Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
Google has analyzed AI indirect prompt injection attempts involving sites on the public web and noticed an increase in malicious attacks over the past months,…
Category: SecurityWeek
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
OpenSSH versions released over the past 15 years are affected by a vulnerability leading to full root shell access, and attacks cannot be spotted via…
Incomplete Windows Patch Opens Door to Zero-Click Attacks
Incomplete patch for a Windows SmartScreen and Windows Shell security prompts bypass created a new bug enabling zero-click attacks, Akamai reports. The initial vulnerability, tracked…
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
A recently discovered threat actor has been observed bombarding victims with emails and impersonating IT support to convince them to execute malicious code, Google Threat…
Copperhelm Raises $7 Million for Agentic Cloud Security Platform
Israel-based Copperhelm on Thursday emerged from stealth mode, having raised $7 million in seed funding for its agentic cloud security platform. The funding round was…
Bitwarden NPM Package Hit in Supply Chain Attack
The Bitwarden command-line interface (CLI) NPM package was compromised in a supply chain attack that appears tied to previous campaigns against the open source software…
Vulnerabilities Patched in CrowdStrike, Tenable Products
CrowdStrike and Tenable informed customers this week about potentially serious vulnerabilities found and patched in their products. CrowdStrike published an advisory for CVE-2026-40050, a critical…
US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor
At least one US federal agency was infected with a backdoor as part of a widespread China-linked espionage campaign targeting Cisco firewalls. In May 2024,…
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
A newly uncovered APT is relying on legitimate services for command-and-control (C&C) communication and data exfiltration, ESET warns. Tracked as GopherWhisper (PDF) and active since…
Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise
The world’s largest live-fire cyber defense exercise, Locked Shields 2026, concluded on Friday after bringing together more than 4,000 participants from 41 nations. Organized by…
Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents
In March 2026, San Francisco once again became the epicenter of the cybersecurity world. Thousands of practitioners, vendors, and investors gathered at Moscone Center for…
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader…