Nyhetsnavet - säkerhetsflöden

Senaste 1h Senaste 6h Senaste 24h Senaste 7d Senaste 30d Endast lokalt Analys/ledare Endast följda källor

Toppnyheter Säkerhet

Dark Reading

Nation-State Actor Embraces AI Malware Assembly Line

Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.

2026-03-05 22:56 9 h

Dark Reading

Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform

2026-03-05 22:23 · 9 h

Dark Reading

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical

2026-03-05 21:11 · 11 h

Dark Reading

Software Development Practices Help Enterprises Tackle Real-Life Risks

2026-03-05 17:34 · 14 h

Microsoft MSRC

CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

2026-03-05 17:00 · 15 h

Full coverage Flera perspektiv på samma ämne.

VMware Aria Operations Bug Exploited, Cloud Resources at Risk

2 källor · 2026-03-04 22:04

Dark Reading SecurityWeek Vulnerabilities

Fler källor:

SecurityWeek Vulnerabilities

Security-widgeten är dold. Visa widget

Säkerhet 120 artiklar

Dark Reading

Nation-State Actor Embraces AI Malware Assembly Line

Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.

2026-03-05 22:56 9 h

Dark Reading

Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform

The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.

2026-03-05 22:23 9 h

Dark Reading

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical

Edge bugs are so fetch, and Cisco just dropped 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.

2026-03-05 21:11 11 h

Dark Reading

Software Development Practices Help Enterprises Tackle Real-Life Risks

Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error.

2026-03-05 17:34 14 h

Microsoft MSRC

CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.

2026-03-05 17:00 15 h

Microsoft MSRC

1 fler källor

Microsoft MSRC CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability 2026-03-05 17:00

Microsoft MSRC

CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Information published.

2026-03-05 17:00 15 h

Microsoft MSRC

CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability

Information published.

2026-03-05 17:00 15 h

Microsoft MSRC

CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Information published.

2026-03-05 17:00 15 h

Microsoft MSRC

The Hacker News

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below -...

2026-03-05 16:22 15 h

The Hacker News

Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders

Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting...

2026-03-05 16:22 15 h

The Hacker News

SecurityWeek Vulnerabilities

Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises

Less than half of the total zero-days have been attributed to a threat actor, but spyware vendors and China are in the lead. The post Google: Half of 2025’s 90 Exploited Zero-Days Aimed at Enterprises appeared first...

2026-03-05 16:00 16 h

Dark Reading

LatAm Now Faces 2x More Cyberattacks Than US

Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage.

2026-03-05 15:00 17 h

The Hacker News

ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More

Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity,...

2026-03-05 14:44 17 h

The Hacker News

SecurityWeek Vulnerabilities

Russian Ransomware Operator Pleads Guilty in US

Evgenii Ptitsyn was extradited to the United States from South Korea in November 2024. The post Russian Ransomware Operator Pleads Guilty in US appeared first on SecurityWeek.

2026-03-05 13:47 18 h

SecurityWeek Vulnerabilities

Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild

The networking giant has added the recently patched CVE-2026-20128 and CVE-2026-20122 to the list of exploited vulnerabilities. The post Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild appeared first...

2026-03-05 13:15 19 h

The Hacker News

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware....

2026-03-05 13:01 19 h

The Hacker News

SecurityWeek Vulnerabilities

Reclaim Security Raises $20 Million to Accelerate Remediation

The company will expand its engineering team, deepen integrations, and accelerate go-to-market initiatives. The post Reclaim Security Raises $20 Million to Accelerate Remediation appeared first on SecurityWeek.

2026-03-05 12:23 19 h

The Hacker News

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still...

2026-03-05 12:00 20 h

The Hacker News

SecurityWeek Vulnerabilities

LeakBase Cybercrime Forum Shut Down, Suspects Arrested

The stolen credential marketplace had been active since 2021 and in late 2025 it counted 142,000 users. The post LeakBase Cybercrime Forum Shut Down, Suspects Arrested appeared first on SecurityWeek.

