Getting the Threat Model Right
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious…
Month: March 2026
US, Germany, Canada disrupt botnets
Law enforcement agencies in the United States, Germany and Canada have carried out an operation to take down infrastructure used by four major botnets that…
Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager
Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager Pierluigi Paganini March 22, 2026 Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated…
Anthropic ban heralds new era of supply chain risk — with no clear playbook
“You need a full AI security solution,” he tells CSO, arguing that AI systems are dynamic, with models, data, and behaviors that change over time,…
PerfMon! What Is It Good For?
In his hit song “War,” Motown singer Edwin Starr asked a poignant question: “War, huh, yeah, what is it good for?” Well, from a purple…
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored…
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware –…
Your MFA isn’t broken — it’s being bypassed, and your employees can’t tell the difference
2. We trust session cookies too much Once MFA is completed, most organisations treat the resulting session as sacred. The user proved who they are,…
The Huntress Cyber Insurance Trends Report (2025)
The best offense is a good defense, and this is even more true when it comes to cyber threats. Cyber insurance may not be at…
From an idea to the airwaves.
In this special edition of CyberWire Daily’s 10th anniversary series, Maria Varmazis hosts a thoughtful and engaging conversation with N2K CyberWire CEO Peter Kilpe and…
March Windows updates break Teams, OneDrive sign-ins
Microsoft says the March Windows 11 update breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. These sign-in issues appear after…