#obfuscation-and-exfiltration
#obfuscation-and-exfiltration

[ follow ]

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

1 day ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Information security

fromArs Technica

18 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

1 day ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

#cybersecurity

fromTechCrunch

23 hours ago

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

fromSecurityWeek

4 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

fromTechCrunch

2 hours ago

Information security

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Information security

fromSecurityWeek

1 day ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

Privacy professionals

fromSecuritymagazine

3 days ago

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

Information security

fromThe Hacker News

2 days ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

EU data protection

fromTechCrunch

23 hours ago

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

EU data protection

fromSecurityWeek

4 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

Information security

fromTechCrunch

2 hours ago

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

Information security

fromSecurityWeek

1 day ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.

Privacy professionals

fromSecuritymagazine

3 days ago

10 Data Security Stories to Know About (March 2026)

March saw significant data security incidents including cyberattacks, data purchases by the FBI, and breaches affecting millions of customers.

Information security

fromThe Hacker News

2 days ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

more#cybersecurity

#data-breach

Privacy professionals

fromSilicon Canals

1 day ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Privacy professionals

fromSecurityWeek

1 day ago

T-Mobile Sets the Record Straight on Latest Data Breach Filing

T-Mobile confirmed a data breach was caused by an insider incident affecting only one account with limited information exposed.

Privacy professionals

fromSilicon Canals

1 day ago

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

Information security

fromSecuritymagazine

1 day ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

Information security

fromTheregister

2 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Privacy professionals

fromSilicon Canals

1 day ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Privacy professionals

fromSecurityWeek

1 day ago

T-Mobile Sets the Record Straight on Latest Data Breach Filing

T-Mobile confirmed a data breach was caused by an insider incident affecting only one account with limited information exposed.

Privacy professionals

fromSilicon Canals

1 day ago

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

Information security

fromSecuritymagazine

1 day ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

Information security

fromTheregister

2 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Sanctions ramping up in cases involving AI hallucinations

Monetary sanctions against attorneys for AI-generated hallucinations in case documents are increasing as courts take these issues more seriously.

#ai

Privacy technologies

fromComputerWeekly.com

1 day ago

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

fromHarvard Business Review

5 days ago

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

Privacy technologies

fromComputerWeekly.com

1 day ago

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

fromHarvard Business Review

5 days ago

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

more#ai

Artificial intelligence

fromComputerworld

1 day ago

Why AI lies, cheats and steals

AI chatbots are increasingly misbehaving, with a fivefold rise in unethical actions over six months, according to recent research.

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

US politics

fromSilicon Canals

1 day ago

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

US politics

fromTechCrunch

1 day ago

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE has utilized spyware from Paragon Solutions to combat drug trafficking and foreign terrorist organizations' use of encrypted communications.

US politics

fromSilicon Canals

1 day ago

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE is using commercial spyware domestically, raising constitutional concerns about warrantless surveillance and lack of oversight.

New Rowhammer attacks give complete control of machines running Nvidia GPUs

Rowhammer attacks on Nvidia GPUs can compromise CPU memory, allowing full control of host machines.

'It's a real shock': quantum-computing breakthroughs pose imminent risks to cybersecurity

Quantum hackers could pose a serious threat to digital security by the end of this decade, much sooner than previously anticipated.

Information security

fromnews.bitcoin.com

7 hours ago

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google's whitepaper on quantum threats urges immediate post-quantum preparations, shifting the migration deadline to 2029 and highlighting vulnerabilities in blockchain security.

Information security

fromTechRepublic

3 days ago

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.

Science

fromNature

2 days ago

'It's a real shock': quantum-computing breakthroughs pose imminent risks to cybersecurity

Quantum hackers could pose a serious threat to digital security by the end of this decade, much sooner than previously anticipated.

Information security

fromnews.bitcoin.com

7 hours ago

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google's whitepaper on quantum threats urges immediate post-quantum preparations, shifting the migration deadline to 2029 and highlighting vulnerabilities in blockchain security.

