RECON

Securelist200IN STACK · 2026-03-26 08:00

Coruna: the framework used in Operation Triangulation

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.

bishopfox.com59 · 2026-03-26 13:00

strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication

Bishop Fox researchers took a deep dive into a new strongSwan vulnerability that allows unauthenticated attackers to take VPN services offline. We created an easy tool to test your strongSwan deployment & recommend upgrading to version 6.0.5 and later.

Elastic Security Labs52 · 2026-03-26 00:00

Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework

Elastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain persistence.

Sandfly Security Blog RSS Feed34 · 2026-03-26 22:39

Sandfly 5.5 - AI Linux Forensics Analysis Demo

Sandfly 5.5 has powerful new AI integration to allow teams to quickly analyze Linux security events and forensics. This new feature brings an expert-level security analyst to your team using Sandfl...

Insinuator.net27 · 2026-03-26 07:47

Methodology for Assessing Kubernetes Namespace-Based Multi-Tenancy Setups

This page introduces our structured methodology for assessing security risks in Kubernetes environments that use Namespace-based Multi-Tenancy. It addresses weaknesses that break Namespace-based isolation that not well studied, yet. We found this issues during our research and presented them together with this methodology in our Talk at KubeCon + CloudNativeCon Europe 2026. The methodology assumes […]

先知安全技术社区20 · 2026-03-26 08:49

【AI安全】CVE-2026-26023深度分析：Dify中的XSS利用

我们可以进一步利用CVE-2026-26023漏洞，在受害者查看历史聊天记录时触发恶意脚本，进而借助受害者浏览器的已授权上下文，调用Dify后端API，最终实现从中危XSS到窃取工作空间权限的危害提升

Unit 4217 · 2026-03-26 22:00

Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government

Unit 42 uncovers multiple clusters of cyberespionage targeting a Southeast Asian government organization with USBFect, RATs and loaders. The post Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government appeared first on Unit 42 .

Infosecurity17 · 2026-03-26 16:40

Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code

Trend Micro Simply Security17 · 2026-03-26 00:00

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed.

Trend Micro Simply Security17 · 2026-03-26 00:00

Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise

TeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly documented to date that cascaded through developer tooling and compromised LiteLLM, exposing how AI proxy services that concentrate API keys and cloud credentials become high-value collateral when supply chain attacks compromise upstream dependencies.

先知安全技术社区15 · 2026-03-26 13:06

新型社工钓鱼伪装技术之WinGet配置文件+Lnk文件

01 前言Winget钓鱼是一种容易被防御者忽视的钓鱼方式，以至于公开的文件滥用后缀中并没有它：https://filesec.io/本文会详细介绍这种新的钓鱼伪装技术，包括漏洞复现、涉及的概念，如何一步步构造及原理02 漏洞复现压缩包内有Lnk文件jianli.lnk双击jianli.lnk后可以看到成功弹出了伪装的pdf文档，并下载执行了putty.exe03 前置知识3.1 Powershe

Fidelis Security14 · 2026-03-26 18:06

How Can Network-Based Detection Help Stop Zero-Day Exploits?

Learn how network-based detection helps identify zero-day exploits by analyzing attacker behavior, monitoring abnormal traffic patterns, and strengthening detection and response strategies. The post How Can Network-Based Detection Help Stop Zero-Day Exploits? appeared first on Fidelis Security .

Red Hat Security14 · 2026-03-26 00:00

AI security: Defending against prompt injection and unsafe actions

In previous articles, we framed AI security as protecting confidentiality, integrity, and availability of the whole AI system, not just the model. We also mapped AI risks onto familiar secure development lifecycle (SDLC) thinking, treating data and model artifacts as first-class build inputs and outputs.This article examines the primary security risk for enterprise large language model (LLM) applications: prompt injection. This vulnerability occurs when the model fails to distinguish between ...

Sandfly Security Blog RSS Feed12 · 2026-03-26 20:21

Sandfly 5.7 - Performance Upgrade

Speed and visibility are everything during a security investigation. With the release of Sandfly 5.7, we’ve drastically reduced scan times, expanded our threat detection to catch stealthy backdoors...