2026-03-05 11:46 20 h

The Hacker News

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine

Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain...

2026-03-05 11:10 21 h

The Hacker News

Microsoft MSRC

CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed

Information published.

2026-03-05 10:42 21 h

Microsoft MSRC

CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module

Information published.

2026-03-05 10:41 21 h

Microsoft MSRC

CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()

Information published.

2026-03-05 10:41 21 h

Microsoft MSRC

CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses

Information published.

2026-03-05 10:41 21 h

Microsoft MSRC

CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap

Information published.

2026-03-05 10:41 21 h

Microsoft MSRC

CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.

Information published.

2026-03-05 10:40 21 h

Microsoft MSRC

CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO

Information published.

2026-03-05 10:40 21 h

Microsoft MSRC

CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()

Information published.

2026-03-05 10:36 21 h

Microsoft MSRC

CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

Information published.

2026-03-05 10:35 21 h

Microsoft MSRC

CVE-2025-68121 Unexpected session resumption in crypto/tls

Information published.

2026-03-05 10:09 22 h

Microsoft MSRC

CVE-2026-0038 In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Information published.

2026-03-05 10:09 22 h

Microsoft MSRC

CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Information published.

2026-03-05 10:09 22 h

Microsoft MSRC

1 fler källor

Microsoft MSRC CVE-2026-3338 PKCS7_verify Signature Validation Bypass in AWS-LC 2026-03-05 10:08

Microsoft MSRC

CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

Information published.

2026-03-05 10:08 22 h

Microsoft MSRC

CVE-2026-24821 A heap-based buffer over-read that might affect a system that compiles untrusted Lua code in turanszkij/WickedEngine.

Information published.

2026-03-05 10:08 22 h

Microsoft MSRC

CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

Information published.

2026-03-05 10:08 22 h

Microsoft MSRC

CERT-SE

Kritiska sårbarheter i Cisco FMC och Cisco SCC

Cisco har publicerat information gällande två kritiska sårbarheter i Cisco Secure Firewall Management Center (FMC) och Cisco Security Cloud Control (SCC) Firewall Management. Båda sårbarheterna (CVE-2026-20079 och...

2026-03-05 10:05 22 h

CERT-SE

Microsoft MSRC

CVE-2026-23231 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()

Information published.

2026-03-05 10:04 22 h

Microsoft MSRC

CVE-2025-71238 scsi: qla2xxx: Fix bsg_done() causing double free

Information published.

2026-03-05 10:04 22 h

Microsoft MSRC

CVE-2026-23238 romfs: check sb_set_blocksize() return value

Information published.

2026-03-05 10:04 22 h

Microsoft MSRC

CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks

Information published.

2026-03-05 10:04 22 h

Microsoft MSRC

CVE-2026-23235 f2fs: fix out-of-bounds access in sysfs attribute read/write

Information published.

2026-03-05 10:04 22 h

Microsoft MSRC

CVE-2026-23234 f2fs: fix to avoid UAF in f2fs_write_end_io()

Information published.

2026-03-05 10:04 22 h

Microsoft MSRC

CVE-2026-23236 fbdev: smscufx: properly copy ioctl memory to kernelspace

Information published.

2026-03-05 10:04 22 h

Microsoft MSRC

CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion

Information published.

2026-03-05 10:03 22 h

Microsoft MSRC

SecurityWeek Vulnerabilities

Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

Cisco has rolled out patches for 48 vulnerabilities in Firewall ASA, Secure FMC, and Secure FTD products. The post Cisco Patches Critical Vulnerabilities in Enterprise Networking Products appeared first on SecurityWeek.

2026-03-05 09:50 22 h

Cisco PSIRT

Cisco Catalyst SD-WAN Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite...

2026-03-05 09:06 23 h

Cisco PSIRT

The Hacker News

Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks

Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law...