Information security

fromTechRepublic

3 days ago

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.

more#quantum-computing

#data-integrity

fromComputerworld

4 days ago

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

Information security

fromSecurityWeek

3 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Data science

fromComputerworld

4 days ago

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

Information security

fromSecurityWeek

3 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

more#data-integrity

Business intelligence

fromSecuritymagazine

5 days ago

Beyond Locking Doors

Access control systems provide valuable data that enhances operational efficiency and decision-making beyond just security.

fromComputerworld

20 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

Privacy professionals

fromNextgov.com

23 hours ago

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

A breach linked to China exposed phone numbers of FBI surveillance targets, raising concerns about counterintelligence risks.

Artificial intelligence

fromTechRepublic

1 day ago

AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech - TechRepublic

Tech industry faces rapid AI advancements alongside significant security vulnerabilities and human costs.

DevOps

fromComputerWeekly.com

2 days ago

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.

Information security

fromSecurityWeek

1 day ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

fromWIRED

1 day ago

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The public Quizlet set contained information about alleged codes for specific facility entrances. 'Checkpoint doors code?' asked one card, with a specific four-digit combination listed in response.

Privacy professionals

EU data protection

fromAdExchanger

1 day ago

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

Information security

fromTNW | Insights

1 hour ago

KeeperDB brings zero-trust database access to privileged access management

Database credentials are a major attack vector, and KeeperDB integrates access controls into its PAM platform to enhance security.

Privacy professionals

fromArs Technica

1 day ago

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Perplexity's AI allegedly shares sensitive user chats with Google and Meta without consent, raising significant privacy concerns.

DevOps

fromTheregister

1 week ago

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.

Artificial intelligence

fromNextgov.com

3 days ago

Old-school spycraft could make a comeback as AI undermines trust

AI may enhance intelligence gathering but also revive traditional espionage methods due to reliability issues with digital communications.

Privacy professionals

fromSilicon Canals

1 day ago

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.

DevOps

fromInfoQ

1 week ago

Panel: Security Against Modern Threats

Modern threats to software supply chains require resilience by design, integrating security into engineering workflows and empowering developers with the right tools.

Artificial intelligence

fromInfoWorld

1 week ago

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

Privacy professionals

fromZDNET

1 day ago

I turned to PrivacyBee to clean up my data - here's how it made me disappear

PrivacyBee is preferred for its comprehensive data removal services and user-friendly management tools.

Information security

fromWIRED

18 hours ago

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

Privacy professionals

fromTechCrunch

2 days ago

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

fromTechCrunch

3 days ago

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Hasbro detected an intrusion on March 28, prompting the company to take down some of its systems. Parts of Hasbro's website appeared down, with error messages indicating maintenance.

Privacy professionals

Information security

fromThe Hacker News

1 day ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

Information security

fromSecurityWeek

1 day ago

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Information security

fromTechzine Global

4 days ago

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

Information security

fromInfoWorld

1 day ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Information security

fromTechzine Global

4 days ago

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Information security

fromSecurityWeek

1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Information security

fromTheregister

3 days ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

Information security

fromInfoWorld

21 hours ago

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Information security

fromSecurityWeek

1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Information security

fromTheregister

3 days ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.

more#claude-code

Privacy professionals

fromMedCity News

2 weeks ago

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

Information security

fromTechzine Global

1 day ago

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Information security

fromThe Hacker News

1 day ago

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Information security

fromThe Hacker News

2 days ago

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

fromTheregister

1 day ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

Information security

fromTechRepublic

3 days ago

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

fromThe Hacker News

4 days ago

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.

Information security

fromSecurityWeek

2 days ago

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Information security

fromThe Hacker News

1 day ago

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Information security

fromThe Hacker News

2 days ago

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

fromTheregister

1 day ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

Information security

fromTechRepublic

3 days ago

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

fromThe Hacker News

4 days ago

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Information security

fromTheregister

2 days ago

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Information security

fromInfoQ

4 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Information security

fromSecurityWeek

2 days ago

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Information security

fromTheregister

2 days ago

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Information security

fromInfoQ

4 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

more#supply-chain-attack

Information security

fromTechzine Global

2 days ago

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Information security

fromSecurityWeek

4 days ago

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen credentials significantly enhance ransomware attacks, enabling illegitimate access and operational disruption within networks.

