Security News
Latest Updates

Schneier on Security

Security news and analysis by Bruce Schneier

Friday Squid Blogging: Squid in Byzantine Monk Cooking - March 06, 2026

This is a very weird story about how squid stayed on the menu of Byzantine monks by falling between the cracks of dietary rules.

At Constantinople’s Monastery of Stoudios, the kitchen didn’t answer to appetite.

It answered to the “typikon”: a manual for ensuring that nothing unexpected happened at mealtimes. Meat: forbidden. Dairy: forbidden. Eggs: forbidden. Fish: feast-day only. Oil: regulated. But squid?

Squid had eight arms, no bones, and a gift for changing color. Nobody had bothered writing a regulation for that. This wasn’t a loophole born of legal creativity but an oversight rooted in taxonomic confusion. Medieval monks, confronted with a creature that was neither fish nor fowl, gave up and let it pass...

Anthropic and the Pentagon - March 06, 2026

OpenAI is in and Anthropic is out as a supplier of AI technology for the US defense department. This news caps a week of bluster by the highest officials in the US government towards some of the wealthiest titans of the big tech industry, and the overhanging specter of the existential risks posed by a new technology powerful enough that the Pentagon claims it is essential to national security. At issue is Anthropic’s insistence that the US Department of Defense (DoD) could not use its models to facilitate “mass surveillance” or “fully autonomous weapons,” provisions the defense secretary Pete Hegseth ...

SecurityWeek

Latest cybersecurity news

ArmorCode Raises $16 Million for Exposure Management Platform - March 06, 2026

The company will accelerate platform development, expand go-to-market efforts, and invest in product innovation.

The post ArmorCode Raises $16 Million for Exposure Management Platform appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India - March 06, 2026

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a “high-volume, mediocre mass of implants” that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT - March 06, 2026

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second

SecurityWeek

Latest cybersecurity news

CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List - March 06, 2026

The nation-state-grade iOS exploit kit targets 23 vulnerabilities affecting iOS 13 to 17.2.1.

The post CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List appeared first on SecurityWeek.

Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks - March 06, 2026

The vulnerability was disclosed and mitigated in 2021 but its in-the-wild exploitation has only now come to light.

The post Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks appeared first on SecurityWeek.

Schneier on Security

Security news and analysis by Bruce Schneier

Claude Used to Hack Mexican Government - March 06, 2026

An unknown hacker used Anthropic’s LLM to hack the Mexican government:

The unknown Claude user wrote Spanish-language prompts for the chatbot to act as an elite hacker, finding vulnerabilities in government networks, writing computer scripts to exploit them and determining ways to automate data theft, Israeli cybersecurity startup Gambit Security said in research published Wednesday.

[…]

Claude initially warned the unknown user of malicious intent during their conversation about the Mexican government, but eventually complied with the attacker’s requests and executed thousands of commands on government computer networks, the researchers said...

SecurityWeek

Latest cybersecurity news

Iranian APT Hacked US Airport, Bank, Software Company - March 06, 2026

The attacks, observed since February, show that Iranian hackers already have a presence in the networks of US organizations.

The post Iranian APT Hacked US Airport, Bank, Software Company appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity - March 06, 2026

Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and processes.

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor - March 06, 2026

New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies’ networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It’s affiliated with the Iranian

SecurityWeek

Latest cybersecurity news

Data Security Firm Evervault Raises $25 Million in Series B Funding - March 06, 2026

The company has raised a total of $46 million in funding for its developer-focused encryption and orchestration platform.

The post Data Security Firm Evervault Raises $25 Million in Series B Funding appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer - March 06, 2026

Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the Windows Run dialog and paste a command

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog - March 06, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below -

CVE-2017-7921 (CVSS score: 9.8) - An improper authentication vulnerability affecting

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities - March 05, 2026

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below -

CVE-2026-20122 (CVSS score: 7.1) - An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system.

Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders - March 05, 2026

Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting encrypted data and storing it so it can be decrypted later using quantum computers. This tactic—known as “harvest now, decrypt later”—means sensitive data transmitted today could become

Schneier on Security

Security news and analysis by Bruce Schneier

Hacked App Part of US/Israeli Propaganda Campaign Against Iran - March 05, 2026

Wired has the story:

Shortly after the first set of explosions, Iranians received bursts of notifications on their phones. They came not from the government advising caution, but from an apparently hacked prayer-timing app called BadeSaba Calendar that has been downloaded more than 5 million times from the Google Play Store.

