Aggregator

Rapid7 says median time from publication to CISA KEV inclusion dropped to five days

We are expanding Regional Services with new pre-defined regions and the launch of Custom Regions. Customers can now define precise geographical boundaries for data processing, tailored to meet their compliance and performance needs.

鹈鹕、Three.js 与 Rebecca，评测 LLM 能力的标尺。

Corelight has introduced a new set of agentic AI capabilities aimed at helping security operations centers (SOCs) cut down on repetitive, time-consuming tasks. The updates are designed to boost analyst efficiency, speed up response times, and build trust through greater transparency. The release includes Agentic Triage to streamline SOC workflows, a new suite of machine learning models that turn encrypted traffic blind spots into actionable evidence, and expanded integrations “By pairing the industry’s highest-fidelity network … More →

The post Corelight’s Agentic Triage turns SOC alerts into evidence-backed investigations appeared first on Help Net Security.

Кому придется отдать свои домены государству?

TrojAI has announced major new capabilities designed to secure the growing deployment of agentic AI in the enterprise going beyond the prompt layer. “The innovations we are unveiling this week address some of the most significant and rapid changes to the AI security ecosystem. Enterprise deployment of agents is accelerating quickly, and these new TrojAI capabilities enable a new level of visibility and protection needed for the Agentic enterprise,” said Lee Weiner, CEO of TrojAI. … More →

The post TrojAI unveils new capabilities to secure agentic AI beyond the prompt layer appeared first on Help Net Security.

Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set

Mobile internet in Moscow has been intermittently disrupted since March 6, with some areas still experiencing outages, local reports say.

Researchers at Howler Cell have discovered a new .NET AOT malware campaign that uses a clever scoring system…

Veracode has unveiled Veracode Fix for Software Composition Analysis (SCA), an AI-powered solution to address software supply chain risk. The enhanced automated remediation engine, the next evolution of Veracode’s Fix solution, enables organizations to detect and remediate open-source vulnerabilities easily, before code reaches production. Designed to integrate seamlessly into existing developer workflows, it delivers third-party updates and first-party code refactoring without breaking builds or disrupting development. In 2025, software supply chain breaches accounted for 30% … More →

The post Veracode Fix for SCA automates open-source vulnerability fixes appeared first on Help Net Security.

Polygraf AI has announced the launch of its Desktop Overlay, a new product designed to provide continuous, real-time guidance for compliance operations and data protection directly at the user interface level, as a personal compliance assistant. Built for highly regulated and government agencies, the Desktop Overlay runs at the edge and preemptively warns users of sensitive data exposure while they are writing, before the data is sent to third-party models, external systems, or leaves device … More →

The post Polygraf AI launches Desktop Overlay for real-time AI behavior control in enterprise operations appeared first on Help Net Security.

Больше никаких компромиссов между жаждой и отравлением.

AnonyMask: Automated Masking and Unmasking of Explicit and Implicit Privacy Data AnonyMask is a privacy-preserving tool designed to automatically

The post The AI Privacy Shield: How AnonyMask Automates Data Redaction for LLM and RAG Workflows appeared first on Penetration Testing Tools.

A critical vulnerability has been unearthed within the GNU InetUtils telnetd daemon, empowering an assailant to execute arbitrary

The post Root Without a Password: The 9.8 CVSS “Ghost in the Shell” Exploit Haunting GNU Telnet appeared first on Penetration Testing Tools.

CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.1 To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify additional threats and determine mitigation actions.

To defend against similar malicious activity that misuses legitimate endpoint management software, CISA urges organizations to implement Microsoft’s newly released best practices for securing Microsoft Intune; the principles of these recommendations can be applied to Intune and more broadly to other endpoint management software: 

• Use principles of least privilege when designing administrative roles.
  • Leverage Microsoft Intune’s role-based access control (RBAC) to assign the minimum permissions necessary to each role for completing day-to-day operations—permissions include what actions the role can take, and what users and devices it can apply that action to.
• Enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene.
  • Use Microsoft Entra ID capabilities (including Conditional Access, MFA, risk signals, and privileged access controls) to block unauthorized access to privileged actions in Microsoft Intune.
• Configure access policies to require Multi Admin Approval in Microsoft Intune.
  • Set up policies that require a second administrative account’s approval to allow changes to sensitive or high-impact actions (such as device wiping), applications, scripts, RBAC, configurations, etc.  

Additionally, CISA recommends reviewing the following resources to strengthen defenses against similar malicious cyber activity:

• Microsoft resources:
  • For recommendations on securing Microsoft Intune, see Best practices for securing Microsoft Intune.
  • For guidance on implementing Multi Admin Approval in Microsoft Intune, see Use Access policies to implement Multi Admin Approval.
  • For recommendations on configuring Microsoft Intune using zero trust principles, see Configure Microsoft Intune for increased security.
  • For guidance on implementing Microsoft Intune RBAC policies, see Role-based access control (RBAC) with Microsoft Intune.
  • For guidance on deploying Privileged Identity Management (PIM) across Microsoft Intune, Entra ID, and other Microsoft software, see Plan a Privileged Identity Management deployment.  
• CISA resources:
  • For guidance on implementing phishing-resistant multifactor authentication (MFA), see Implementing Phishing-Resistant MFA. 

Disclaimer

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.  

Acknowledgements

Microsoft and Stryker contributed to this alert. 

Notes

1 For updates from Stryker on the incident, see “Customer Updates: Stryker Network Disruption,” Stryker, last modified March 15, 2026, https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-20963 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

The forensic savants at Sophos have chronicled a burgeoning wave of cyber offensives wherein digital marauders proliferate the

The post The ClickFix Trap: How “MacSync” Infostealers Hijack the Developer Terminal appeared first on Penetration Testing Tools.

Forensic savants at Zscaler have chronicled a nascent wave of cyber offensives tethered to a Chinese syndicate, resolutely

The post The Missile Strike Snare: How Mustang Panda Exploited Geopolitical Chaos to Strike the Gulf appeared first on Penetration Testing Tools.

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins. A detailed analysis of where Claude