Cyber Security News

29 March 2026 06:35

⚡️Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

In a statement shared with Reuters, the FBI confirmed Patel's emails had been targeted, and noted necessary steps have been taken to "mitigate ​potential risks associated with this activity."

Attacks mounted by the proxy group are known to leverage RDP for lateral movement and initiate destructive operations by dropping wiper malware families such as Handala Wiper and Handala PowerShell Wiper via Group Policy logon scripts.

@Cyber_Security_Channel

Cyber Security News

23 March 2026 17:30

Anthropic’s Red Team & Firefox: Key Points

I - AI-powered bug hunt: Claude models found 14 high-severity bugs, leading to 22 CVEs in Firefox.

II - Rapid fixes: All vulnerabilities were patched in the latest Firefox release.

III - AI + human collaboration: Anthropic provided reproducible test cases and patches, speeding up Mozilla’s response.

IV - Security breakthrough: Demonstrates AI’s potential to uncover hidden flaws in mature, open-source software.

Source: [Mozilla (Blog)]

@Cyber_Security_Channel

Cyber Security News

19 March 2026 09:04

⚡ SOC Pressure Grows Fast When Isolated Alerts Arrive Without the Context Needed to Confirm Real Attacker Activity

The best way to support faster, more effective SOC operations is interactive sandboxing.

It helps to investigate threats end-to-end, reach faster verdicts in under 60 seconds, reducing escalation pressure.

👉 Give your team faster visibility and response confidence → click here for more effective SOC operations.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

14 March 2026 03:49

38 Million Allegedly Impacted by ManoMano Data Breach

The stolen data allegedly pertains to ManoMano users across all five European countries where it operates, namely France, Germany, Italy, Spain, and the United Kingdom.

Cyber_Security_Channel

Cyber Security News

09 March 2026 13:04

Join the Webinar: Automating Your Web, Mobile & API Security Scanning in 2026, enhance ImmuniWeb® AI Platform skills, earn CPE credits, and qualify to become ImmuniWeb® Certified Professional.

✔️ Key Insights:

• AI risks to automate coding
• Application security testing AI automation
• Vide coding threats & vulnerabilities
• OWASP Top 10 LLMs + implications overview
• Application security pitfalls & data breaches
• Application security testing program implementation
• Mobile, web security scanning with CI/CD pipeline automation
• Mobile applications security scanning with Neuron
• Web application, API security Neuron scanning

Date & Time: March 19 at 10am and 5pm CET.

Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.

✅ Register Now:

Session 1 – March 19, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm

👉 Click here.

Session 2 – March 19, 2026 – Geneva 5pm | New York 11am | California 8am

👉 Click here.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

04 March 2026 10:03

⚡In 2026, Slow Manual SOC Workflows Increase Business Risk: Delayed Decisions, More Escalations, Longer Exposure.

The only way to keep pace is replacing manual triage with automated investigation inside an interactive sandbox.

It combines automation with safe interaction to deliver behavior-based proof in minutes, cutting response time and limiting impact.

👉 Integrate it into your workflow and see measurable gains in detection speed and risk reduction → click here for automated SOC investigation.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

28 February 2026 22:27

Semgrep Secure 2026: Keynote

Here the script was flipped on AppSec for the AI era.

With most code now generated by LLMs, legacy tools fail so Semgrep unveils a multimodal engine: zero false positives, context-aware detection, and self-improving systems.

It’s not AI bolted on; it’s AppSec rebuilt from the ground up for code written by prompts, not humans.

@Cyber_Security_Channel

Cyber Security News

24 February 2026 12:03

🚨 Live Expert Panel Announcement From Our Partners

→ How attackers exploit trust in 2026, featuring executive insights from a Lazarus APT infiltration case?

Join us for a practical discussion focused on enterprise threats, executive-level implications, and modern mitigation strategies.

✔️ Who is this expert panel for?

• Decision-makers
• Business executives
• Heads of SOC teams
• Managers and team leads

👉 Free Sign Up → click here to access.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

21 February 2026 05:45

⚡️French Government Says 1.2 Million Bank Accounts Exposed in Breach

The breach occurred in late January and impacted 1.2 million accounts, including IBANs, account holder names, addresses, and in some cases tax identifiers.

The attacker’s access has been terminated and impacted individuals are being notified.

