23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
📔 RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards 📔The head of the UKs NCSC is calling the cybersecurity industry to seize the disruptive vibe coding opportunity to make software more secure.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise 🖋️TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals 📔The FBI has warned that Iranian hacking group Handala has been targeting opponents of the regime since 2023.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security 📔Poor patch management, increasingly complex IT environments and continued use of obsolete software puts organizations at risk from cyber threats, says the Absolute Security 2026 Resilience Risk Index.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware 📔Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage 📔Silver Fox pivots from ValleyRAT tax lures to WhatsAppstyle stealers, blending espionage phishing.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials 🖋️Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below reactperformancesuite reactstateoptimizercore reactfastutilsa aifastautotrader.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner 🖋️An ongoing phishing campaign is targeting Frenchspeaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resumeCV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Millions of Anonymous Student and Crime Tips Exposed in Major Data Breach 🦿A reported breach of P3 Global Intel exposed millions of anonymous crime and school safety tips, raising new concerns about privacy and trust. The post Millions of Anonymous Student and Crime Tips Exposed in Major Data Breach appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📢 Russian sentenced to jail for his part in ransomware attacks 📢Aleksei Volkov operated as an initial access broker, helping cybercrime groups, including the Yanluowang ransomware group.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks 🖋️Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below CVE20263055 CVSS score 9.3 Insufficient input validation leading to memory overread CVE20264368 CVSS score 7.7 Race condition leading to user.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Observability will be key to agentic AI safety, says Microsoft Security exec 📢Agentic AI adoption will require a reevaluation of enterprise risk management, according to Microsoft corporate VP.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 Safe AI adoption rests on cybersecurity professionals, says RSAC chairman 📢With AI security a key talking point at RSAC 2026, executive chairman Hugh Thompson believes the industry can lead by example.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware 🖋️The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code VS Code projects. The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Navia Data Breach Hits 2.7 Million People, Exposing Sensitive Personal Data 🦿Navia Benefit Solutions says a data breach exposed personal and benefits data tied to 2.7 million people after weeks of unauthorized access. The post Navia Data Breach Hits 2.7 Million People, Exposing Sensitive Personal Data appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🦿 US Bans New Foreign-Made Routers, Citing ‘Unacceptable’ Security Risks 🦿The FCC bans new foreignmade routers over national security risks, a move that could reshape the US tech supply chain and impact pricing and availability. The post US Bans New ForeignMade Routers, Citing Unacceptable Security Risks appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
🖋️ Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR 🖋️A largescale malvertising campaign active since January 2026 has been observed targeting U.S.based individuals searching for taxrelated documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver BYOVD technique. "The campaign abuses Google Ads to serve rogue ScreenConnect .
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Russian Initial Access Broker Handed 81-Month Sentence 📔Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe 📔Geopolitics and cyber warfare take center stage at Infosecurity Europe as Dmytro Kuleba discusses Ukraines hybrid war experience.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities 📔A critical vulnerability in Citrixs NetScaler products allows unauthenticated remote attackers to leak information from the appliance's memory.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials 🖋️Two more GitHub Actions workflows have become the latest to be compromised by credentialstealing malware by a threat actor known as TeamPCP, the cloudnative cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below checkmarxastgithubaction checkmarxkicsgithubaction Cloud security.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills 🖋️Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ 5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents 🖋️On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 New ‘DarkSword’ Leak Puts Millions of iPhones at Risk After Initial Attack 🦿A newer DarkSword exploit leak makes hacking outdated iPhones easier, exposing hundreds of millions of devices to risk. The post New DarkSword Leak Puts Millions of iPhones at Risk After Initial Attack appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📢 US bans foreign-made routers over security risks 📢FCC says routers can be approved for sale, but so far, none are.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage 🖋️A 26yearold Russian citizen has been sentenced in the U.S. to 6.75 years 81 months in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice DoJ, Aleksei Olegovich Volkov facilitated dozens of ransomware attacks across the.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Enterprises need to think of agents as ‘digital co-workers’ – and that means implementing the same security safeguards 📢Practices such as zero trust and least privilege will be needed as agents gain access to sensitive enterprise data.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦅 India’s Evolving Cyber Threat Landscape: State-Sponsored Attacks, Hacktivism, and What’s Next in 2026 🦅 The India cyber threat landscape 2026 is no longer defined by isolated incidents or opportunistic attacks. It has become a dynamic, constantly shifting battleground shaped by geopolitical tensions, rapid digitization, and highly advanced hackers. What once looked like sporadic cybercrime has matured into a layered ecosystem of statesponsored cyber attacks, organized ransomware groups, and a growing wave of Hacktivism in India. Recent threat intelligence observations reveal a new pattern attackers are not only becoming more capable, but also more strategic. They are targeting supply chains, exploiting systemic weaknesses, and adapting their methods faster than most organizations can respond. As a result, understanding India cybersecurity trends in 2026 requires looking beyond raw nu...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
🦿 Google Reinvents Android Sideloading to Thwart Scammers 🦿Google is adding a stricter sideloading process on Android, preserving app installs from outside Google Play while making scamdriven abuse harder. The post Google Reinvents Android Sideloading to Thwart Scammers appeared first on TechRepublic.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📔 Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems 📔ISACA survey found that confusion over responsibility and lack of understanding around AI cyberattacks makes containing them difficult.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity