Latest Cybersecurity News and Articles
25 March 2026
Apple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5.
The post iOS, macOS 26.4 Roll Out With Fresh Security Patches appeared first on SecurityWeek.
25 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 25, 2026 – Read the full story from StocksToday.com This past weekend, Stocks today.com shared an economic observation about physical constraints—blocked shipping lanes, sold-out memory chips, smuggled semiconductors—that no monetary policy lever can
The post Investors Want To Know: Is Cybersecurity A Growth Sector Or A Cost Center? appeared first on Cybercrime Magazine.
25 March 2026
The ban aligns with a White House determination that all routers produced abroad are a threat to national security.
The post FCC Bans New Routers Made Outside the US Over National Security Risks appeared first on SecurityWeek.
25 March 2026
A summary of the announcements made by vendors on the second day of the RSAC 2026 Conference.
The post RSAC 2026 Conference Announcements Summary (Day 2) appeared first on SecurityWeek.
25 March 2026
UK organisations encouraged to take immediate action to mitigate two recently disclosed vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway.
25 March 2026
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed.
This incident is worrying, but there's a scenario that should
25 March 2026
The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared first on SecurityWeek.
25 March 2026
The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies.
Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases "milan" and "okart," is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka
25 March 2026
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany.
The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign leverages
25 March 2026
Aleksei Volkov has been sentenced to 81 months in prison for his role in Yanluowang ransomware attacks.
The post US Prisons Russian Access Broker for Aiding Ransomware Attacks appeared first on SecurityWeek.
25 March 2026
The cybersecurity firm said the personal information of hundreds of employees was stolen in the hacker attack targeting Navia.
The post HackerOne Employee Data Exposed in Massive Navia Breach appeared first on SecurityWeek.
25 March 2026
The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security.
The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of
24 March 2026
CESER’s Project Armor is a five year initiative to harden the US critical energy infrastructure, including strengthening energy systems ‘to prevent and recover from wildfires and other hazards’.
The post DoE Publishes 5-Year Energy Security Plan appeared first on SecurityWeek.
24 March 2026
Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access,
The post Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw appeared first on SecurityWeek.
24 March 2026
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor.
Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on
24 March 2026
A ransomware attack on Foster City, California, triggered a state of emergency to access additional resources to keep systems up and running.
24 March 2026
The attacks included a destructive infiltration of Poland's energy system in December and was suspected of originating in Russia.
The post Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector appeared first on SecurityWeek.
24 March 2026
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique.
"The campaign abuses Google Ads to serve rogue ScreenConnect (
24 March 2026
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers.
"The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared
24 March 2026
A summary of the announcements made by vendors on the first day of the RSAC 2026 Conference.
The post RSAC 2026 Conference Announcements Summary (Day 1) appeared first on SecurityWeek.