Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
Solen Feyissa ZQvPAtGxQh0 Unsplash
Researchers Say Claude Flaws Could Be Chained to Silently Exfiltrate User Data
April 01, 2026
Researchers at Oasis Security say they found a three-part exploit chain involving Claude features and related claude.com infrastructure that could silently extract sensitive data from a user’s conversation history. The attack abused trusted platform features…
Read More >
AWS Bedrock DNS
How a Single DNS Loophole Exposes AI Agents to Command-and-Control Attacks
March 31, 2026
The Amazon Web Services (AWS) Bedrock AgentCore Code Interpreter is a managed service enabling AI agents to execute Python code dynamically and securely within a managed cloud environment. The service’s sandbox mode was positioned by…
Read More >
mobile banking fraud Zimperium
The Bank in Your Pocket Is Now the Front Door for Fraud
March 30, 2026
Traditional defenses against fraud have been designed for traditional kinds of threats, prioritizing hardened servers, network perimeters, and layered authentication to defend against the attacks that were prevalent at the time. These measures are increasingly…
Read More >
code-signing extended validation certificates
Signed And Trusted But Still Dangerous
March 24, 2026
Microsoft Defender Experts recently found a series of phishing campaigns abusing legitimate signatures to deceive targets. Identified in February 2026, the phishing lures consisted of crafted meeting invitations and PDF attachments leading to false pages…
Read More >
Salesforce ShinyHunters
Cybercrime Group Targets Salesforce Misconfigurations
March 23, 2026
A renewed cyberattack campaign on Salesforce by the cybercrime group ShinyHunters highlights a key consideration for security teams. Simple configuration mistakes can expose enterprise data—at scale. As this recent campaign unfolded, Salesforce warned customers about…
Read More >
identity security Lumos
Identity Overload Is Creating a New Cybersecurity Breaking Point
March 21, 2026
Autonomous Identity Platform provider Lumos recently published the “AI, Automation, and Risk in 2026: Identity at a Breaking Point” report, exploring the state of identity in the age of AI. According to the report, identity-based…
Read More >
AI browser agentic browsing
How AI Browsers Turn Ordinary Content Into an Attack Surface
March 17, 2026
Agentic AI browsers are being sold as the next productivity leap, tools that can summarize content, move across tabs, connect tasks across apps and services, and act on a user’s behalf. But new research from…
Read More >
post-quantum cryptography PQC
Preparing the Web for the Post-Quantum Era
March 17, 2026
While threats continue to ramp up and security efforts struggle to keep pace, a more existential technological challenge looms: the potential for quantum computing to undermine current public-key cryptography. Understanding the gravity of not meeting…
Read More >
OpenClaw ClawJacked MoltBot ClawdBot
The Hidden Risk of AI Agents Running on Your Laptop
March 17, 2026
Oasis Security researchers disclosed a vulnerability chain that they said allowed a malicious website to take over a locally running OpenClaw AI agent, exposing how browser-accessible local services can become a new attack surface for…
Read More >
insider risk AI cybersecurity
AI Is Reshaping Risk Faster Than Strategy Can Catch Up
March 10, 2026
Ponemon Institute has released the 2026 Cost of Insider Risks Global Report, sponsored by Dtex, to explore the state of insider threats in the modern landscape. The report reveals that insider risk costs have risen…
Read More >
identity identity-first security
When Credentials Become the Exploit
March 09, 2026
Darktrace’s Annual Threat Report 2026 starts with a familiar problem for defenders: known software flaws are growing faster than most teams can keep up with. The report tallies 48,185 CVEs published in 2025, a 20.6%…
Read More >
Pexels Duncanoluwaseun 226232
Open-Source Risk Accelerating Faster Than Governance
March 09, 2026
The latest Open Source Security and Risk Analysis (OSSRA) report issued by Black Duck reveals a sharp escalation in software supply chain risk. Driven by explosive dependency growth, duplicated components, and AI-generated code, open-source vulnerabilities…
Read More >
Ivanti EPMM vulnerabilities
Ivanti EPMM and the New Attack Surface of Trust
March 03, 2026
Ivanti disclosed two zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product on Jan. 29. Both flaws—CVE-2026-1281 and CVE-2026-1340—are code-injection bugs that Ivanti says can allow unauthenticated remote code execution on a vulnerable EPMM server.…
Read More >
Unit42 identity security
Attackers Aren’t Breaking In Anymore — They’re Logging In
March 03, 2026
Unit42, the threat intelligence and security consulting team at Palo Alto Networks, has published the Global Incident Response Report 2026, exploring threat trends likely to influence the landscape for the rest of the year. The…
Read More >
Dell RecoverPoint zero-day
The Dell RecoverPoint Zero-Day and China’s Expanding Playbook
March 02, 2026
Dell recently put out an advisory and security update for CVE-2026-22769, a critical vulnerability in many versions of Dell RecoverPoint for Virtual Machines. The flaw has been actively exploited in the wild since mid-2024, with…
Read More >
Chrome extensions LayerX
Somebody Is Watching: AI Weaponizes Fake Chrome Extensions to Spy on Users
February 26, 2026
The promise of productivity has turned AI tools into effective lures for cybercriminals. Researchers at LayerX Security recently exposed AiFrame, a coordinated campaign of 30 malicious Chrome browser extensions that impersonated well-known AI assistants in…
Read More >
vibecoding £5 botnet
How a Single AI Prompt Built a 90-Host Botnet
February 24, 2026
AI cybersecurity company Darktrace recently observed a botnet incident involving 91 compromised hosts, in which the threat actors brought in only five British pounds in earnings. Darktrace’s global honeypot network, CloudyPots, captured a completely AI-generated…
Read More >
VoidLink AI malware
How VoidLink Signals the Dawn of Machine-Built Malware
February 24, 2026
For years, security researchers have warned that artificial intelligence could eventually let a single operator produce malware that rivals the output of an entire development team. Two recent investigations into a Linux command-and-control framework called…
Read More >
Subscribe for the Latest News
Webinars
Scaling Code Security for Builders Beyond Developer-First
Register Now
Cyber Resilience in Action: How IBM and Index Engines Deliver a Detection-to-Recovery Pipeline
Register Now
Passwordless Authentication: A Practical Approach to Modernizing Access
Register Now