Blue-on-blue internal investigation lands force £66k fine The UK's data protection watchdog has fined Police Scotland £66,000 ($88,000) for what it calls a "serious failure" in handling an alleged victim's sensitive data.... [...]
Meta is introducing new anti-scam protections across its platforms, deploying systems and user-facing warnings to protect users against scammers. [...]
Officials suspend Basel-Stadt trial and launch probe A Swiss canton has suspended its pilot of electronic voting after failing to count 2,048 votes cast in national referendums held on March 8.... [...]
Google’s security-first mindset comes from more than two decades of building some of the largest and most secure computing systems in the world. As software and AI permeate more industries, and business innovation increasingly centers on the adoption of AI and cloud computing technology, securing your organizations from …
17-year-old allegedly withdrew large sums of cash from ATMs Dutch police have arrested a 17-year-old boy who detectives suspect was responsible for 16 bank card frauds across the Netherlands.... [...]
Advocate General urges rethink of PSD2 to speed compensation after scams Analysis One of the European Union's top legal advisors is trying to change how banks treat cybercrime victims – meaning they could enjoy greater financial protections sooner than expected.... [...]
Canada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Sovereign AI Compute Strategy. Will any value generated by “sovereign AI” be captured in Canada, making a difference in the lives of Canadians, or is this just …
Reflecting on the relaunch of the UK Cyber Team and introducing the next phase of leadership Partner Content The UK Cyber Team is a government initiative led by the Department for Science, Innovation and Technology in partnership with SANS Institute. Its purpose is to identify, develop, and support the …
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows …
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. [...]
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. [...]
Could steal sensitive personal and financial data After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn't exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is …
In January 2026, we announced the general availability of the AWS European Sovereign Cloud, a new, independent cloud for Europe entirely located within the European Union (EU), and physically and logically separate from all other AWS Regions. The unique approach of the AWS European Sovereign Cloud provides the only …
A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. [...]
The RSAC 2026 Conference brings together thousands of professionals, practitioners, vendors, and associations to discuss issues covering the entire spectrum of cybersecurity—a place where innovation meets collaboration and the industry’s brightest minds converge to shape its future. This March, Amazon Web Services (AWS) returns to the annual …
Ransomware, malware-as-a-service, infostealers benefit MOIS, too Iranian government-backed snoops are increasingly using cybercrime malware and ransomware infrastructure in their operations - not just hiding behind criminal masks as a cover for destructive cyber activity, according to security researchers.... [...]
Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities. [...]
Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. [...]
Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate’s campaign page Cyber baddies quietly compromised legitimate WordPress websites, including the campaign site of a US Senate candidate, turning them into launchpads for a global infostealer operation.... [...]
Welcome to the first Cloud CISO Perspectives for March 2026. Today, Bob Mechler and Crystal Lister, from Google Cloud’s Office of the CISO, share cloud threat intelligence and analysis from our new Cloud Threat Horizons Report. As with all Cloud CISO Perspectives, the contents of this newsletter are …
Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. [...]
A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. [...]
After talking with many customers, one thing is clear: the security challenge has not gotten easier. Enterprises today operate across a complex mix of environments, including on-premises infrastructure, private data centers, and multiple clouds, often with tools that were never designed to work together. The result is enterprise security …
Malware is evolving to evade sandboxes by pretending to be a real human behind the keyboard. The Picus Red Report 2026 shows 80% of top attacker techniques now focus on evasion and persistence, including geometry-based cursor tests and CPU timing checks. [...]
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.... [...]
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.... [...]
Crooks used simple phone scam to compromise vendor account, spilling personal and financial data belonging to more than 15,000 people A voice-phishing scam targeting one of Ericsson's service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over …
Digital freedom needs a Kali Linux for the rest of us Opinion The hacker mind is a curious way to be. To have it means to embody endless analytical curiosity, an awareness of any given rule set as just one system among many, and an ability to see any …
Kids profited from tools used to attack popular websites, say officials Polish police have referred seven suspected juvenile cybercriminals to family court over an alleged scheme to flog DDoS kits online.... [...]
CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks. [...]
The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations. [...]
Countries around the world are becoming increasingly concerned about their dependencies on the US. If you’ve purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance. The Dutch Defense Secretary recently said that he could jailbreak the planes to accept third-party software. [...]
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. [...]
David and Goliath...but with AI agents Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours.... [...]
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. [...]
Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. [...]
Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers. [...]
And they abused a Mandiant-developed open source tool in the attacks ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.... [...]
Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances. [...]
An attack on the company’s AWS platform may have exposed customers' names and home addresses Exclusive ELECQ, maker of smart electric vehicle (EV) chargers, is warning customers that their personal details may have been stolen in a ransomware attack that encrypted and copied user data from its cloud …
In today’s cyber threat landscape, U.S. state and local governments find themselves under continuous attack, with bad actors leveraging AI to act with greater speed and sophistication. The need to secure mission-critical workloads has never been greater. In light of these challenges, we are proud that Google …
The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. [...]
Password audits often focus on complexity rules but miss the accounts attackers actually target. Specops Software explains how breached passwords, orphaned users, and service accounts can leave organizations exposed. [...]
Two-week deadline to fraudsters to fess up or have their faces plastered across every screen in the country Dutch national police are taking a novel stand against scammers - 100 suspects now have less than two weeks to hand themselves in or face public shaming.... [...]
Dutch spies flag large-scale campaign to hijack secure messaging accounts Russian-linked hackers are trying to break into the Signal and WhatsApp accounts of government officials, journalists, and military personnel globally – not by cracking encryption, but by simply tricking people into handing over the keys.... [...]
This isn't just a nostalgia trip – billions of legacy microcontrollers may be at risk AI can reverse engineer machine code and find vulnerabilities in ancient legacy architectures, says Microsoft Azure CTO Mark Russinovich, who used his own Apple II code from 40 years ago as an example.... [...]
It’s called AirSnitch : Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service Set Identifiers). This cross-layer identity desynchronization is the …
Britain's Ministry of Defence wants a counter-drone system designed, contracted, and delivered within weeks Britain's Royal Navy is urgently seeking a ship-based counter-drone system and recent world events likely explain why.... [...]
Cyber is no longer the hush-hush thing it used to be, as team Trump invades Iran with hackers taking the lead Kettle Unlike previous military conflicts, the cyber domain has been front and center since the Trump administration invaded Iran, upending the traditionally quiet role played by hackers in …
AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive …