Sell your soul to the orb

Sam Altman has cooked up a plan to make his cryptocurrency/identity/eyeball-scanning-orb venture more useful by – you guessed it – adding agentic AI to the mix. Now the technology behind it will be used to identify the human behind bots.…

We found last-minute Spring Sale deals on tablets up to $150 off from brands like Apple, Samsung, and more.

The Samsung Galaxy S26 Ultra is yet another iterative upgrade for the popular brand, but it still manages to stand out in a crowded market.

Amazon's Big Spring Sale is winding down, but some of these Walmart sales are even better, including up to 60% off on Apple products, Roku devices, and more.

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells

State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties

The Council of the European Union sanctioned Emennet Pasargad on Monday, a company used as a front for a series of Iranian cyberattacks.…

The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials

Learn how Cisco Access Manager makes identity-based access control simple in Meraki—no appliances, no complexity, just fast zero trust.

A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how organizations are securing AI infrastructure and highlights critical gaps tied to skills shortages and

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. "Initial access was achieved through a spear-phishing email disguised as a

Midmarket security leaders aren't as secure as they think, says Intruder's report

Partner Content The midmarket matters. JP Morgan estimates approximately 300,000 organizations generating $13T in annual revenue. Yet they occupy an awkward position in the security landscape. They're large enough to be attractive targets with complex digital estates, significant revenue, and valuable data, but not large enough to have the headcount, budget maturity, or tooling sophistication of an enterprise security team.…

SCION: Proven in banking and healthcare, slow to spread everywhere else

Feature BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work – to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions

Posted by Jiqiang Feng via Fulldisclosure on Mar 16

[This is an update to communications sent March 12-14 regarding Alipay security vulnerabilities.]

---

On March 15, 2026, four WeChat articles documenting security vulnerabilities in Alipay were forcibly deleted from the
public account AI-security-innora. The deletion was carried out by Tencent at the request of Beijing Geyun Law Firm,
acting on behalf of Ant Group, citing China's Cybersecurity Law.

The same complaint had been rejected...

Admins may be even more exhausted by then, because securing Microsoft’s AI helper is not a trivial job

Gartner analyst Dennis Xu has half-jokingly suggested banning use of Microsoft’s Copilot AI on Friday afternoons, because he fears at that time of week users may be too lazy to properly check its possibly offensive output.…

In the beginning, it was simple. A website, a database and 150M+ email addresses to search. Time has added serverless functions (which run on servers 🤷‍♂️), code on the edge, new data storage constructs and a completely different mechanism for even just querying a simple email address. HIBP is a continually evolving beast, and barely a week goes by that we don't implement code of significance. You don't always see it out there in the public realm, but the tweaks - in including the major one I talk about in this week's video - all add up to make the platform faster, more sustainable and if we do it right, even a bit more cost-effective to run 😊

AI helped send weekly threat signal count from 80 million to 400 billion, then helped response time shrink from two days to 30 minutes

Australia’s Commonwealth Bank built its own agentic AI threat hunting tools, because vendors are too slow to develop tools that can cope with emerging AI-powered threats, according to General Manager of Cyber Defence Operations Andrew Pade.…

submitted by /u/AdTemporary2475
[link] [comments]

Operations and hospital networks not affected, we're told

Robotics-assisted surgical tech firm Intuitive said that unauthorized intruders gained access to some of its internal IT business applications after stealing an employee's credentials during a phishing attack.…

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py," StepSecurity said. "Anyone who runs