No modern business can afford to ignore the threat of DDoS attacks. For many enterprises, reliable online services are critical to operations and reputation—while attackers continue to refine their tools and tactics. As a result, security teams can’t simply assume…
Instagram Will Remove End-to-End Encryption for Messages in May 2026
Instagram has confirmed it will remove end-to-end encryption from direct messages on May 8, 2026. Thank you for being a Ghacks reader. The post Instagram Will Remove End-to-End Encryption for Messages in May 2026 appeared first on gHacks. This article…
Google Patches Two Chrome Zero-Day Vulnerabilities Exploited in Active Attacks
Google has released an out-of-band Chrome update to fix two high-severity zero-day vulnerabilities being actively exploited in the wild. Thank you for being a Ghacks reader. The post Google Patches Two Chrome Zero-Day Vulnerabilities Exploited in Active Attacks appeared first…
IT Security News Hourly Summary 2026-03-16 09h : 6 posts
6 posts were published in the last hour 7:34 : ACRStealer Variant Deploys Syscall Evasion, TLS C2, Secondary Payloads 7:34 : A week in security (March 9 – March 15) 7:34 : Royal Bahrain Hospital breach, Canada’s Loblaw breached, New…
ACRStealer Variant Deploys Syscall Evasion, TLS C2, Secondary Payloads
New research reveals that a new ACRStealer variant is now being actively deployed as a final payload by HijackLoader, using low‑level syscalls, AFD-based networking, TLS C2, and flexible secondary payload delivery to evade detection and maximize data theft. The newly…
A week in security (March 9 – March 15)
A list of topics we covered in the week of March 9 to March 15 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (March 9 – March 15)
Royal Bahrain Hospital breach, Canada’s Loblaw breached, New York water laws
Payload Ransomware group claims breached of Royal Bahrain Hospital Canadian food retailer Loblaw confirms data breach New York cyber regulations for water organizations launch in 2027 Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-royal-bahrain-hospital-breach-canadas-loblaw-breached-new-york-water-laws/ Huge thanks to…
RAMageddon: what the RAM shortage means for your next upgrade
If you plan to buy a new phone, laptop, console, or even a gaming handheld in 2026, the global RAM shortage, nicknamed “RAMageddon”, is going… The post RAMageddon: what the RAM shortage means for your next upgrade appeared first on…
OpenClaw AI Agents Vulnerable to Indirect Prompt Injection, Causing Data Leaks
OpenClaw AI agents are facing significant security scrutiny following a recent CNCERT warning about insecure defaults and prompt-injection vulnerabilities. The most critical risk for defenders is not just abstract model confusion, but the ability of an attacker to turn normal…
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign
Konni APT recently ran a multi-stage malware operation that hijacked KakaoTalk accounts to spread remote access trojans (RATs) through highly targeted spear‑phishing. The message used contextual content aligned with the victim’s role to build trust and trick them into opening…
FortiGate Firewall Exploitation Fuels Network Breaches in New Attack Wave
Cybersecurity defenders identified a surge in network breaches originating from compromised FortiGate Next-Generation Firewalls. According to incident responders at SentinelOne, threat actors exploit recent vulnerabilities to extract configuration files, steal credentials, and establish deep network footholds. Attackers are primarily leveraging…
Certificate lifespans are shrinking and most organizations aren’t ready
The push for shorter TLS certificate lifespans has been building for years. It started with Google’s internal push toward 90-day certificates, which gained traction inside the industry before resistance from enterprise customers slowed things down. Then Apple proposed 47-day certificates,…
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android…
Attackers Exploit Teams, Quick Assist to Deploy Stealthy A0Backdoor
Attackers are evolving a well-known Microsoft Teams and Quick Assist social-engineering playbook to install a new, stealthy backdoor dubbed A0Backdoor. The campaign closely mirrors activity previously attributed to Blitz Brigantine (also tracked as Storm‑1811), a financially motivated group tied to Black…
A Latte Trouble: Starbucks HR Accounts Hit in Credential Theft Incident
Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing employment information, personal data, benefits, and HR information. In a letter sent to affected staff members, the company said: “On or…
The Privacy Problem With Meta’s Ray-Ban Smart Glasses
This episode discusses Meta Ray-Ban Smart Glasses, which blend a camera, microphone, AI features, and social media integration into sunglasses that look like normal fashion eyewear, raising major privacy concerns. It highlights reports that footage captured by the glasses may…
What smart factories keep getting wrong about cybersecurity
In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart factory environments today, from IoT devices and legacy systems to human error. He explains how unmanaged devices, from sensors to robotic components, often…
Microsoft Issues Out-of-Band Patch for Critical Windows 11 RRAS RCE Flaws
Microsoft released an urgent out-of-band security update on March 13, 2026, to address a series of critical vulnerabilities in Windows 11. The update, identified as hotpatch KB5084597, specifically resolves Remote Code Execution (RCE) flaws within the Windows Routing and Remote…
The AI Doomsday Clock: When AI Becomes a Business Dependency, Not a Tool
Most conversations about AI in business start with the wrong question of “Can AI do the job?” It is entirely the wrong place to start. The real question for leadership is quieter but vastly more important…“Will this platform still exist,…
Latte Trouble: Starbucks HR Accounts Hit in Credential Theft Incident
Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing employment information, personal data, benefits, and HR information. In a letter sent to affected staff members, the company said: “On or…
Fake scandal clips on Facebook bait victims into investment scams
Bitdefender researchers uncovered hundreds of scam campaigns promoted through Facebook ads that use fake news stories, celebrity impersonation, and redirect chains to funnel victims into investment fraud schemes. The activity ran through 310 malvertising campaigns distributed on Meta platforms from…
VulHunt: Open-source vulnerability detection framework
Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly’s commercial Transparency Platform available to independent researchers and practitioners. What VulHunt does VulHunt Community Edition is a framework for detecting vulnerabilities in compiled software. It operates against…
Meta Permanently Disables End-to-End Encryption for Instagram DMs
Meta has announced plans to permanently turn off end-to-end encryption for Instagram Direct Messages. Effective May 8, 2026, the social media platform will officially cease support for this critical security feature. This decision marks a significant change in how user…
IT Security News Hourly Summary 2026-03-16 06h : 3 posts
3 posts were published in the last hour 4:36 : Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability 4:36 : Experts Warn of “Silent Failures” in AI Systems That Could Quietly Disrupt Business Operations…