Large‑scale campaigns abusing GitHub and Reddit to spread Vidar Stealer 2.0 through fake “free game cheats,” targeting players of popular online titles across the board. The operation shows how the takedown of other infostealers has shifted criminal demand toward Vidar,…
Tag: EN
Delegated Trust Is Becoming the Largest Attack Surface in Modern Security
Over the next decade, the way we define security failures is going to change. No longer will it begin with an unpatched server or a careless employee clicking the wrong link. The root cause will be something far more ordinary,…
ManageEngine expands Endpoint Central with EDR and secure access
ManageEngine has announced the expansion of its unified endpoint management and security (UEMS) platform, Endpoint Central, to include endpoint detection and response (EDR) and secure private access capabilities. The additions bolster Endpoint Central’s endpoint security capabilities by enabling AI-powered threat…
Virtue AI brings continuous stress testing to enterprise AI agents
Virtue AI has announced Agent ForgingGround with built-in Red-Teaming Agents, the first enterprise-scale testing ground designed to continuously evaluate and stress-test AI agents (including multi-agent systems) before, during, and after deployment. As organizations adopt large-scale AI agents, many enterprises are…
Police To Deploy Live Facial Recognition In Norwich
Live facial recognition van to be stationed in Norwich city centre on Sunday, amid government plans to expand tech’s use This article has been indexed from Silicon UK Read the original article: Police To Deploy Live Facial Recognition In Norwich
Cyberattacks Soar 245% as War Triggers Global Digital Offensive
Since the outbreak of the Middle East conflict on 28 February 2026, Akamai has seen a surge of 245% in cyberattacks against key businesses and institutions in North America, Europe, and some Asian Pacific countries. One group in particular, Handala (widely believed to have…
UK’s Companies House exposed data linked to millions of firms
Companies House, the UK’s official registrar of companies, has disclosed a security flaw in its WebFiling service that exposed sensitive data tied to more than five million registered businesses. The issue traces back to a system update rolled out in October 2025 and went unnoticed for five months…
Boggy Serpens Hits Diplomats, Critical Infrastructure in Espionage Waves
Boggy Serpens, also known as MuddyWater, has escalated its cyberespionage operations over the past year, focusing on diplomats and critical infrastructure organizations in a coordinated, multi-wave campaign. Boggy Serpens has moved beyond its earlier noisy, high-volume phishing style to prioritize…
Iran’s cyberattack against med tech firm is ‘just the beginning’
Even without a navy, or air power, ‘They’ll still have the ability to hack’ Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.… This article has been indexed from The Register…
‘CrackArmor’ Exposes Nine Vulnerabilities in Linux AppArmor
The Qualys Threat Research Unit (TRU) has identified nine vulnerabilities in AppArmor, a Linux Security Module. The vulnerability has been present since 2017 (version v4.11). AppArmor is the default mandatory access control system for Ubuntu, Debian, SUSE, and several cloud platforms. Its presence in all…
Aura – 903,080 breached accounts
In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected.…
Ubuntu Desktop Systems Vulnerability Enables Attackers to Gain Full Root Access
A Local Privilege Escalation (LPE) vulnerability in default installations of Ubuntu Desktop 24.04 and later allows an unprivileged local attacker to gain full root access. Tracked as CVE-2026-3888, uncovered by The Qualys Threat Research Unit, the flaw exploits an unintended…
Cybercriminals scale up, government sector hit hardest
Government agencies faced the highest volume of cyberattack campaigns in 2025, according to new findings from HPE Threat Labs, which tracked 1,186 active campaigns over the course of the year. The data covers activity observed between January 1 and December…
Tufin introduces AI agents to take on network security work
Tufin is launching a new collection of AI agents designed to take on network security tasks for teams that are already stretched thin. This helps free up scarce expertise to focus on higher-level risks, critical decisions, and defending the enterprise.…
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in…
Energy strategy, scammer accord, font-rendering attack
Energy Department to release first cyber strategy Tech giants sign on to fight scammers Font-rendering hides malicious commands from AI in plain sight Get links to all our stories in the show notes: https://cisoseries.com/cybersecurity-news-energy-strategy-scammer-accord-font-rendering-attack/ Huge thanks to our episode sponsor,…
Over one billion customer records belonging to IDMerit users left unprotected online
Cyber researchers discovered more than one billion unprotected IDMerit customer records online. The records included details of people from all over the world, with hundreds… The post Over one billion customer records belonging to IDMerit users left unprotected online appeared…
Researchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM Access
Researchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as “RegPwn”. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how Windows handles registry configurations for…
New Kubernetes NFS CSI Vulnerability Enables Unauthorized Directory Deletion and Changes
A newly disclosed security flaw in the Kubernetes Container Storage Interface (CSI) Driver for Network File System (NFS) exposes storage servers to unauthorized directory modification and deletion. Tracked as CVE-2026-3864 with a medium-severity CVSS v3.1 score of 6.5, this vulnerability…
Exposed Ollama Servers: Security Risks of Publicly Accessible LLM Infrastructure
Learn how exposed Ollama servers can allow unauthorized model access, prompt abuse, and GPU resource consumption when LLM inference APIs are publicly accessible. The post Exposed Ollama Servers: Security Risks of Publicly Accessible LLM Infrastructure appeared first on Indusface. The…