Google has released an out-of-band Chrome update to fix two high-severity zero-day vulnerabilities being actively exploited in the wild. Thank you for being a Ghacks reader. The post Google Fixes Two Actively Exploited Chrome Zero-Day Flaws appeared first on gHacks.…
Tag: EN
Fake FileZilla Downloads Spread RAT via Stealthy Multi-Stage Loader
Fake FileZilla downloads are being used to deliver a stealthy Remote Access Trojan (RAT) through a multi‑stage loader, putting careless downloaders at high risk of compromise. Attackers have set up a fake website that closely copies the look and layout…
Unprivileged users could exploit AppArmor bugs to gain root access
Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have…
Hacking Attempt Reported at Poland’s Nuclear Research Center
Initial evidence indicates Iran may be behind the attack, but officials admitted it could be a false flag. The post Hacking Attempt Reported at Poland’s Nuclear Research Center appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
45,000 malicious IP addresses taken down, 94 suspects arrested
An international law enforcement operation has taken down more than 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware activity. The action was carried out as part of Operation Synergia III, an investigation that ran from July…
Grammarly Withdraws Editing Feature That Impersonated Authors
Editing tool Grammarly withdraws feature that offered revision advice supposedly in the style of famous authors, without their consent This article has been indexed from Silicon UK Read the original article: Grammarly Withdraws Editing Feature That Impersonated Authors
JSOC IT’s AUTOPSY platform puts security stacks under live API verification
JSOC IT has announced the launch of AUTOPSY, a security verification platform that investigates an organization’s security stack through live API integrations before a breach occurs, rather than after one forces the conversation. The platform’s flagship product, READY, is a…
Massive 1 GW Data Centre Planned For North Lincolnshire
Elsham Tech Park project gains planning permission for one of UK’s largest AI complexes on farmland adjacent to former RAF base This article has been indexed from Silicon UK Read the original article: Massive 1 GW Data Centre Planned For…
What Are Your DDoS Testing Options in 2026?
No modern business can afford to ignore the threat of DDoS attacks. For many enterprises, reliable online services are critical to operations and reputation—while attackers continue to refine their tools and tactics. As a result, security teams can’t simply assume…
Instagram Will Remove End-to-End Encryption for Messages in May 2026
Instagram has confirmed it will remove end-to-end encryption from direct messages on May 8, 2026. Thank you for being a Ghacks reader. The post Instagram Will Remove End-to-End Encryption for Messages in May 2026 appeared first on gHacks. This article…
Google Patches Two Chrome Zero-Day Vulnerabilities Exploited in Active Attacks
Google has released an out-of-band Chrome update to fix two high-severity zero-day vulnerabilities being actively exploited in the wild. Thank you for being a Ghacks reader. The post Google Patches Two Chrome Zero-Day Vulnerabilities Exploited in Active Attacks appeared first…
ACRStealer Variant Deploys Syscall Evasion, TLS C2, Secondary Payloads
New research reveals that a new ACRStealer variant is now being actively deployed as a final payload by HijackLoader, using low‑level syscalls, AFD-based networking, TLS C2, and flexible secondary payload delivery to evade detection and maximize data theft. The newly…
A week in security (March 9 – March 15)
A list of topics we covered in the week of March 9 to March 15 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (March 9 – March 15)
Royal Bahrain Hospital breach, Canada’s Loblaw breached, New York water laws
Payload Ransomware group claims breached of Royal Bahrain Hospital Canadian food retailer Loblaw confirms data breach New York cyber regulations for water organizations launch in 2027 Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-royal-bahrain-hospital-breach-canadas-loblaw-breached-new-york-water-laws/ Huge thanks to…
RAMageddon: what the RAM shortage means for your next upgrade
If you plan to buy a new phone, laptop, console, or even a gaming handheld in 2026, the global RAM shortage, nicknamed “RAMageddon”, is going… The post RAMageddon: what the RAM shortage means for your next upgrade appeared first on…
OpenClaw AI Agents Vulnerable to Indirect Prompt Injection, Causing Data Leaks
OpenClaw AI agents are facing significant security scrutiny following a recent CNCERT warning about insecure defaults and prompt-injection vulnerabilities. The most critical risk for defenders is not just abstract model confusion, but the ability of an attacker to turn normal…
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign
Konni APT recently ran a multi-stage malware operation that hijacked KakaoTalk accounts to spread remote access trojans (RATs) through highly targeted spear‑phishing. The message used contextual content aligned with the victim’s role to build trust and trick them into opening…
FortiGate Firewall Exploitation Fuels Network Breaches in New Attack Wave
Cybersecurity defenders identified a surge in network breaches originating from compromised FortiGate Next-Generation Firewalls. According to incident responders at SentinelOne, threat actors exploit recent vulnerabilities to extract configuration files, steal credentials, and establish deep network footholds. Attackers are primarily leveraging…
Certificate lifespans are shrinking and most organizations aren’t ready
The push for shorter TLS certificate lifespans has been building for years. It started with Google’s internal push toward 90-day certificates, which gained traction inside the industry before resistance from enterprise customers slowed things down. Then Apple proposed 47-day certificates,…
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android…