2026-03-05 07:51 1 d

The Hacker News

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials

A joint law enforcement operation has dismantled LeakBase, one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of...

2026-03-05 07:34 1 d

The Hacker News

SecurityWeek Vulnerabilities

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns. The post Nation-State iOS Exploit Kit ‘Coruna’ Found Powering...

2026-03-05 05:04 1 d

Cisco PSIRT

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker...

2026-03-05 01:00 1 d

Cisco PSIRT

1 fler källor

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Lua Code Injection Vulnerability 2026-03-05 01:00

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerabilities 2026-03-05 01:00

Cisco PSIRT

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Client-Side Request Smuggling Vulnerability

A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote...

2026-03-05 01:00 1 d

Cisco PSIRT

1 fler källor

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Cross-Site Scripting Vulnerability 2026-03-05 01:00

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability 2026-03-04 17:00

Cisco PSIRT

Cisco Webex Services Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This...

2026-03-05 01:00 1 d

Cisco PSIRT

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote...

2026-03-05 01:00 1 d

Cisco PSIRT

1 fler källor

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IPsec Denial of Service Vulnerability 2026-03-04 17:00

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance Software TCP Flood Denial of Service Vulnerability 2026-03-04 17:00

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability 2026-03-04 17:00

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerabilities 2026-03-04 17:00

Cisco PSIRT

Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface and REST API of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on...

2026-03-05 01:00 1 d

Cisco PSIRT

1 fler källor

Cisco PSIRT Cisco Secure Firewall Management Center Software Command Injection Vulnerability 2026-03-05 01:00

Cisco PSIRT Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability 2026-03-05 01:00

Cisco PSIRT

Cisco Secure Firewall Threat Defense Software TLS with Snort 3 Detection Engine Denial of Service Vulnerability

A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3...

2026-03-05 01:00 1 d

Cisco PSIRT

1 fler källor

Cisco PSIRT Cisco Secure Firewall Threat Defense Software Snort 3 SSL Memory Management Denial of Service Vulnerability 2026-03-05 01:00

Cisco PSIRT Cisco Secure Firewall Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability 2026-03-04 17:00

CISA KEV-katalog

CVE-2017-7921 – Hikvision Multiple Products

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. | Åtgärd: Apply mitigations...

2026-03-05 01:00 1 d

CISA KEV-katalog

CVE-2021-22681 – Rockwell Multiple Products

Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are...

2026-03-05 01:00 1 d

CISA KEV-katalog

CVE-2023-43000 – Apple Multiple Products

Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption. | Åtgärd: Apply mitigations per vendor...

2026-03-05 01:00 1 d

CISA KEV-katalog

CVE-2021-30952 – Apple Multiple Products

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution. | Åtgärd: Apply...

2026-03-05 01:00 1 d

CISA KEV-katalog

CVE-2023-41974 – Apple iOS and iPadOS

Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. | Åtgärd: Apply mitigations per vendor instructions, follow applicable BOD 22-01...

2026-03-05 01:00 1 d

CISA KEV-katalog

Cisco PSIRT

Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to...

2026-03-05 01:00 1 d

Cisco PSIRT

1 fler källor

Cisco PSIRT Cisco Secure Firewall Management Center Software SQL Injection Vulnerability 2026-03-04 17:11

Cisco PSIRT Cisco Secure Firewall Management Center and Secure Firewall Threat Defense Software Path Traversal Vulnerability 2026-03-04 17:00

Dark Reading

VMware Aria Operations Bug Exploited, Cloud Resources at Risk

Exploitation of the command injection flaw in VMware Aria Operations could grant an attacker broad acess to victims' cloud environments.

2026-03-04 22:04 1 d

SecurityWeek Vulnerabilities

Tycoon 2FA Phishing Platform Dismantled in Global Takedown

The phishing-as-a-service platform was used to send fraudulent emails to over 500,000 organizations every month. The post Tycoon 2FA Phishing Platform Dismantled in Global Takedown appeared first on SecurityWeek.