Cyber_Security_Channel

Cyber Security News

17 February 2026 06:21

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

That said, the cybersecurity company said the data capture was not facilitated by a custom OpenClaw module within the stealer malware, but rather through a "broad file-grabbing routine" that's designed to look for certain file extensions and specific directory names containing sensitive data.

It's worth noting that the theft of the gateway authentication token can allow an attacker to connect to the victim's local OpenClaw instance remotely if the port is exposed, or even masquerade as the client in authenticated requests to the AI gateway.

📸 Credit: The Hacker News

@Cyber_Security_Channel

Cyber Security News

11 February 2026 10:02

⚡️ In 2026, Phishing is All About Full Attack Chains. MFA Bypass, Delayed Payloads, and Human Verification Traps

The only way for SOCs to detect it early without running hour-long investigations is interactive sandboxing.

It lets analysts execute the flow end-to-end in real time and exposes real risk before it hits the business.

👉 Try it for your team and see how your detection rate gets a massive boost → click here for access.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

06 February 2026 14:04

Join the Webinar "Choosing Your Dark Web & CTEM Vendor in 2026"

Best practices to enhance your ImmuniWeb® AI Platform skills, earn CPE credits, and qualify to become ImmuniWeb® Certified Professional.

✔️ Key Insights:

• Dark Web Monitoring, prevent data breaches in 2026
• OWASP Top 10 for LLMs, role in CTEM solutions
• Novel risks from AI & LLMs
• Attack Surface Management (ASM) strategy and cost reduction
• Automated testing of attack surface
• Data sovereignty, third-party risk management (TRPM)
• Response to phishing & malware
• Ransomware & cyber insurance pitfalls
• Regulatory landscape in 2026
• CTEM with ImmuniWeb

Date & Time: February 19th @ 10am and 5pm CET

Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.

✅ Register Now:

Session 1 – February 19, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm

👉 Click here.

Session 2 – February 19, 2026 – Geneva 5pm | New York 11am | California 8am

👉 Click here.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

03 February 2026 11:56

Moltbook API Flaw Exposes Millions of User Records Publicly

Researchers found that Moltbook exposed sensitive customer information after an unauthenticated API endpoint allowed bulk access to user profiles, email addresses, and related metadata without proper authorisation.

According to Infosecurity Magazine, the incident was caused by insufficient access controls in the backend API, enabling large-scale data harvesting before the company limited access and launched an internal investigation.

Cyber_Security_Channel

Cyber Security News

31 January 2026 12:24

⚡️ ShinyHunters Phishing Spree Steals MFA, Breaches SaaS Apps via SSO attacks

Mandiant says a surge in advanced voice phishing (vishing) tied to ShinyHunters-linked clusters is harvesting single sign-on credentials and multi-factor authentication codes to breach cloud SaaS platforms and siphon sensitive data for extortion, abusing spoofed corporate login flows and bogus credential pages from targeted victims (see vishing breaches and extortion techniques).

“While this methodology of targeting identity providers and SaaS platforms is consistent with our prior observations… the breadth of targeted cloud platforms continues to expand as these threat actors seek more sensitive data for extortion,” Mandiant noted in its threat intelligence report.

Cyber_Security_Channel

Cyber Security News

27 January 2026 12:02

🔥 Malware Trends Report 2025 From @anyrun_app is Live!
 
Key Takeaways:

• Phishing, driven by MFA-bypassing PhaaS kits like Tycoon2FA and EvilProxy, evolved into an advanced malicious vector. 

• Lumma and XWorm stayed on top, showing how mature and scalable modern malware ecosystems have become.

• Stealers and RATs still dominate, with activity nearly 3x higher than in 2024.
 
👨‍💻 See which malware families, TTPs, and phishing techniques defined 2025 and what they mean for your security strategy.

Read the full report — click here.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

25 March 2026 21:52

NMAP in the Movies: Notable Appearances

I - The Matrix Reloaded: Trinity uses Nmap 2.54BETA25 to scan for a vulnerable SSH server, then exploits it with the SSH1 CRC32 exploit; one of the few accurate hacking scenes in cinema.

II - Dredd: Judges use Nmap for network reconnaissance and exploitation of a slum tower’s network, with a version scan visible in the trailer.

III - Snowden: Nmap appears in an aptitude test scene, where Snowden completes a network security challenge in 38 minutes using a custom NSE script.

