The 3 Steps CISOs Must Follow
Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front…
[email protected] (The Hacker News)
[email protected] (The Hacker News)
Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
Ravie LakshmananMar 03, 2026Vulnerability / Artificial Intelligence The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks.…
AI Agents: The Next Wave Identity Dark Matter
The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data,…
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It’s advertised as a cybercrime platform by a threat group calling itself…
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Ravie LakshmananMar 03, 2026Phishing / Malware Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the…
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Ravie LakshmananMar 03, 2026Vulnerability / Mobile Security Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question…
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
Ravie LakshmananMar 03, 2026Malware / Phishing The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity,…
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Ravie LakshmananMar 02, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on…
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Ravie LakshmananMar 02, 2026Cryptography / Browser Security Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. “To ensure the…
SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
Ravie LakshmananMar 02, 2026Cybersecurity / Hacking This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different…