2026-03-04 19:37 1 d

SecurityWeek Vulnerabilities

New LexisNexis Data Breach Confirmed After Hackers Leak Files

The hackers claim to have stolen 2GB of files, including 400,000 personal information records. The post New LexisNexis Data Breach Confirmed After Hackers Leak Files appeared first on SecurityWeek.

2026-03-04 18:44 1 d

The Hacker News

149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in...

2026-03-04 18:21 1 d

The Hacker News

Dark Reading

Stranger Things Meets Cybersecurity: Lessons from the Hive Mind

Events and concepts from the Stranger Things television series illustrate how enterprises can defend their networks and stay "right side up."

2026-03-04 18:09 1 d

Cisco PSIRT

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local...

2026-03-04 17:10 1 d

Cisco PSIRT

Multiple Cisco Products Snort 3 Denial of Service Vulnerabilities

Multiple Cisco products are affected by vulnerabilities in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an...

2026-03-04 17:00 1 d

Cisco PSIRT

1 fler källor

Cisco PSIRT Multiple Cisco Products Snort 3 Visual Basic for Applications Denial of Service Vulnerabilities 2026-03-04 17:00

Cisco PSIRT

Cisco Secure Firewall Adaptive Security Appliance Software Multiple Context Mode SCP Unauthorized File Access Vulnerability

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to...

2026-03-04 17:00 1 d

Cisco PSIRT

1 fler källor

Cisco PSIRT Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control List Bypass Vulnerability 2026-03-04 17:00

Cisco PSIRT

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software OSPF Protocol Vulnerabilities

Multiple vulnerabilities in the OSPF feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an adjacent attacker to cause the...

2026-03-04 17:00 1 d

Cisco PSIRT

ClamAV Cascading Style Sheets Image Parsing Error Handling Denial of Service Vulnerability

A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due...

2026-03-04 17:00 1 d

Cisco PSIRT

Cisco Secure Firewall Threat Defense Software Snort Deep Inspection Bypass Vulnerability

A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rules and allow...

2026-03-04 17:00 1 d

Cisco PSIRT

SecurityWeek Vulnerabilities

Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance

The deal awaits final shareholder and regulatory approvals and is expected to be completed in the second half of 2026. The post Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance appeared first on...

2026-03-04 16:36 1 d

SecurityWeek Vulnerabilities

Hacker Conversations: Inti De Ceukelaire, Raging Against the Machine Creatively

A Belgian national, De Ceukelaire’ did not set out to be a hacker. Like many hackers he was born with the potential to become one and only gradually realized he is one. The post Hacker Conversations: Inti De...

2026-03-04 16:00 1 d

Dark Reading

Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate

Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the...

2026-03-04 16:00 1 d

The Hacker News

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit...

2026-03-04 14:28 1 d

The Hacker News

SecurityWeek Vulnerabilities

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents

Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware. The post How Pirated Software...

2026-03-04 13:48 1 d

SecurityWeek Vulnerabilities

AI Security Firm JetStream Launches With $34 Million in Seed Funding

The startup aims to provide organizations with visibility into how AI operates across their environment. The post AI Security Firm JetStream Launches With $34 Million in Seed Funding appeared first on SecurityWeek.

2026-03-04 13:43 1 d

SecurityWeek Vulnerabilities

LastPass Warns of New Phishing Campaign

The attackers are sending out fake alerts claiming unauthorized access or master password changes. The post LastPass Warns of New Phishing Campaign appeared first on SecurityWeek.

2026-03-04 13:04 1 d

SecurityWeek Vulnerabilities

Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity

Join the webinar as we explore a blueprint for an OT SOC leveraging an integrated OT Security Platform to safeguard operations and maintain business continuity. The post Webinar Today: Designing an OT SOC for Safety,...

2026-03-04 13:00 1 d

SecurityWeek Vulnerabilities

Google Plans Two-Week Release Schedule for Chrome

Starting September 2026, new Chrome iterations will be released twice as fast, part of a two-week cycle. The post Google Plans Two-Week Release Schedule for Chrome appeared first on SecurityWeek.

