A sophisticated exploit kit capable of compromising Apple iPhones running iOS versions 13.0 through 17.2.1 has been uncovered by cybersecurity researchers. Google’s Threat Intelligence Group (GTIG) said the toolkit, internally named Coruna, includes 5 full exploit chains and 23 vulnerabilities… Read More "Coruna Exploit Kit Targets Older iPhones in Multi-Stage Campaigns"
A critical vulnerability affecting the Context7 MCP Server, a widely used tool for delivering documentation to AI coding assistants, has been disclosed by security researchers. The issue, dubbed ContextCrush, could allow attackers to inject malicious instructions into AI development tools… Read More "ContextCrush Flaw Exposes AI Development Tools to Attacks"
The risk of insider threats is on the rise and businesses are concerned about the cybersecurity implications of intentionally malicious or negligent employees, research by Mimecast has warned. According to the company’s State of Human Risk Report 2026, internal cybersecurity… Read More "AI-Driven Insider Risk Now a “Critical Business Threat,” Report Warns"
The number of zero-day vulnerabilities uncovered in enterprise software and appliances reached an all-time high last year, analysis by Google Threat Intelligence Group (GTIG) has warned. In the report, released on March 5, GTIG said it tracked 90 zero-day vulnerabilities… Read More "Zero‑Day Attacks on Enterprise Software Reach Record High"
Several US companies have been targeted by Iranian hacking group MuddyWater in a new campaign that started in early February and has continued after the US and Israeli military strikes on Iran. The campaign was detected by the Threat Hunter… Read More "Iran’s MuddyWater Hackers Hit US Firms with New ‘Dindoor’ Backdoor"
The UK’s Companies House has been forced to suspend access to its WebFiling dashboard after being notified of a serious flaw which may have exposed countless businesses to fraud. The government agency, which is in charge of incorporating and dissolving… Read More "Companies House Web Glitch Exposes Corporate Details to Fraudsters"
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as… Read More "Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak"
The FBI is asking gamers who unwittingly downloaded malware from the popular Steam platform to help with its investigation. FBI’s Seattle Division issued a notice in mid-March as it continued in its search for the threat actor responsible for the… Read More "FBI Calls for Help to Track Steam Malware Campaign"
A method for exfiltrating sensitive data from AI-powered code execution environments using domain name system (DNS) queries has been demonstrated by security researchers, highlighting potential risks in cloud-based AI tooling. The Phantom Labs Research report, published on March 16, focuses… Read More "Security Flaw in AWS Bedrock Code Interpreter Raises Alarms"
A set of newly identified vulnerabilities in the Linux security module AppArmor could allow attackers to gain root access, bypass system protections and trigger service outages across millions of systems. The issues, collectively named ‘CrackArmor,’ were discovered by the Qualys… Read More "CrackArmor Flaws Expose Linux Systems to Privilege Escalation"
