Latest Cybersecurity News and Articles

---

Who’s Who In Domain Security: 10 Companies To Watch In 2026

Resource guide for CISOs and MSSPs – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Mar. 27, 2026 Domain security unexpectedly and repeatedly came up in Cybercrime Magazine’s discussions with chief information security officers (CISOs) and managed security service providers (MSSPs) when we were at the RSAC The post Who’s Who In Domain Security: 10 Companies To Watch In 2026 appeared first on Cybercrime Magazine.

---

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone," the

---

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) repository on March 27, 2026, concealed their credential harvesting capabilities within a .WAV file. Users are

---

Pro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account

The group that it was making available for download emails and other documents from Patel’s account. The post Pro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account appeared first on SecurityWeek.

---

In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline

Other noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline appeared first on SecurityWeek.

---

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline had a single boolean return value that meant both 'no scanners are configured' and 'all scanners failed to run,'" Koi

---

OpenAI Launches Bug Bounty Program for Abuse and Safety Risks

Through the new program, OpenAI will reward reports covering design or implementation issues leading to material harm. The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared first on SecurityWeek.

---

Security As A Service: 7 Ways Coworking Spaces Can Upgrade Digital Trust In 2026

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 27, 2026 –Read the full story from CANOPY Cybercrime damage was on pace to hit $10.5 trillion in 2025, according to Cybersecurity Ventures. A single U.S. data breach averages $10.2 million, The post Security As A Service: 7 Ways Coworking Spaces Can Upgrade Digital Trust In 2026 appeared first on Cybercrime Magazine.

---

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware. "TikTok has been historically abused to distribute

---

Almost half a million Lloyds customers had personal data exposed in IT glitch

Letter from group published by MPs blames 12 March glitch on software update to its mobile banking appsLloyds Banking Group exposed the personal data of nearly 500,000 customers in an IT glitch that left people’s payments, account details and national insurance numbers visible to other users, a committee of MPs has revealed.A letter from Lloyds, published by MPs on the Treasury select committee on Friday, blamed the glitch on a software defect introduced during an IT update to its Lloyds, Halifax and Bank of Scotland mobile banking apps overnight into 12 March. Continue reading...

---

TP-Link Patches High-Severity Router Vulnerabilities

The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek.

---

We Are At War

Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it.  Introduction: One tech power to rule them all is a thing of the past  The relative safety, peace and prosperity that much of the world has enjoyed since 1945 was not accidental. It emerged from the ashes

---

RSAC 2026 Conference Announcements Summary (Days 3-4)

A summary of the announcements made by vendors on the third and fourth days of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Days 3-4) appeared first on SecurityWeek.

---

Coruna iOS Exploit Kit Likely an Update to Operation Triangulation

Coruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago. The post Coruna iOS Exploit Kit Likely an Update to Operation Triangulation appeared first on SecurityWeek.

---

Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy (also known as Labubu) operates as a dual-purpose group aimed at inflicting maximum damage upon Russian businesses;

---

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized

Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek.

---

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of

---

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that's also tracked as Earth Bluecrow,

---

Google warns quantum computers could hack encrypted systems by 2029

Banks, governments and tech providers urged to upgrade security because current systems will soon be obsolete Banks, governments and technology providers need to be prepared for quantum computer hackers capable of breaking most existing encryption systems by 2029, Google has warned.The tech company said in a blogpost that quantum computers would pose a “significant threat to current cryptographic standards” before the end of the decade and urged other companies to follow its lead. Continue reading...

---

Hightower Holding Data Breach Impacts 130,000

The holdings company says hackers stole names, Social Security numbers, and driver’s license numbers from its environment. The post Hightower Holding Data Breach Impacts 130,000 appeared first on SecurityWeek.