Author: PulauWin

Help Net Security

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps

March 23, 2026 add comment
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings, and required templates go... Read more »
Help Net Security

NIST updates its DNS security guidance for the first time in over a decade

March 23, 2026 add comment
DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years.... Read more »
Internet Security

Russia-linked actors target WhatsApp and Signal in phishing campaign

March 22, 2026 add comment
Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts. Threat actors linked to Russian Intelligence Services are running phishing campaigns... Read more »

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

March 22, 2026 add comment
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability... Read more »
Internet Security

Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager

March 22, 2026 add comment
Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992... Read more »
Internet Security

U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

March 22, 2026 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added... Read more »
Internet Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

March 22, 2026 add comment
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware – malware analysis   DRILLAPP: new... Read more »
Help Net Security

Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw

March 22, 2026 add comment
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What smart factories keep getting wrong about cybersecurity In this Help Net Security interview,... Read more »
The Hacker News

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

March 22, 2026 add comment
Google on Thursday announced a new “advanced flow” for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance... Read more »

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

March 22, 2026 add comment
A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing... Read more »
Subscribe to our Newsletter