Latest Cybersecurity News and Articles
31 March 2026
After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities.
The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek.
31 March 2026
Attackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code.
The post CrewAI Vulnerabilities Expose Devices to Hacking appeared first on SecurityWeek.
31 March 2026
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environment.
According to Palo Alto Networks Unit 42, the issue relates to how the Vertex AI permission model can be misused
31 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 31, 2026 – Read the full story in Forbes One message has persisted over the past few years: cybersecurity is no longer an IT concern; it has become a fundamental business
The post The CISO Gap: Why Every Business Needs Cybersecurity Leadership appeared first on Cybercrime Magazine.
31 March 2026
The NCSC has issued actions for individuals at risk of targeted attacks against messaging apps.
31 March 2026
Google researchers have shown that breaking the encryption of Bitcoin and Ethereum requires 20x fewer qubits.
The post Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption appeared first on SecurityWeek.
31 March 2026
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT.
"The operation covers VPN clients, encrypted messengers, video conferencing tools, cryptocurrency trackers, and e-commerce applications, with eleven confirmed delivery domains impersonating
31 March 2026
The SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests.
The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek.
31 March 2026
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments.
This is the defining challenge of the new era of digital warfare: the weaponization of Artificial Intelligence. Threat actors
31 March 2026
Remotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years.
The post StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs appeared first on SecurityWeek.
31 March 2026
A faulty software update led to the exposure of mobile banking users’ transactions to other users of the application.
The post Lloyds Data Security Incident Impacts 450,000 Individuals appeared first on SecurityWeek.
31 March 2026
Researchers found an OpenAI Codex vulnerability that could have been exploited to compromise GitHub tokens.
The post Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise appeared first on SecurityWeek.
31 March 2026
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency.
Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake dependency.
According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios
30 March 2026
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point.
"A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in
30 March 2026
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.
"It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immediately and captures passwords and sessions even if the primary loader is blocked," ReliaQuest researchers Thassanai
30 March 2026
AI-Driven Security and SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 30, 2026 Mid-market organizations face sophisticated cyber threats with constrained security budgets and lean teams. AI-powered SOC transforms security operations through
The post AI SOC: Definition, Components & Architecture appeared first on Cybercrime Magazine.
30 March 2026
The company has disclosed a cybersecurity incident involving one of its electronic health record environments.
The post Healthcare IT Platform CareCloud Probing Potential Data Breach appeared first on SecurityWeek.
30 March 2026
LLMs can write complex Rego and Cedar code in seconds, but a single missing condition or hallucinated attribute can quietly dismantle your organization’s least-privilege security model.
The post Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control appeared first on SecurityWeek.
30 March 2026
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention.
There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring
30 March 2026
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary escalations, and improve how the entire SOC responds under pressure