Security News

Quantum-Resistant Data Diode Secures Sensitive Data on Edge Devices, Critical Systems

Forward Edge-AI's new Isidore Quantum is a compact, low-power hardware device designed to defend sensitive operational technology endpoints against future quantum attacks.

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated requests from strange user agents. If

Quick Howto: ZIP Files Inside RTF, (Mon, Mar 2nd)

In diary entry "Quick Howto: Extract URLs from RTF files" I mentioned ZIP files.

Wireshark 4.6.4 Released, (Mon, Mar 2nd)

Wireshark release 4.6.4 fixes 3 vulnerabilities and 15 bugs.

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. "Protection mechanism failure in MSHTML Framework allows an unauthorized

Bug in Google's Gemini AI Panel Opens Door to Hijacking

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources.

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and

ISC Stormcast For Monday, March 2nd, 2026 https://isc.sans.edu/podcastdetail/9830, (Mon, Mar 2nd)

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. "Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented," Oasis

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher's home. This post examines what is knowable about Dort based on public information.

Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix "AIza") embedded in client-side code to provide Google-related services like

Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk." "This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons," the

Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL

HBO's "The Pitt" is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.

Cities Hosting Major Events Need More Focus on Wireless, Drone Defense

Major events like the FIFA World Cup need to look beyond traditional physical and cyber security to active and passive wireless threats, say experts.

Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy

Using AI to find security vulnerabilities holds significant promise, but the initial products fall short of the needs of enterprises and software developers, say experts.

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added. "Criminal

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. The non-profit entity said the compromises are likely

The Case for Why Better Breach Transparency Matters

It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/crypto" codebase, but injects malicious code that's responsible for exfiltrating secrets entered via terminal password

Claude Code Security Shows Promise, Not Perfection

Claude Code's introduction rippled across the stock market, but researchers and analysts say its impact was overstated, as they peel back the layers.