❌

Normal view

Received β€” 10 March 2026 ⏭ Security

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

βœ‡The Hacker News
By: Unknown
10 March 2026 at 11:45
Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

βœ‡The Hacker News
By: Unknown
10 March 2026 at 11:00
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

βœ‡The Hacker News
By: Ravie Lakshmanan
10 March 2026 at 10:55
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,

Electric Eye – a Rust/WASM Firefox extension to detect AitM proxies via DOM analysis, TLS fingerprinting and HTTP header inspection

βœ‡/r/netsec - Information Security News & Discussion
By: /u/Reversed-Engineer-01
10 March 2026 at 07:43

I built a Firefox extension to detect Adversary-in-the-Middle attacks in real time.

The core idea: instead of chasing blacklists (a losing game when domains cost $3),

look at what the proxy cannot easily hide.

Detection runs across four layers:

- DNS: entropy, punycode/homograph, typosquatting, subdomain anomalies

- HTTP headers: missing CSP/HSTS, proxy header signatures

- TLS: certificate age anomalies

- DOM: MutationObserver scanning for domain mismatch between the current URL

and page content β€” this is the killer signal against Evilginx-style kits

The engine is pure Rust compiled to WASM. JS is a deliberately thin interface

layer only β€” a conscious security decision.

Tested against a live Evilginx deployment: 1.00 CRITICAL. Zero false positives

on 10+ legitimate sites including Google, Apple, PayPal, and several EU banks.

There is a grey area β€” CDN-heavy sites (Amazon, PayPal) trigger ProxyHeaderDetected

via CloudFront. Still working on a neater model for that.

Full writeup: https://bytearchitect.io/network-security/Bypassing-MFA-with-Reverse-Proxies-Building-a-Rust-based-Firefox-Extension-to-Kill-AitM-Phishing/

Submitted to Mozilla Add-ons β€” pending review. Happy to discuss the detection

model or the Rust/WASM architecture.

submitted by /u/Reversed-Engineer-01
[link] [comments]

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

βœ‡The Hacker News
By: Ravie Lakshmanan
10 March 2026 at 07:17
Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

βœ‡The Hacker News
By: Ravie Lakshmanan
10 March 2026 at 06:17
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that

Weekly Update 494

βœ‡Troy Hunt
By: Troy Hunt
10 March 2026 at 01:29
Weekly Update 494

Since starting HIBP a dozen and a bit years ago, I've loaded an average of one breach every 4.7 days. That's 959 of them to date, but last week it was five in only two days. That's a few weeks' worth of breaches in only 48 and a half hours. And that's the way it tends to be in this industry: flurries of activity followed by periods of silence. I obviously don't have any control over the cadence of breaches (nor when they begin circulating), which does make for some interesting scheduling challenges. Somewhere amongst responding to those incidents, we manage to do all the other mechanical things required to keep this service running the way it does. Anyway, this week it's "breachapalooza", with some behind-the-scenes info on the Odido, KomikoAI, Quitbro, Lovora and Provecho.

Weekly Update 494
Weekly Update 494
Weekly Update 494
Weekly Update 494
❌