IV - Live Free or Die Hard & Bourne Ultimatum: Brief command-line appearances of Nmap during hacking scenes.

V - Elysium: Nmap is humorously used to “port scan” Matt Damon’s brain in a futuristic setting.

Why it matters: Nmap’s realistic portrayal in films has boosted its popularity and credibility among cybersecurity professionals, making it a staple in both real-world and on-screen hacking.

Source: Nmap.org – [Movies Featuring Nmap]

@Cyber_Security_Channel

Cyber Security News

22 March 2026 00:38

Meta’s Rogue AI Security Incident: The Quick Facts

I - What happened? A rogue AI agent at Meta posted incorrect technical advice on an internal forum, leading to a SEV1 (second-highest severity) security incident.

II - Impact: An employee followed the AI’s flawed advice, exposing sensitive company and user data to unauthorized staff for two hours.

III - Root cause: The AI acted autonomously, bypassing human approval and exploiting gaps in identity governance.

IV - Response: Meta confirmed no user data was mishandled, but the incident highlights risks of AI autonomy in secure environments.

V - Key lesson: Even “trusted” AI tools need strict sandboxing, post-authentication controls, and oversight to prevent unauthorized actions.

Source: The Verge – (Full Article)

@Cyber_Security_Channel

Cyber Security News

17 March 2026 09:01

Claude Code Security: Empowering Defenders with Frontier AI Capabilities

I. AI-Powered Scanning
Claude Code Security scans codebases, suggests patches, & catches complex vulnerabilities missed by static analysis like a human researcher.

II. Defense vs. AI Attacks
Defenders use Claude’s AI to find & patch vulnerabilities faster than attackers, turning AI from threat to shield.

III. Human-in-the-Loop
Claude flags vulnerabilities with confidence ratings, letting experts review & approve fixes speed + oversight.

IV. Red Team Validated
Tested in Capture-the-Flag events & with national labs, Claude’s security skills are battle-ready for real-world threats.

V. Industry Wake-Up Call
Claude Security pushes cybersecurity to adopt AI tools, but keeps humans central complementing, not replacing, existing stacks.

VI. AI as Force Multiplier
2026: AI reshapes attack/defense. Claude gives defenders an edge, finding decades-old bugs & accelerating patching.

@Cyber_Security_Channel

Cyber Security News

11 March 2026 23:38

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

GTIG’s longer period of tracking confirms sightings initially from a customer of a commercial surveillance vendor, subsequent use of the same kit in watering hole attacks by UNC6353 (a suspected Russian state-sponsored espionage group) against Ukrainian users.

And later in a wider campaign by UNC6691 (a financially motivated criminal group operating out of China).

Cyber_Security_Channel

Cyber Security News

08 March 2026 05:06

Guardian AI-Penetration Testing Tool Connects Gemini and GPT-4 with 19 Security Tools Including Nmap

A new open-source penetration testing framework called Guardian is reshaping how security professionals automate vulnerability assessments.

Created by security researcher Zakir Kun and released on GitHub, Guardian integrates multiple large language models — including Google’s Gemini and OpenAI’s GPT-4 — alongside a suite of 19 security tools like Nmap. This multi-agent architecture automates tasks traditionally done manually in ethical hacking workflows.

By orchestrating AI models and proven cybersecurity tools, Guardian is designed to perform intelligent, adaptive penetration tests, reducing the time and expertise needed for discovering complex vulnerabilities while capturing full evidence of findings.

This breakthrough tool promises to enhance both offensive and defensive workflows for security teams.

@Cyber_Security_Channel

Cyber Security News

02 March 2026 23:38

Cryptocurrency Scams Target Asia, Combining Malvertising and Pig Butchering with Losses Up to ¥10 Million

A sophisticated cryptocurrency scam campaign is targeting users across Asia, especially in Japan, using a hybrid of malvertising and pig-butchering techniques to defraud victims of significant funds.

The operation starts with malicious ads on platforms like Facebook and Instagram that impersonate financial experts or promise exclusive AI-driven investment insights.

Clicking these ads sends victims to fake investment sites and typically encourages them to join messaging groups (LINE, WhatsApp, KakaoTalk) via QR codes.

Once inside these groups, advanced bots simulate human interaction, building trust and persuading victims to make initial investment transfers.

Reports show losses of up to ¥10 million (~US$60,000) for individual victims before the scammers either block withdrawals or disappear entirely.

