal Communications Commission (FCC) announced a major update to its Covered List, officially prohibiting the approval of new consumer-grade network routers produced in foreign countries. This regulatory action prevents these new devices from entering the United States market by…
Google Authenticator’s Hidden Passkey Architecture Could Open New Passwordless Attack Paths
Passwordless authentication was supposed to mark the end of account takeovers. Designed to replace traditional passwords with cryptographic keys tied to physical devices, it promised a future where stolen credentials could no longer unlock user accounts. But a close examination…
ClawHub Vulnerability Let Attackers Manipulate Rankings to Become the #1 Skill
Security research team has uncovered a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. This flaw allowed attackers to artificially inflate the download counts of malicious skills, thereby bypassing security checks and manipulating search rankings.…