Latest news as of 3/30/2026, 1:48:00 PM
The Hacker News
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company Checkmarx, are listed below - checkmarx/ast-github-action checkmarx/kics-github-action Cloud security
The Hacker News
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not
The Hacker News
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user
The Hacker News
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware attacks across the
Dark Reading
Threat actors bypass security tools and use AI to launch faster ransomware attacks that exploit valid credentials and target data
Bleeping Computer
OpenAI is rolling out a new feature called 'Library' for ChatGPT, which allows you to store your personal files or images on OpenAI's cloud storage, so you can reference those items in a future chat. [...]
Have I Been Pwned
In around 2011, the RuneScape Boards forum (also known as RSBoards) suffered a data breach . The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes. that was later redistributed as part of a larger corpus of data
The Register
'It freakin' worked' says Rob Joyce - and shows how relentless AI agents can find holes humans miss The now-infamous abusing Claude AI to automate cyberattacks was a Rorschach test for the infosec community, according to former NSA cyber boss Rob Joyce.… RSAC 2026 Anthropic report about Chinese cyberspies
Bleeping Computer
Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. [...]
Dark Reading
Two cybersecurity leaders tested out AI in their respective SOCs for six months — and here's what they learned.