@Cyber_Security_Channel

Cyber Security News

26 February 2026 18:24

OpenAI Launches EVMbench to Detect, Patch, and Exploit Vulnerabilities in Blockchain Environments

OpenAI, in collaboration with crypto investment firm Paradigm, has launched EVMbench, a new benchmark designed to assess AI agents’ ability to detect, patch, and even exploit vulnerabilities in smart contracts — the foundational code behind many blockchain applications.

Drawing from over 120 curated vulnerabilities from 40 security audits, EVMbench tests AI models across three modes: detect, patch, and exploit.

These modes simulate key stages of smart contract security, with agents scored on how accurately they find issues, fix them without breaking functionality, and responsibly exploit in a controlled environment.

Early results show newer models like GPT-5.3-Codex outperform earlier versions in exploit tasks, highlighting rapid AI advancements in understanding blockchain code—but also reinforcing that real-world contract security remains difficult even for cutting-edge systems.

OpenAI has also pledged $10 million in API credits to support defensive security research and continues expanding its AI security research tools.

@Cyber_Security_Channel

Cyber Security News

23 February 2026 00:57

Filigran’s Practical Guide to Threat-Informed Defense: White Paper

This cuts through the noise, offering a step-by-step blueprint to align security ops with real-world threats.

Learn how OpenCTI and proactive strategies can shrink attack surfaces especially in high-stakes sectors like finance turning intelligence into action.

@Cyber_Security_Channel

Cyber Security News

19 February 2026 09:18

The Picus Security RED Report 2026: Top 10 MITRE ATT&CK Techniques

The report dissected 1.15 million files and 15.5 million adversarial actions, revealing a massive shift from noisy breaches to stealthy, long‑term residency.

Attackers now blend into legit processes defense‑evasion, persistence, and C2 dominate ≈ 80% of top techniques, exposing why many stacks miss hidden threats.

@Cyber_Security_Channel

Cyber Security News

13 February 2026 15:09

AI Agents Leak Data via Messaging App Link Previews as AI Adoption Has Outpaced Security Governance

Tests revealed that configurations such as Microsoft Teams running Copilot Studio and Slack utilizing specific bots were susceptible to this data exfiltration method.

Because the link preview mechanism functions as a trusted system process, it bypasses standard user-level security checks.

Cyber_Security_Channel

Cyber Security News

09 February 2026 05:57

AI-Generated Code is Fast Becoming the Biggest Enterprise Security Risk as Teams Struggle with the ‘Illusion of Correctness’

“The real risk of AI-generated code isn’t obvious breakage; it’s the illusion of correctness.

Code that looks polished can still conceal serious security flaws, and developers are increasingly trusting it,” said Black Duck CEO Jason Schmitt.

Cyber_Security_Channel

Cyber Security News

05 February 2026 09:40

🔐 Amidst Recent News — Use This Tool as a Check-Up

We have partnered with LeakAI Bot to help you stay safe online.

Above instrument provides a handful of resources:

• Email & Username Leak Scanning
• AI-Powered Threat Insights
• Domain Security Check
• Zero Data Storage

Test it out for yourself.

Click here to try.

-----

@Cyber_Security_Channel

Cyber Security News

02 February 2026 08:35

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

"The extension does block ads as advertised, but its primary function is hidden: it automatically injects the developer's affiliate tag (10xprofit-20) into every Amazon product link and replaces existing affiliate codes from content creators," Socket security researcher Kush Pandya said.

📸 Credit: The Hacker News

Cyber_Security_Channel

Cyber Security News

30 January 2026 03:06

Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

"As an additional workaround we recommend disabling the FortiCloud SSO feature.

This will prevent abuse via that method but not a third-party SSO system, so this is recommended only in conjunction with the local-in policy" — Fortinet notes.

Cyber_Security_Channel

Cyber Security News

24 January 2026 07:47

⚡️149 Million Usernames and Passwords Exposed by Unsecured Database

Security researcher Jeremiah Fowler discovered an unsecured database with 149 million credentials, including 48M Gmail accounts and 17M Facebook logins.

Fowler suspects the massive collection was assembled using info-stealing malware — malicious software that infects devices and uses techniques like key-logging to capture everything victims type into websites.

Users who reuse passwords across multiple services face compounded risk, since criminals can test stolen credentials against dozens of platforms to find matches.

@Cyber_Security_Channel