2026-03-04 12:52 1 d

The Hacker News

New RFP Template for AI Usage Control and AI Governance

As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many...

2026-03-04 12:30 1 d

The Hacker News

Dark Reading

China's Silver Dragon Razes Governments in EU, SE Asia

The emerging actor, part of the APT41 nexus, gains initial access via phishing, and uses legitimate network services to obscure cyber espionage activities.

2026-03-04 12:26 1 d

Dark Reading

SecurityWeek Vulnerabilities

Global Coalition Publishes 6G Security and Resilience Principles

The principles cover security, resilience against attacks and disasters, AI, and openness and interoperability. The post Global Coalition Publishes 6G Security and Resilience Principles appeared first on SecurityWeek.

2026-03-04 11:57 1 d

The Hacker News

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux

Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and...

2026-03-04 10:37 1 d

The Hacker News

SecurityWeek Vulnerabilities

Critical FreeScout Vulnerability Leads to Full Server Compromise

A patch bypass for an authenticated code execution bug, the flaw leads to zero-click remote code execution attacks. The post Critical FreeScout Vulnerability Leads to Full Server Compromise appeared first on...

2026-03-04 10:16 1 d

Microsoft MSRC

CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

Information published.

2026-03-04 10:13 1 d

Microsoft MSRC

CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve

Information published.

2026-03-04 10:11 1 d

Microsoft MSRC

CVE-2026-28422 Vim has stack-buffer-overflow in build_stl_str_hl()

Information published.

2026-03-04 10:10 1 d

Microsoft MSRC

CVE-2026-28421 Vim has a heap-buffer-overflow and a segmentation fault

Information published.

2026-03-04 10:10 1 d

Microsoft MSRC

CVE-2026-28420 Vim has Heap-based Buffer Overflow and OOB Read in :terminal

Information published.

2026-03-04 10:10 1 d

Microsoft MSRC

CVE-2026-28419 Vim has Heap-based Buffer Underflow in Emacs tags parsing

Information published.

2026-03-04 10:10 1 d

Microsoft MSRC

CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Information published.

2026-03-04 10:04 1 d

Microsoft MSRC

The Hacker News

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least...

2026-03-04 09:14 1 d

The Hacker News

SecurityWeek Vulnerabilities

VMware Aria Operations Vulnerability Exploited in the Wild

The recently patched CVE-2026-22719 can be exploited by an unauthenticated attacker for remote code execution. The post VMware Aria Operations Vulnerability Exploited in the Wild appeared first on SecurityWeek.

2026-03-04 08:24 1 d

The Hacker News

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog,...

2026-03-04 05:35 2 d

The Hacker News

Dark Reading

Indian APT 'Sloppy Lemming' Targets Defense, Critical Infrastructure

India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control.

2026-03-03 23:24 2 d

Dark Reading

Vehicle Tire Pressure Sensors Enable Silent Tracking

Like many other features and systems in modern cars, tire pressure sensors leak sensitive data that can be abused by threat actors.

2026-03-03 21:53 2 d

Dark Reading

Qualcomm Zero-Day Exploited in Targeted Android Attacks

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.

2026-03-03 21:28 2 d

Dark Reading

SecurityWeek Vulnerabilities

Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters

Two AWS data centers in the United Arab Emirates were “directly struck” and another facility in Bahrain was also damaged after a drone landed nearby. The post Iranian Strikes on Amazon Data Centers Highlight...

2026-03-03 20:56 2 d

Dark Reading

Speakeasies to Shadow AI: Banning AI Browsers Will Fail

Lessons from history highlight why AI-enabled browsers require controlled enablement.

2026-03-03 18:40 2 d

Dark Reading

The Hacker News

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or...

2026-03-03 18:15 2 d

The Hacker News

Ladda fler

Visar 120 av 220 artiklar