Anthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, released in January 2026. Anthropic discovered 22 security vulnerabilities in Firefox using its Claude Opus 4.6…
Tag: EN
A week in security (March 2 – March 8)
A list of topics we covered in the week of March 2 to March 8 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (March 2 – March 8)
Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure
High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been…
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944, this vulnerability carries a maximum critical severity score of 9.8 out of 10. The flaw…
Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity
Stu Hirst was already a CISO when he started to go deaf. It was 2023, and the hearing loss crept in over months, enough for him to adapt, to lean on hearing aids and captions, to quietly reorganize his calendar…
FBI network breach, GitHub distributes stealer, Hackers abuse .arpa
FBI investigates suspicious activities on agency network Over 100 GitHub repositories distributing BoryptGrab stealer Hackers abuse .arpa DNS and ipv6 to evade phishing defenses Get links to all the stories in our show notes: https://cisoseries.com/cybersecurity-news-fbi-network-breach-github-distributes-stealer-hackers-abuse-arpa/ Huge thanks to our sponsor,…
Infostealers: What They Are, How They Work, and How to Stop Them
Infostealers are a growing threat that quietly steal your personal data. These malware programs target everyday users by grabbing login credentials and sensitive info from… The post Infostealers: What They Are, How They Work, and How to Stop Them appeared…
Hikvision Multiple Product Vulnerability Could Let Attackers Escalate Privileges
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting multiple Hikvision products to its Known Exploited Vulnerabilities (KEV) catalog. This urgent addition, made on March 5, 2026, serves as a stark warning to network…
ExifTool Vulnerability Lets Malicious Images Trigger macOS Code Execution
ExifTool is a ubiquitous open-source solution for reading, writing, and editing image metadata. It’s the go-to tool for photographers and digital archivists, and is widely used in data analytics, digital forensics, and investigative journalism. Can a computer really get infected…
DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass
DumpBrowserSecrets extracts saved passwords, cookies, OAuth tokens and autofill data from Chrome, Edge, Firefox, Opera and Vivaldi, bypassing App-Bound Encryption via Early Bird APC injection. This article has been indexed from Darknet – Hacking Tools, Hacker News & Cyber Security…
TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense
At [un]prompted 2026, TrendAI™ demonstrated how documents can be used to exploit AI-driven KYC pipelines and introduced FENRIR, an automated system for discovering AI vulnerabilities at scale. This article has been indexed from Trend Micro Research, News and Perspectives Read…
Open-source tool Sage puts a security layer between AI agents and the OS
Autonomous AI agents running on developer workstations execute shell commands, fetch URLs, and write files with little or no inspection of what they are doing. Open-source project Sage inserts an interception layer between an AI agent and those operations, checking…
Turning expertise into opportunity for women in cybersecurity
Speaker diversity in cybersecurity has been a talking point for over a decade, with panels, pledges, and dedicated conference tracks failing to produce change. Stages still skew heavily male, even as women represent millions of qualified professionals in the field.…
Transparent Tribe’s ‘Vibeware’ Move Points to AI-Made Malware at Scale
Transparent Tribe (APT36) is moving from traditional, off‑the‑shelf tools to an AI-assisted malware model researchers now call “vibeware,” signaling how large language models are starting to industrialize mediocre but relentless attacks at scale. In its latest campaigns against Indian government…
Critical ExifTool Vulnerability Allows Malicious Images to Execute Code on macOS
Many users believe macOS is inherently resistant to malware, but a newly discovered vulnerability proves otherwise. Kaspersky’s Global Research and Analysis Team (GReAT) recently uncovered a critical flaw, tracked as CVE-2026-3102, within ExifTool. ExifTool is a widely popular open-source application…
Product Showcase: Fing Desktop puts network visibility on your screen
Phones, laptops, smart TVs, cameras, and smart home equipment all use the same network. Knowing what’s connected helps users manage performance and security. Fing Desktop provides tools that identify devices, test connectivity, and analyze network activity. Creating an account is…
WiFi Signals Can Track Human Activity Through Walls by Mapping Body Keypoints
In late February 2026, an open-source project named RuView (formerly WiFi DensePose) surged to the top of GitHub trending lists. This edge AI system proves that everyday WiFi signals can track human movement, estimate body poses, and monitor vital signs…
Submarine cables move to the center of critical infrastructure security debate
The cables running along the ocean floor carry the overwhelming majority of the world’s cross-border data traffic, and for most of their operational history they have attracted little strategic attention. That is changing. A new sector report from Capacity Insights…
CISA Alerts Users to Actively Exploited Vulnerabilities Impacting macOS and iOS
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three actively exploited vulnerabilities affecting multiple Apple platforms. On March 5, 2026, CISA added these security flaws to its Known Exploited Vulnerabilities (KEV) catalog, requiring immediate attention…
Microsoft: Fake AI Extensions Breached Chat Histories in 20,000+ Enterprise Tenants
Microsoft has issued an alert after uncovering a wave of malicious Chromium-based browser extensions masquerading as legitimate AI assistant tools. The extensions, available on the Chrome Web Store and compatible with both Google Chrome and Microsoft Edge, secretly collected private…