Latest Cybersecurity News and Articles
17 March 2026
Tracked as CVE-2025-47813, the flaw leads to the disclosure of the full local installation path of the application.
The post CISA Flags Year-Old Wing FTP Vulnerability as Exploited appeared first on SecurityWeek.
17 March 2026
Akamai warns that Layer 7 DDoS, API abuse and AI-powered attacks are merging into coordinated, multi-vector campaigns that are harder to detect and defend against.
The post AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks appeared first on SecurityWeek.
17 March 2026
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts.
The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.
"Initial access was achieved through a spear-phishing email disguised as a
17 March 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, CVE-2025-47813 (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions
17 March 2026
One of the United States’ largest Verizon Authorized Retailers may have been compromised.
16 March 2026
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories.
"The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py," StepSecurity said. "Anyone who runs
16 March 2026
Broadcom, Bechtel, Estée Lauder, and Abbott Technologies are the only major companies that have yet to issue a public statement.
The post Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact appeared first on SecurityWeek.
16 March 2026
Intuitive faced a data breach due to a phishing attack.
16 March 2026
The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages.
The post Security Firm Executive Targeted in Sophisticated Phishing Attack appeared first on SecurityWeek.
16 March 2026
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling.
This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a good mix here: weird abuse of trusted stuff, quiet infrastructure ugliness,
16 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 16, 2026 – Read the full Forbes story The cloud is home to a dizzying amount of data. According to Cybersecurity Ventures, nearly half of the world’s data exists in external
The post How Secure Is The Data Stored By Cloud Providers? appeared first on Cybercrime Magazine.
16 March 2026
The state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months.
The post China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation appeared first on SecurityWeek.
16 March 2026
Storm-2561 is distributing fake VPN clients through SEO poisoning, deploying trojans, and stealing login information.
The post Threat Actor Targeting VPN Users in New Credential Theft Campaign appeared first on SecurityWeek.
16 March 2026
If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an automated pentesting product, in another. A vulnerability scanner feeding an attack surface management platform somewhere else. Each tool gives you a slice of the picture. None of them talks to each other in any
16 March 2026
Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign.
The post ForceMemo: Python Repositories Compromised in GlassWorm Aftermath appeared first on SecurityWeek.
16 March 2026
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync.
"Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate the implications of running
16 March 2026
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team.
The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware
16 March 2026
Initial evidence indicates Iran may be behind the attack, but officials admitted it could be a false flag.
The post Hacking Attempt Reported at Poland’s Nuclear Research Center appeared first on SecurityWeek.
16 March 2026
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API.
The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week.
AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened
15 March 2026
Personal information such as names, email addresses, and phone numbers was accessed by hackers.
The post Loblaw Data Breach Impacts Customer Information appeared first on SecurityWeek.