25729
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
📢 Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourself 📢The VS Code vulnerabilities highlight broader IDE security risks, said OX Security.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📔 Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks 📔Unit 42 researchers observed a lowskilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Significant Rise in Ransomware Attacks Targeting Industrial Operations 📔Dragos annual report warns of a surge in ransomware attacks causing increased operational disruption in industrial environments.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📢 Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company responded 📢Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster 🖋️Cloud attacks move fast faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is shortlived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Infostealer Targets OpenClaw to Loot Victim’s Digital Life 📔Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📢 Harnessing AI to secure the future of identity 📢Channel partners must lead on securing AI identities through governance and support.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦅 How the Protective Security Policy Framework Shapes Australia’s Commonwealth Cyber Security Strategy 🦅 The Australian government has intensified efforts to protect digital infrastructure across all Commonwealth entities. Two recent publications, the 202425 Protective Security Policy Framework PSPF Assessment Report and the 2025 Commonwealth Cyber Security Posture Report, offer a comprehensive snapshot of current achievements, challenges, and future priorities in government cyber resilience. The PSPF Assessment Report highlights that 92 of noncorporate Commonwealth entities NCEs achieved an overall rating of Effective compliance under the updated evidencebased reporting model. This framework moves beyond traditional checklists, focusing on measurable outcomes, tangible risk reduction, and demonstrable assurance. While information security across agencies continues to perform well, te...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
🌊 A Ghost Attacker in RAM: Neutralizing a Fileless Breach 🌊Attackers can use ViewState to execute malicious code in memory. Learn how UnderDefense detected and neutralized a fileless attack. The post A Ghost Attacker in RAM Neutralizing a Fileless Breach appeared first on UnderDefense.
📖 Read more.
🔗 Via "UnderDefense"
----------
👁️ Seen on @cibsecurity
📔 Crypto Payments to Human Traffickers Surges 85% 📔Chainalysis warns that online fraud is fuelling sophisticated human trafficking operations.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft 📔New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns 📔NCSCs Richard Horne has warned that cybercriminals do not care about business size and called for SMEs to act now to secure their organizations.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released 🖋️Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The highseverity vulnerability, tracked as CVE20262441 CVSS score 8.8, has been described as a useafterfree bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud 🖋️Presentation of the KTU Consortium Mission A Safe and Inclusive Digital Society at the Innovation Agency event Innovation Breakfast How MissionOriented Science and Innovation Programmes Will Address Societal Challenges. Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers 🖋️A new study has found that multiple cloudbased password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Apple Expands RCS Encryption and Memory Protections in iOS 26.4 📔iOS 26.4 Beta adds endtoend encryption for RCS messaging and enhanced Memory Integrity Enforcement.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer 🖋️Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol MCP server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Server a tool that connects AI assistants to Oura Ring health data and built a deceptive.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📔 Over-Privileged AI Drives 4.5 Times Higher Incident Rates 📔Teleport study reveals that organizations running overprivileged AI have a 76 incident rate.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ My Day Getting My Hands Dirty with an NDR System 🖋️My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldnt otherwise?Am I ready to be a network security analyst now? My objective As someone relatively inexperienced with network threat hunting, I wanted to get some handson experience using a network detection and response .
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Vast majority of breaches enabled by preventable gaps, identity weaknesses says Palo Alto Networks 📢Identity controls and better understanding of threat surface are key to rebuffing increasingly threatening cyber attacks.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🖋️ Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations 🖋️New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence AI chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning AI. The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta 🖋️Apple on Monday released a new developer beta of iOS and iPadOS with support for endtoend encryption E2EE in Rich Communications Services RCS messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "Endtoend encryption is in beta and is not available for all.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🌊 5 Hidden Costs of SOCaaS and How to Avoid Them 🌊Managing cybersecurity budgets in 2026 is like navigating a minefield blindfolded. Organizations are increasingly turning to Security Operations Center as a Service SOCaaS as a costeffective alternative to building internal The post 5 Hidden Costs of SOCaaS and How to Avoid Them appeared first on UnderDefense.
📖 Read more.
🔗 Via "UnderDefense"
----------
👁️ Seen on @cibsecurity
📔 Odido Breach Impacts Millions of Dutch Telco Users 📔Dutch telco Odido has revealed a major data breach impacting over six million customers.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day 📔A high severity vulnerability in Google Chrome and allows remote attackers to execute code.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 OysterLoader Evolves With New C2 Infrastructure and Obfuscation 📔OysterLoader malware evolves into 2026, refining C2 infrastructure, obfuscation infection stages.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords 📔Security researchers have challenged endtoend encryption claims from popular commercial password managers.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft 🖋️Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate realtime surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware 🖋️This weeks recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, addons, cloud setups, or workflows that people already trust and rarely question. Another signal attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supplychain exposure are being used side by side, whichever path.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens 🖋️Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw formerly Clawdbot and Moltbot configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI .
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity