Phishing drives about 90% of cyberattacks in 2026, using tactics like encrypted flows, QR code scams, and trusted cloud platforms to steal credentials. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Tag: EN
Honeywell Controllers Widely Exposed Without Authentication
Security researchers at Zero Science Lab have disclosed a critical vulnerability in Honeywell’s Trend IQ4xx series of Building Management System (BMS) controllers, revealing that the devices expose their full web-based Human-Machine Interface (HMI) without any authentication in their factory-default configuration.…
Iran‑Linked “Dust Specter” APT Deploys AI‑Aided Malware Against Iraqi Officials
Iran‑nexus APT group “Dust Specter” is targeting Iraqi government officials with AI‑assisted custom .NET malware, using dual attack chains that blend DLL sideloading, in‑memory PowerShell, and ClickFix‑style lures. In January 2026, Zscaler ThreatLabz tracked a new campaign against Iraqi officials…
CISA Warns Qualcomm Chipsets Memory Corruption Vulnerability Is Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Qualcomm chipset vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 3, 2026, confirming active exploitation in the wild. The flaw, tracked as CVE-2026-21385, affects multiple Qualcomm chipsets and…
Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks
Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads. This article has been indexed from Malwarebytes Read the original article: Attackers abuse OAuth’s built-in redirects…
Perplexity’s Comet Browser Hijacked Using Calendar Invite to Exfiltrate Sensitive Data
A poisoned Google Calendar invite is all it takes to weaponize Perplexity’s Comet browser. Security researchers at Zenity Labs have discovered a critical vulnerability, dubbed PerplexedBrowser, that tricks Comet’s AI agent into reading local files and stealing credentials. This zero-click…
Silver Dragon APT Group Targets Europe, Asia Using Google Drive for Covert Communication
A China-linked threat group called Silver Dragon has been targeting government and high-profile organizations across Southeast Asia and Europe since at least mid-2024. Operating under the umbrella of APT41, the group breaks into networks by exploiting public-facing internet servers and…
High-severity Qualcomm bug hits Android devices in targeted attacks
Google has patched 129 Android vulnerabilities, including an actively exploited flaw in a widely used Qualcomm component. This article has been indexed from Malwarebytes Read the original article: High-severity Qualcomm bug hits Android devices in targeted attacks
AI Security Firm JetStream Launches With $34 Million in Seed Funding
The startup aims to provide organizations with visibility into how AI operates across their environment. The post AI Security Firm JetStream Launches With $34 Million in Seed Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents
Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware. The post How Pirated Software Turns Helpful Employees Into Malware Delivery Agents appeared first on…
Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement
This article was originally published in Cyber Defense Magazine on 02/09/26 by Charlie Sander. The Illuminate incident serves as a crucial reminder to edtech vendors of the potential backlash that can occur when privacy promises are not upheld In a…
Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen
Shadow AI leaks data to uncontrolled external systems and spreads virally across organizations, requiring user training and compliant alternatives rather than prohibition. The post Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen appeared first on Security Boulevard.…
New Threat Report: AI Accelerates High-Velocity Cyber Attacks
Cyberattacks are shifting from “breaking in” to simply “logging in,” with AI now automating high-speed operations that overwhelm human defenders. Cloudforce One describes MOE as a cold ratio of effort to operational outcome, and modern threat actors are optimizing every…
Infrastructure as Code Is Not Enough
When Infrastructure as Code Stops Solving the Problem Infrastructure as Code changed the industry for the better. For the first time, infrastructure could be reviewed, versioned, and deployed with the same discipline as application code. Teams moved faster, environments became…
How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers
A pair of US lawmakers are calling for an investigation into how easily spies can steal information based on devices’ electromagnetic and acoustic leaks—a spying trick the NSA once codenamed TEMPEST. This article has been indexed from Security Latest Read…
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook
APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government…
Manipulating AI Summarization Features
Microsoft is reporting: Companies are embedding hidden instructions in “Summarize with AI” buttons that, when clicked, attempt to inject persistence commands into an AI assistant’s memory via URL prompt parameters…. These prompts instruct the AI to “remember [Company] as a…
LastPass Warns of New Phishing Campaign
The attackers are sending out fake alerts claiming unauthorized access or master password changes. The post LastPass Warns of New Phishing Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: LastPass Warns of…
New RFP Template for AI Usage Control and AI Governance
As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need “AI…
Car Tyre Sensors Can Be Used to Track Drivers Without Their Knowledge
New research from IMDEA Networks reveals how unencrypted signals from tyre pressure sensors in brands like Toyota and Mercedes can be used for covert vehicle tracking. Learn how these low-cost systems can map out your daily routines and why current…