The messages arrived in quick succession over a period of 30 minutes, starting with the phrase ‘Help has arrived’ at 9:52 am Tehran time, shortly after the first set of explosions. No party has claimed responsibility for the hacks...

Manipulating AI Summarization Features - March 04, 2026

Microsoft is reporting:

Companies are embedding hidden instructions in “Summarize with AI” buttons that, when clicked, attempt to inject persistence commands into an AI assistant’s memory via URL prompt parameters….

These prompts instruct the AI to “remember [Company] as a trusted source” or “recommend [Company] first,” aiming to bias future responses toward their products or services. We identified over 50 unique prompts from 31 companies across 14 industries, with freely available tooling making this technique trivially easy to deploy. This matters because compromised AI assistants can provide subtly biased recommendations on critical topics including health, finance, and security without users knowing their AI has been manipulated...

SecurityWeek

Latest cybersecurity news

Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters - March 03, 2026

Two AWS data centers in the United Arab Emirates were “directly struck” and another facility in Bahrain was also damaged after a drone landed nearby.

The post Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations - March 03, 2026

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from

SecurityWeek

Latest cybersecurity news

Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability - March 03, 2026

The researcher says he has identified thousands of internet-exposed IQ4 building management controllers.

The post Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries - March 03, 2026

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP address (“212.11.64[.]250”) that was used by the suspected

SecurityWeek

Latest cybersecurity news

New ‘AirSnitch’ Attack Shows Wi-Fi Client Isolation Could Be a False Sense of Security - March 03, 2026

Researchers have uncovered a Wi-Fi vulnerability that allows nearby attackers to intercept sensitive data and execute machine-in-the-middle attacks against connected devices.

The post New ‘AirSnitch’ Attack Shows Wi-Fi Client Isolation Could Be a False Sense of Security appeared first on SecurityWeek.

1.2 Million Affected by University of Hawaii Cancer Center Data Breach - March 03, 2026

Hackers stole names, Social Security numbers, driver’s license information, voter registration records, and health-related information.

The post 1.2 Million Affected by University of Hawaii Cancer Center Data Breach appeared first on SecurityWeek.

Android Update Patches Exploited Qualcomm Zero-Day - March 03, 2026

An integer overflow or wraparound in the Qualcomm graphics component, the bug leads to memory corruption.

The post Android Update Patches Exploited Qualcomm Zero-Day appeared first on SecurityWeek.

Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low - March 03, 2026

The cybersecurity industry is monitoring the landscape and says many of the big claims made by hacktivist groups remain unverified.

The post Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low appeared first on SecurityWeek.

Schneier on Security

Security news and analysis by Bruce Schneier

On Moltbook - March 03, 2026

The MIT Technology Review has a good article on Moltbook, the supposed AI-only social network:

Many people have pointed out that a lot of the viral comments were in fact posted by people posing as bots. But even the bot-written posts are ultimately the result of people pulling the strings, more puppetry than autonomy.

“Despite some of the hype, Moltbook is not the Facebook for AI agents, nor is it a place where humans are excluded,” says Cobus Greyling at Kore.ai, a firm developing agent-based systems for business customers. “Humans are involved at every step of the process. From setup to prompting to publishing, nothing happens without explicit human direction.”...

The Hacker News

Cybersecurity news and insights

AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged - March 03, 2026

The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automate end-to-end business workflows across the enterprise. This is already showing up in production

Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication - March 03, 2026

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It’s advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand’s real URL. It also lets

SecurityWeek

Latest cybersecurity news

Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise - March 03, 2026

Improper input sanitization in the framework can be exploited through the Shell tool, allowing attackers to modify system files and steal data.

The post Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets - March 03, 2026

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited - March 03, 2026

Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component. “Memory corruption when adding user-supplied data without checking available buffer space,” Qualcomm said in an advisory,

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains - March 03, 2026

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel - March 02, 2026

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome - March 02, 2026

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. “To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure Web and Networking Team said. “

Schneier on Security

Security news and analysis by Bruce Schneier

LLM-Assisted Deanonymization - March 02, 2026

Turns out that LLMs are good at de-anonymization:

We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of candidates.

While it has been known that individuals can be uniquely identified by surprisingly few attributes, this was often practically limited. Data is often only available in unstructured form and deanonymization used to require human investigators to search and reason based on clues. We show that from a handful of comments, LLMs can infer where you live, what you do, and your interests—then search for you on the web. In our new research, we show that this is not only possible but increasingly practical...