ICYMI: 2026-03-17
Latest Headlines
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
AI is Everywhere, But CISOs are Still Securing It with Yesterday’s Skills and Tools, Study Finds
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web
Surf AI Raises $57 Million for Agentic Security Operations Platform
Google, Meta, Microsoft Among Signatories of Pact to Combat Scams
AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks
Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance
Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises
Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware
Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems
AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration
To Beat Alert Overload, Stop Wasting Time on False Positives
Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials
Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories
New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
New font-rendering trick hides malicious commands from AI tools
Microsoft stops force-installing the Microsoft 365 Copilot app
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
Microsoft shares fix for Windows C: drive access issues on Samsung PCs
New Windows 11 hotpatch fixes Bluetooth device visibility issue
Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
– MTZ