Publications | Outflank12 · 2026-03-26 16:29

Introducing Cobalt Strike Research Labs

This is a joint blog written by Stan Hegt, Pieter Ceelen, and Will Burgess. Today, we’re launching Cobalt Strike Research Labs (CS:RL) , a new Fortra offering that unites the research expertise of the Cobalt Strike and Outflank teams. CS:RL delivers cutting-edge, ready-to-use research tooling for Cobalt Strike, including custom UDRLs, Sleep Masks, UDC2 channels, and post-exploitation capabilities. Most importantly, it provides the Cobalt Strike team with a platform to deliver experimental bet...

Infosecurity11 · 2026-03-26 16:00

Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study

Infosecurity11 · 2026-03-26 15:00

EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts

EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials

白帽Wiki - 一个简单的wiki10 · 2026-03-26 19:48

[2026]从0开发hypervisor-debugger

[从0开始开发VT调试器（一）.docx](https://key08.com/usr/uploads/2026/03/3954387549.docx) [从0开始开发VT调试器（二）.docx...

Linux Foundation Blogs10 · 2026-03-26 19:39

The Economic Value of Open Source Software Contributions

This blog was first published on March 25, 2026 at https://blog.irvingwb.com/blog/2026/03/the-economic-value-of-open-source-software-contributions.html and repurposed here with consent from the author.

ByteByteGo10 · 2026-03-26 15:31

How to Implement API Security

Most APIs that ship to production have some security in place. Most of the time, HTTPS is enabled, an API key is required, and maybe there’s even a quick code review before deployment.

Graham Cluley9 · 2026-03-26 18:57

World Leaks data extortion: What you need to know

World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog.

SitePoint8 · 2026-03-26 19:44

OpenClaw Security Audit: Detecting Malicious AI Agent Plugins in Your Local Stack

A hands-on security guide for developers running OpenClaw AI agents, covering plugin vulnerability scanning, malicious code detection patterns, and hardening strategies for 20-26% malicious plugin rates in the 300K-star ecosystem. Continue reading OpenClaw Security Audit: Detecting Malicious AI Agent Plugins in Your Local Stack on SitePoint .

Google AI Blog8 · 2026-03-26 16:00

Transform your headphones into a live personal translator on iOS.

Google Translate’s Live translate with headphones is officially arriving on iOS! And we're expanding the capability for both iOS and Android users to even more countries…

Infosecurity8 · 2026-03-26 13:15

AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns

PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients

Graham Cluley8 · 2026-03-26 11:27

Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie

A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot." Meanwhile, two people drive up to the entrance of the UK's nuclear submarine base at Faslane and politely ask if they can have a look around. Tourists? Spies? Something in between? All this and more in episode 460 of the "Smashing Security" podcast with cybersecurity vete...

Infosecurity8 · 2026-03-26 10:07

Invoice Fraud Costs UK Construction Sector Millions, NCA Warns

The National Crime Agency has warned construction firms about surging invoice fraud

Ebay8 · 2026-03-26 07:00

eBay Launches 48-Hour Livestream Shopping Event Featuring Celebrities, Rare Finds, and $1 Starting Bids

“48 Hours of Drops” delivers nonstop access to pre-loved fashion, collectibles, and exclusive inventory on eBay Live.

Sucuri Blog6 · 2026-03-26 19:00

Web Shells: Types, Mitigation & Removal

Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These scripts exploit vulnerabilities like SQL injection, remote file inclusion (RFI), and cross-site scripting (XSS) to gain entry. Once deployed, web shells allow attackers to manipulate the server, leading to data theft, website defacement, or serving as a launchpad for further attacks. They are especially dangerous because th...

miguelgrinberg.com6 · 2026-03-26 12:30

SQLAlchemy 2 In Practice - Chapter 2 - Database Tables

This is the second chapter of my SQLAlchemy 2 in Practice book. If you'd like to support my work, I encourage you to buy this book, either directly from my store or on Amazon . Thank you! This chapter provides an overview of the most basic usage of the SQLAlchemy library to create, update and query database tables.

[DRAGNET]5 · 2026-03-26 07:00

The FBI Just Named 18 Popular Routers Targeted By A Massive Malware Operation

The FBI Just Named 18 Popular Routers Targeted By A Massive Malware Operation    bgr.com

[DRAGNET]0 · 2026-03-26 07:00

Hackers compromised PyPI and injected malware into litellm

Hackers compromised PyPI and injected malware into litellm    mezha.net