Latest IT News & Tech Trends
A vulnerability chain dubbed AutoJack in Microsoftâs AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. AutoGen Studio is the graphical component for AutoGen, Microsoftâs open-source framework for building multi-agent AI systems. The framework allows developers to […]
A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. Researchers at Qianxin’s XLab threat intelligence team say that the malware converts infected devices into remotely controlled âexecutorsâ that can perform scanning, proxying, tunneling, command execution, and other activities on behalf of the […]
A new ransomware operation named âPrinz Eugenâ prioritizes recently modified files for encryption and leaves no ransom note on the system. An investigation from Threatdown, the former corporate business unit of Malwarebytes, found that the Prinz Eugen hackers have a hands-on-keyboard style and prefer to use legitimate remote monitoring and management (RMM) software and living-off-the-land […]
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution comes after Microsoft first disclosed earlier this week that attackers hijacked an npm maintainer account and used it to publish malicious package updates. “Microsoft […]
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack. The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce CRM data from […]
Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. The flaw is tracked as CVE-2026-4020 and received a medium severity rating. It affects all versions of the plugin from 2.1.4 and older and has been addressed in version 2.1.5, released on March 17. WordPress security […]
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. The Texas Cyber Command discovered the intrusion and launched an investigation to determine the extent and impact of the unauthorized access. The state authority found that Social Security Numbers […]
Microsoft has confirmed a confusing Windows bug that causes different filenames to appear in the confirmation dialog when deleting a file from the Recycle Bin. “When permanently deleting a single item from the Recycle Bin, the confirmation dialog displays the internal Recycle Bin filename (for example, $Rxxxxx.ext) instead of the original filename,” the company explained in a […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. Tracked as CVE-2026-20253, this security flaw affects Splunk Enterprise (versions 10.2.0 to 10.2.3 and 10.0.0 to 10.0.6) and allows remote attackers without privileges to create or truncate arbitrary […]
A New York man faces cyberstalking charges after allegedly sharing AI-generated nude images and fabricated racist messages using fake social media profiles to harass a Georgia college student. 21-year-old Anthony Belford was arraigned June 10 after a federal grand jury returned an indictment charging him with one count of cyberstalking. Belford and the victim had […]