Information security

fromFortune

1 day ago

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

Information security

fromComputerworld

1 day ago

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Information security

fromSecurityWeek

2 days ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Information security

fromThe Hacker News

1 day ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Information security

fromSecurityWeek

2 days ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Information security

fromThe Hacker News

1 week ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Information security

fromThe Hacker News

3 days ago

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Information security

fromThe Hacker News

1 week ago

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Venom Stealer Raises Stakes With Continuous Credential Harvesting

Stolen credentials via infostealers like Venom Stealer are central to modern cybercrime.

Information security

fromSecurityWeek

4 days ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Information security

fromSecurityWeek

4 days ago

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

Information security

fromSecurityWeek

5 days ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Information security

fromEntrepreneur

1 week ago

This AI Security Strategy Is Redefining Cyberattack Recovery

Combining Zero Trust principles with AI enhances resilience, reduces downtime, and maintains strict access controls.

Information security

fromTechzine Global

2 weeks ago

Identity has become malleable for cyber attackers

Modern cyberattacks combine psychological manipulation, deepfakes, voice phishing, and stolen data to breach even well-defended organizations without exploiting software vulnerabilities.

Information security

fromSecurityWeek

2 weeks ago

Security Firm Executive Targeted in Sophisticated Phishing Attack

A C-level executive at Outpost24 was targeted by a sophisticated phishing attack using the Kratos phishing-as-a-service kit that exploited legitimate services like Cisco and Nylas to bypass security defenses.

Information security

fromSecurityWeek

1 month ago

Security in the Dark: Recognizing the Signs of Hidden Information

Withholding accurate or complete data undermines security decisions and increases organizational risk.

[ Load more ]

#obfuscation-and-exfiltration#obfuscation-and-exfiltration

OpenClaw gives users yet another reason to be freaked out about security

Understanding the risks of OpenClaw

OpenClaw gives users yet another reason to be freaked out about security

Understanding the risks of OpenClaw

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

10 Data Security Stories to Know About (March 2026)

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

10 Data Security Stories to Know About (March 2026)

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

T-Mobile Sets the Record Straight on Latest Data Breach Filing

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

The company's biggest security hole lived in the breakroom

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

T-Mobile Sets the Record Straight on Latest Data Breach Filing

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

The company's biggest security hole lived in the breakroom

Sanctions ramping up in cases involving AI hallucinations

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Why AI lies, cheats and steals

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

ICE says it bought Paragon's spyware to use in drug trafficking cases | TechCrunch

ICE confirms it deployed Paragon spyware inside the United States for drug trafficking cases - Silicon Canals

New Rowhammer attacks give complete control of machines running Nvidia GPUs

'It's a real shock': quantum-computing breakthroughs pose imminent risks to cybersecurity

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

'It's a real shock': quantum-computing breakthroughs pose imminent risks to cybersecurity

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

IT lesson from the Iran war: AI makes your data problems so much worse

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

IT lesson from the Iran war: AI makes your data problems so much worse

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Beyond Locking Doors

A core infrastructure engineer pleads guilty to federal charges in insider attack

Suspected Chinese breach of FBI system exposed surveillance targets' phone numbers

AI Breakthroughs, Security Breaches, and Industry Shakeups Define the Week in Tech - TechRepublic

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

Mobile Attack Surface Expands as Enterprises Lose Control

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

Data Privacy At The Kitchen Table | AdExchanger

KeeperDB brings zero-trust database access to privileged access management

Perplexity's "Incognito Mode" is a "sham," lawsuit says

Documentation can contain malicious instructions for agents

Old-school spycraft could make a comeback as AI undermines trust

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Panel: Security Against Modern Threats

The agent security mess

I turned to PrivacyBee to clean up my data - here's how it made me disappear

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

Hasbro says it was hacked, and may take 'several weeks' to recover | TechCrunch

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Critical ShareFile Flaws Lead to Unauthenticated RCE

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Securing agentic AI is still about getting the basics right

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Securing agentic AI is still about getting the basics right

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Claude Code is still vulnerable to an attack Anthropic has already fixed

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Claude Code's source reveals extent of system access

Claude Code is still vulnerable to an attack Anthropic has already fixed

Critical Vulnerability in Claude Code Emerges Days After Source Leak

#obfuscation-and-exfiltration
#obfuscation-and-exfiltration