Flux RSS

LeakyLooker flaws in Google Looker Studio let attackers run cross-tenant SQL attacks on cloud data

Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers

BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data

Palo Alto Networks’ Unit 42 has developed a successful attack to bypass safety guardrails in popular generative AI tools

Check Point data shows attack volumes are growing much faster in the UK than worldwide

March Patch Tuesday sees Microsoft release updates for 79 flaws

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday.

OpenAI’s latest acquisition addresses a security need Jamieson O’Reilly, security advisor at OpenClaw, raised during an exclusive interview with Infosecurity

Only 24% of organizations test identity disaster recovery plans every 6 months, Quest Software said

Elon Musk's social media site says it suspended 800 million accounts in a year for spam and manipulation - but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain. Read more in my article on the Hot for Security blog.

Google Cloud report details a sharp rise in attackers exploiting software vulnerabilities, including React2Shell

Ericsson data breach affects 15k employees/customers after third-party service provider compromise

Dutch intelligence reveals Russian state hackers are trying to hijack the Signal and WhatsApp accounts of key targets

Prolific ShinyHunters group claims to have stolen data from nearly 400 websites in Experience Cloud attacks

Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub

US national cyber strategy focuses on stronger defenses, countering threats, fostering innovation

New UK Online Crime Centre will combine expertise from a range of sources to takedown online channels cyber-scammers rely on

Over one in five winners of IT-Harvest’s 2026 Cyber 150 are AI security companies

Billing services provider TriZetto Provider Solutions has begun notifying millions of patients about a data breach

Derrick Van Yeboah admitted he stole over $10m in romance scams as part of crime gang