On February 28, 2026, a joint US-Israeli military operation launched strikes inside Iran, opening a conflict that rapidly extended into cyberspace. Iran responded with ballistic missiles and drone strikes across Bahrain, Kuwait, Iraq, Saudi Arabia, the UAE, Israel, and Qatar.…
ForceMemo Hijacks GitHub Accounts, Backdoors Hundreds of Python Repos via Force-Push
A new malware campaign tracked as ForceMemo is quietly compromising hundreds of GitHub accounts and injecting hidden malicious code into Python repositories, leaving almost no visible trace. The earliest confirmed infections date back to March 8, 2026, and the campaign…
Critical Telnetd Vulnerability Enables Remote Attacker to Execute Arbitrary Code via Port 23
A critical buffer overflow vulnerability in the GNU Inetutils telnetd daemon. Tracked as CVE-2026-32746, this flaw allows an unauthenticated remote attacker to execute arbitrary code and gain root access to affected systems. The vulnerability requires zero user interaction and possesses…
Britain’s satellite-watching gap to be plugged with £17.5M eyeball in Cyprus
No 1 Space Operations Squadron will get a persistent stare capability The Ministry of Defence (MoD) plans to spend £17.5 million on a remotely-operated satellite monitoring facility in Cyprus, partly to protect the UK’s secure communications system Skynet.… This article…
Apple Debuts Background Security Improvements With Fresh WebKit Patches
The lightweight updates are meant to deliver security protections between security updates. The post Apple Debuts Background Security Improvements With Fresh WebKit Patches appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Apple Debuts…
Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach
The medtech giant has been working on restoring systems affected by the cyberattack conducted by the Handala hackers. The post Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Is All OAuth The Same For MCP?
Is the “S” in MCP missing? Explore the current state of Model Context Protocol security, from stdio vs. HTTP transport risks to the complexities of CIMD and OAuth implementations across different AI clients. The post Is All OAuth The Same…
TrojAI unveils new capabilities to secure agentic AI beyond the prompt layer
TrojAI has announced major new capabilities designed to secure the growing deployment of agentic AI in the enterprise going beyond the prompt layer. “The innovations we are unveiling this week address some of the most significant and rapid changes to…
Corelight’s Agentic Triage turns SOC alerts into evidence-backed investigations
Corelight has introduced a new set of agentic AI capabilities aimed at helping security operations centers (SOCs) cut down on repetitive, time-consuming tasks. The updates are designed to boost analyst efficiency, speed up response times, and build trust through greater…
9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet…
Claude Code Security and Magecart: Getting the Threat Model Right
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis,…
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score…
AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure
Rapid7 says median time from publication to CISA KEV inclusion dropped to five days This article has been indexed from www.infosecurity-magazine.com Read the original article: AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure
New .NET AOT Malware Hides Code as a Black Box to Evade Detection
Researchers at Howler Cell have discovered a new .NET AOT malware campaign that uses a clever scoring system… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: New .NET AOT…
Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks
Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mechanism on March 17, 2026, this targeted patch…
Rethinking Cyber Awareness: From Blame to Belonging
Stop treating employees like the “weakest link.” Discover why traditional cybersecurity awareness training fails and how to build a culture of belonging through human-centered design, security guardrails, and collaborative resilience. The post Rethinking Cyber Awareness: From Blame to Belonging appeared…
Polygraf AI launches Desktop Overlay for real-time AI behavior control in enterprise operations
Polygraf AI has announced the launch of its Desktop Overlay, a new product designed to provide continuous, real-time guidance for compliance operations and data protection directly at the user interface level, as a personal compliance assistant. Built for highly regulated…
Veracode Fix for SCA automates open-source vulnerability fixes
Veracode has unveiled Veracode Fix for Software Composition Analysis (SCA), an AI-powered solution to address software supply chain risk. The enhanced automated remediation engine, the next evolution of Veracode’s Fix solution, enables organizations to detect and remediate open-source vulnerabilities easily,…
China-Linked Group Steals $7M Crypto
A Chinese hacker group operating under the guise of a legitimate cybersecurity firm allegedly stole 7 million dollars through wallet supply chain attacks targeting platforms like Trust Wallet. This article has been indexed from CyberMaterial Read the original article: China-Linked…
Medusa Ransomware Claims New Victims
A notorious cybercriminal organization has claimed responsibility for major ransomware attacks targeting the primary medical center in Mississippi and a high-population county in New Jersey. This article has been indexed from CyberMaterial Read the original article: Medusa Ransomware Claims New…
Apple Rolls Out Background Security Update
Apple has launched a new Background Security Improvements update to resolve a WebKit vulnerability known as CVE-2026-20643 across iPhone, iPad, and Mac devices. This article has been indexed from CyberMaterial Read the original article: Apple Rolls Out Background Security Update
Feds Charge DigitalMint Negotiator
Angelo John Martino III, a 41-year-old former negotiator at DigitalMint, faces federal charges for allegedly orchestrating at least 10 ransomware attacks that netted $75.25 million in payments. This article has been indexed from CyberMaterial Read the original article: Feds Charge…
Convicted Scammer Runs New Scam From Prison
A 34-year-old Georgia man allegedly defrauded professional athletes and an OnlyFans model by impersonating an adult film star to steal financial data and engage in sex trafficking. This article has been indexed from CyberMaterial Read the original article: Convicted Scammer…
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit
Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit…