RECON

Infosecurity205IN STACK · 2026-03-25 11:00

Experts Sound Alarm Over “Prompt Poaching” Browser Extensions

Expel has warned of malicious Chrome extensions stealing users’ AI conversations

Trail of Bits57 · 2026-03-25 11:00

Try our new dimensional analysis Claude plugin

We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post . Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a different approach: it uses the LLM to annotate your codebase with dimensional types, then flags mismatches mechanically. In testing against real audit findings, it achieved 93% recall versus 50% for baseline prompts...

Google Online Security Blog41 · 2026-03-25 13:00

Security for the Quantum Era: Implementing Post-Quantum Cryptography in Android

Security for the Quantum Era: Implementing Post-Quantum Cryptography in Android

Huntress Blog34 · 2026-03-25 17:00

That “Friendly” Prompt is ClickFix

That "friendly" prompt is a ClickFix scam. Learn about this advanced social engineering tactic that tricks users into running malicious code on their own systems, and why security resilience is your winning bet.

OpenAI Blog24 · 2026-03-25 00:00

Introducing the OpenAI Safety Bug Bounty program

OpenAI launches a Safety Bug Bounty program to identify AI abuse and safety risks, including agentic vulnerabilities, prompt injection, and data exfiltration.

Articles | InfoStealers20 · 2026-03-25 16:19

The New Era of Initial Access: How Infostealer Lookup Services are Changing Cybercrime

The New Era of Initial Access: How Infostealer Lookup Services are Changing Cybercrime We are currently witnessing a massive shift in how cyberattacks begin. Infostealer lookup services are rapidly fueling a new era of initial access, transforming what used to be a complex hacking process into a simple, automated transaction. These platforms have effectively turned […] The post The New Era of Initial Access: How Infostealer Lookup Services are Changing Cybercrime appeared first on InfoStealers .

Infosecurity17 · 2026-03-25 12:00

TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise

Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group

Intigriti17 · 2026-03-25 00:00

Intigriti 0326 CTF Challenge: Chaining DOM clobbering and CSP bypasses for XSS

At Intigriti, we host monthly web-based Capture The Flag (CTF) challenges as a way to engage with the security researcher community. This month's challenge, brought forward by Kulindu, presented us with a Secure Search Portal that, on the surface, appeared to be well protected. A strict Content Security Policy and DOMPurify sanitization gave the impression that this month's task of executing an XSS vulnerability would be difficult. But as we'll see, chaining several gadgets together proved ot...

Black Hills Information Security15 · 2026-03-25 14:00

Lessons From A Chatbot Incident

Real-world account of how insecure databases and an AI chatbot left customer data exposed and how it could have been prevented. The post Lessons From A Chatbot Incident appeared first on Black Hills Information Security, Inc. .

先知安全技术社区15 · 2026-03-25 09:39

从TLS指纹到流量阻断：基于JA3与Suricata的恶意软件检测实战

随着HTTPS加密通信的普及，传统基于明文特征的流量检测方法逐渐失效，恶意软件也越来越多地利用TLS协议隐藏其通信行为，给安全检测带来了新的挑战。针对这一问题，JA3指纹技术通过对TLS ClientHello消息中的关键字段进行特征提取与哈希计算，实现了在加密流量环境下对客户端行为的有效识别。

Infosecurity14 · 2026-03-25 15:30

Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne

Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials

Trend Micro Simply Security14 · 2026-03-25 00:00

Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach

Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps.

Google DeepMind Blog12 · 2026-03-25 16:46

Protecting people from harmful manipulation

Google DeepMind researches AI's harmful manipulation risks across areas like finance and health, leading to new safety measures.

Der Flounder10 · 2026-03-25 18:43

Disabling Rosetta awareness messages on macOS Tahoe

As part of Apple’s move from using Intel processors to Apple Silicon processors for all Mac models, Apple has announced a transition timeline for macOS’s Rosetta 2 translation environment. Rosetta 2 will continue in its current form on both macOS 26 and macOS 27, but there will be as-yet unspecified changes occurring beyond macOS 27. […]

[DRAGNET]5 · 2026-03-25 07:00

APT Iran hackers steal over 375TB of data from Lockheed Martine

APT Iran hackers steal over 375TB of data from Lockheed Martine    Cybersecurity Insiders

[DRAGNET]5 · 2026-03-25 07:00

Foster City ransomware attack raises big questions; RSAC conference addresses cyber security concerns

Foster City ransomware attack raises big questions; RSAC conference addresses cyber security concerns    ABC7 San Francisco

[DRAGNET]5 · 2026-03-25 07:00

Iran-linked ransomware operation targeted US healthcare provider

Iran-linked ransomware operation targeted US healthcare provider    Cybersecurity Dive

[DRAGNET]5 · 2026-03-25 07:00

Most Ransomware Victims Who Pay Up Don’t Get Their Data Back

Most Ransomware Victims Who Pay Up Don’t Get Their Data Back    Cybercrime Magazine

[DRAGNET]5 · 2026-03-25 07:00

Maine mental health agency targeted in Russian ransomware attack

Maine mental health agency targeted in Russian ransomware attack    Bangor Daily News

[DRAGNET]5 · 2026-03-25 07:00

Threat Actors Exploit RDP Servers To Deliver Malware and Establish Long-Term Access

Threat Actors Exploit RDP Servers To Deliver Malware and Establish Long-Term Access    cyberpress.org

[DRAGNET]0 · 2026-03-25 07:00

Attackers exploit open source to spread malware

Attackers exploit open source to spread malware    Techzine Global