Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. [...]
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]
A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. [...]
The startup will invest in product development and go-to-market efforts as it expands into new sectors. The post Onit Security Raises $11 Million for Exposure Management Platform appeared first on SecurityWeek.
Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. [...]
Ilya Angelov was a member of the cybercrime group tracked as TA-551, Shathak, Gold Cabin, Monster Libra, and ATK236. The post Russian Cybercriminal Gets 2-Year Prison Sentence in US appeared first on SecurityWeek.
PwC finds AI is amplifying speed and scale of attacks, as identity theft evolves into a cybercriminal supply chain. The post AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link appeared first on SecurityWeek.
AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and resell premium AI access at scale. [...]
Apple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. The post iOS, macOS 26.4 Roll Out With Fresh Security Patches appeared first on SecurityWeek.
A man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on the Hot for Security blog.
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.
Pedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blog.
A ransomware gang that claims to be a group of "investigative journalists"? Meet LeakNet - the group using fake CAPTCHA pages to trick employees into hacking themselves. Read more in my article on the Fortra blog.
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets -- named Aisuru, Kimwolf, JackSkid and Mossad -- are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline.
The European Union – the media freedom hub marsrgi Thu, 03/19/2026 - 08:58 Opening: 16 April 2026 Closing: 28 May 2026 The overall goal of this preparatory action is to continue the activities of the ongoing Free Media Hub EAST project, i.e. to sustain and improve existing financial and other kinds of support to exiled independent media from Russia, Belarus, as well as media from Ukraine that has relocated in the EU, and to foster the coordination and consolidation of a pan-European platform or network of media hubs to promote the preservation of a pluralistic media environment. GettyImages © Mihajlo Maricic Main link https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportuni… Related topics Media and democracy Media freedom and pluralism International relations Funding for Digital Actions to Support Ukraine Democracy in the digital age {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}
In episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie could have this happen to you, can you be sure you're immune? Plus: would you donate your lifetime medical history to science if you were promised anonymity? We unpack serious concerns around UK Biobank, where “de-identified” data may not be as anonymous as you think — and how surprisingly little information it takes to reveal everything. And! Human-powered “AI”, and a punishment worse than prison: eight hours on the RSA expo floor... All this, and much more, in episode 459 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Paul Ducklin.
CEF-Digital Info Session: 2026 Calls Anonymous (not verified) Wed, 03/18/2026 - 10:35 26 March 2026 Online Learn more about the calls "Equipment for smart European cable systems" (CEF-DIG-2026-SMART-CABLES) and "Backbone connectivity for Digital Global Gateways" (CEF-DIG-2026-GATEWAYS). GettyImages © Dragon Claws Main link https://hadea.ec.europa.eu/events/cef-digital-info-session-2026-calls-2026-03-2… Related topics Connecting Europe Facility Funding for Digital Related content Press release 17 March 2026 Commission makes available €200 million for submarine cable and digital infrastructure projects The European Commission has opened two new Connecting Europe Facility (CEF) calls worth €200 million for projects in high-capacity networks, including submarine cables. {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}
Equipment for smart European cable systems - Works Anonymous (not verified) Tue, 03/17/2026 - 08:45 Opening: 17 March 2026 Closing: 30 June 2026 This call supports the upgrade of existing submarine telecommunications/digital infrastructures to “smart capabilities” enabling applications that monitor them as well as other surrounding critical infrastructures (e.g. power cables, pipelines, etc.) and/or their vicinity. Main link https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportuni… Related topics Digital connectivity Connecting Europe Facility Funding for Digital {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}
Backbone connectivity for Digital Global Gateways - Studies Anonymous (not verified) Tue, 03/17/2026 - 08:19 Opening: 17 March 2026 Closing: 30 June 2026 This call for proposals will fund studies related to the deployment/significant upgrade of backbone networks that address risks, vulnerabilities and dependencies in the EU backbone infrastructure. GettyImages © Dragon Claws Main link https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportuni… Related topics Digital connectivity Connecting Europe Facility Funding for Digital {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}
Drivers in the Russian city of Perm have been enjoying an unexpected bonus this week: free parking. Not because the city council suddenly decided to embrace generosity - but rather because hackers succeeded in knocking the city's payment system offline. Read more in my article on the Hot for Security blog.