The U.S. telehealth giant says hackers stole customer support ticket data over the course of several days in February. This article has been indexed from Security News | TechCrunch Read the original article: Telehealth giant Hims & Hers says its…
The $250K Single Point of Failure Hiding in Every SOC
One architect, 200 static playbooks, zero backup plan. The real consolidation problem isn’t tool count — it’s architectural dependency. Here’s what replaces it. The post The $250K Single Point of Failure Hiding in Every SOC appeared first on D3 Security.…
Claude Code Leak Exposes AI Supply Chain Threats
A packaging error in Anthropic’s Claude Code exposed over 500,000 lines of source code. The post Claude Code Leak Exposes AI Supply Chain Threats appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Four security principles for agentic AI systems
Agentic AI represents a qualitative shift in how software operates. Traditional software executes deterministic instructions. Generative AI responds to human prompts with output that humans review and use at their discretion. Agentic AI differs from both. Agents connect to software…
Google Workspace’s continuous approach to mitigating indirect prompt injections
Posted by Adam Gavish, Google GenAI Security Team Indirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications with multiple data sources, such as Workspace with Gemini. This technique enables the attacker to influence the…
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the…
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters hackers claim they stole 3 million+ Cisco records via Salesforce and AWS, warning of a public leak if demands are not met by April 3, 2026. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI…
What Happens When a Nuclear Site Is Hit?
As strikes continue on Iran’s nuclear facilities, the real danger isn’t the explosion, but what happens if critical safety systems fail—and how that risk could spread across the Gulf. This article has been indexed from Security Latest Read the original…
Patch Now: Chrome Flaw Under Active Attack, Google Confirms
Google patches 21 Chrome vulnerabilities, including an actively exploited zero-day flaw that could enable code execution and full device compromise. The post Patch Now: Chrome Flaw Under Active Attack, Google Confirms appeared first on TechRepublic. This article has been indexed…
ConductorOne Extends Reach of Identity Governance to AI
ConductorOne has extended the reach of its identity governance platform to artificial intelligence (AI) tools, agents and integrations based on the Model Context Protocol (MCP). Additionally, the company has now integrated its namesake identity governance platform with the CrowdStrike Falcon…
200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin
On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to delete arbitrary files, including the…
Hasbro hit by cyberattack, investigates possible data breach
Hasbro suffers a cyberattack, disrupting some operations; the company is probing the scope and potential data compromise. Toy giant Hasbro reported a cyberattack on Wednesday that disrupted certain company operations. The firm is investigating the full extent of the incident,…
Cybercriminals Exploit Telnyx Package in Latest Supply Chain Attack
A cybercriminal group previously associated with a supply chain compromise involving the Trivy vulnerability scanner has launched another attack, this time targeting developers through manipulated Telnyx packages on the Python Package Index (PyPI). According to findings from Ox Security,…
IT Security News Hourly Summary 2026-04-02 21h : 6 posts
6 posts were published in the last hour 18:32 : Here’s What Can Happen When the US Bombs Iran’s Nuclear Sites 18:32 : The Language of Emojis in Threat Intelligence: How Adversaries Signal, Obfuscate, and Coordinate Online 18:20 : The…
Here’s What Can Happen When the US Bombs Iran’s Nuclear Sites
As strikes continue on Iran’s nuclear facilities, the real danger isn’t the explosion, but what happens if critical safety systems fail—and how that risk could spread across the Gulf. This article has been indexed from Security Latest Read the original…
The Language of Emojis in Threat Intelligence: How Adversaries Signal, Obfuscate, and Coordinate Online
As threat actor activity continues to shift toward informal, fast-moving communication platforms such as Telegram and Discord, the way adversaries communicate is evolving. Emojis, often dismissed as casual or nontechnical, have become a meaningful part of that evolution. The post…
The democratisation of business email compromise fraud
This week, Martin tells the story of a crime he encountered and how it shows that the threat landscape is changing. This article has been indexed from Cisco Talos Blog Read the original article: The democratisation of business email compromise…
Cisco fixed critical and high-severity flaws
Cisco fixed critical flaws that could allow attackers to bypass authentication, run code, and gain access to sensitive data. Cisco released patches for two critical and six high-severity vulnerabilities. These flaws could let attackers bypass authentication, execute malicious code, escalate…
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
Source code with a side of Vidar stealer and GhostSocks Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.… This article has…
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on SecurityWeek.…
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 23, 2026 to March 29, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…
Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to ‘DarkSword’ Exploit
Apple issues a rare iOS 18 security patch as the DarkSword exploit threatens up to 270 million iPhones, marking a shift in its long-standing update policy. The post Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to…
Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks
Hasbro is investigating a cyberattack that forced systems offline, warning recovery could take weeks as it works to contain the incident and assess the impact. The post Hasbro Cyberattack Knocks Systems Offline, Recovery Could Take Weeks appeared first on TechRepublic.…
US Bans All Foreign-Made Consumer Routers
This is for new routers; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and…