Latest Cybersecurity News and Articles
03 March 2026
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections.
It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand's real URL. It also lets
03 March 2026
Improper input sanitization in the framework can be exploited through the Shell tool, allowing attackers to modify system files and steal data.
The post Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise appeared first on SecurityWeek.
03 March 2026
Using low-cost receivers deployed along roads, academic researchers tracked drivers and their movement patterns.
The post Researchers Uncover Method to Track Cars via Tire Sensors appeared first on SecurityWeek.
03 March 2026
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers.
The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described
03 March 2026
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.
The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.
"Memory corruption when adding user-supplied data without checking available buffer space," Qualcomm said in an advisory,
03 March 2026
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh.
The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based
02 March 2026
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
02 March 2026
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.
"To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said.
"
02 March 2026
Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files.
The post Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant appeared first on SecurityWeek.
02 March 2026
Malicious websites could open a WebSocket connection to localhost on the OpenClaw gateway port, brute force passwords, and take control of the agent.
The post OpenClaw Vulnerability Allowed Websites to Hijack AI Agents appeared first on SecurityWeek.
02 March 2026
A wave of cyber operations targeted Iran.
02 March 2026
The company is one of the many victims of the 2025 Oracle E-Business Suite (EBS) hacking campaign.
The post Madison Square Garden Data Breach Confirmed Months After Hacker Attack appeared first on SecurityWeek.
02 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 2, 2026 – Read the full story from Ox Security Cybersecurity Ventures predicted that global damage costs resulting from software supply chain attacks would reach $60 billion USD by 2025, and $138
The post Software Supply Chain Risk: The Growing Threat Landscape appeared first on Cybercrime Magazine.
02 March 2026
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points.
The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
02 March 2026
Madhu Gottumukkala has been assigned to a new role within the Department of Homeland Security.
The post Nick Andersen Appointed Acting Director of CISA appeared first on SecurityWeek.
02 March 2026
The AWS Security Hub Extended plan aims to reduce security tool sprawl by correlating findings across multiple security domains.
The post AWS Expands Security Hub Into a Cross-Domain Security Platform appeared first on SecurityWeek.
02 March 2026
In response to the evolving events in the Middle East, the NCSC is advising that UK organisations review their cyber security posture.
02 March 2026
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them.
On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off:
Sign-ups increase, but users aren’t activating.
Server costs rise faster than revenue.
Logs are filled with repeated requests from strange user agents.
If
02 March 2026
Using Windows shortcut files, the APT deployed a new implant, a loader, a propagation tool, and two backdoors.
The post North Korean APT Targets Air-Gapped Systems in Recent Campaign appeared first on SecurityWeek.
02 March 2026
The internet giant is developing an evolution of the certificates based on Merkle Tree Certificates (MTCs).
The post Google Working Towards Quantum-Safe Chrome HTTPS Certificates appeared first on SecurityWeek.