Authorities from 21 countries took down 53 domains and arrested four people allegedly involved in distributed denial-of-service operations used by more than 75,000 cybercriminals, Europol said Thursday. The globally coordinated effort dubbed "Operation PowerOFF" disrupted booter services and seized and dismantled infrastructure, including servers and databases, that supported the DDoS-for-hire services, officials said. READ MORE...
Two New Jersey men were sentenced Wednesday for facilitating North Korea's long-running scheme to plant operatives inside U.S. businesses as employees, generating more than $5 million in illicit revenue for the regime, the Justice Department said. The U.S. nationals - Kejia Wang, also known as Tony Wang, and Zhenxing Wang, also known as Danny Wang - were part of a years-long conspiracy that placed operatives in jobs at more than 100 U.S. companies. READ MORE...
On March 10, 2026, Microsoft patched CVE-2026-26144, a cross-site scripting (XSS) vulnerability in Excel. XSS in Office isn't anything new, but what makes this XSS different is what happens after the script executes. The vulnerability chains with Copilot Agent mode. An attacker embeds a malicious payload in an Excel file. After a user opens it, the XSS fires without the user ever clicking anything. Zero Day Initiative's Dustin Childs warned that this attack scenario will become more common. READ MORE...
Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations-Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical infrastructure-under an initiative called Project Glasswing. READ MORE...
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. The threat can adjust hydraulic pressures and raise chlorine levels to dangerous levels, researchers found during their analysis. Based on its IP targeting and political messages embedded in its strings, ZionSiphon appears to focus on targets based in Israel. READ MORE...
An attachment in an email impersonating DHL about a shipment contains a link to a preconfigured SimpleHelp remote access tool-an ideal starting point for attackers to explore a network, steal data, and drop additional malware. A German industrial spare parts and equipment supplier received an email pretending to be from DHL, claiming a shipment had arrived. Given their line of business, I imagine they get this type of email all the time. But a few details stood out. READ MORE...
The National Institute of Standards and Technology is changing how it analyzes newly disclosed vulnerabilities as it faces a massive backlog of digital flaws. Due to "a surge in [cybersecurity vulnerabilities and exposures] submissions," NIST said on Wednesday, the agency will only perform detailed analyses of CVEs that meet certain criteria, including publication in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities (KEV) catalog. READ MORE...
A Chinese ship has tested a new device capable of slicing through submarine data cables thousands of meters beneath the ocean surface. That demonstration may exacerbate security concerns over a spate of suspected sabotage incidents targeting undersea communications and power cables from the Baltic Sea to the Pacific Ocean. The trial took place at a depth of 11,483 feet (3,500 meters) during a deep-sea science expedition involving the Chinese research ship named Haiyang Dizhi 2. READ MORE...
Organizations are warned that a recently patched vulnerability affecting Apache ActiveMQ Classic is being exploited in the wild. The flaw is tracked as CVE-2026-34197 and it came to light roughly 10 days ago, after it lurked in the software's code for 13 years. It has been patched with the release of versions 5.19.5 and 6.2.3. Apache ActiveMQ is an open source, multi-protocol message broker that enables reliable, asynchronous communication between applications. READ MORE...
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed "RedSun," is another privilege escalation flaw in the same platform. The second, "UnDefend," allows a standard user to block Microsoft Defender from receiving signature updates or disable it entirely (if Microsoft pushes a major Defender update). READ MORE...