Security & IT News

Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. [...]

Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. [...]

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The AI recruiting startup confirmed a security incident after an extortion hacking crew took credit for stealing data from the company's systems.

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. [...]

Google is rolling out a new feature in the U.S. that allows users to change their @gmail address or create a new alias. [...]

Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams. [...]

The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. [...]

Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. [...]

Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in Brazil, Indonesia, Singapore, and Thailand this September, before it expands globally next year. As part of this

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. [...]

Critical infrastructure (CI) organizations underpin national security, public safety, and the economy. In 2026, the cyber threat landscape facing these sectors is structurally different than it was even two years ago. What Microsoft Threat Intelligence is observing across critical infrastructure environments right now is not a forecast. It is already happening. Threat actors are no longer focused solely on data theft or opportunistic disruption. They are establishing persistent access, footholds they can sit in quietly, undetected, and activate at the moment of maximum disruption. That is the threat CI leaders need to be preparing for today. Not someday. Now. Given these rising threats, governments worldwide are advancing policies and regulations to require critical infrastructure organizations to prioritize continuous readiness and proactive defense. The regulatory trajectory is clear. The U.S. National Cybersecurity Strategy published in March 2023 explicitly frames cybersecurity of critical infrastructure as a national security imperative. Japan issued a basic policy to implement the Active Cyber Defense legislation in 2025 . Europe continues to implement the NIS2 Directive across the essential sectors. And Canada is advancing a more prescriptive approach to critical infrastructure security through Bill C8 . What Microsoft Threat Intelligence hears from law enforcement agencies reinforces what we observe in our own telemetry. For example, Operation Winter SHIELD is a joint initiative led by the FBI Cyber Division focused on helping CI organizations move from awareness to verified readiness. Implementation not just awareness, not just policy. It is what closes the gap between knowing you are a target and being ready when it matters. The water sector offers a clear illustration of what that implementation gap looks like in practice and what it takes to close it. The findings from Microsoft, released on March 19, 2026, in collaboration with the Cyber Readiness Institute and the Center on Cyber Technology and Innovation show that hands-on coaching paired with practical training materially improves cyber readiness in water and wastewater utilities in ways that guidance alone does not. When attacks succeed, communities face safety concerns, loss of trust, and service disruptions. That is not an abstraction. That is what is at stake across every CI sector. To say that environments CI organizations are defending today were not designed for the threat they are facing is an understatement. Legacy systems now operate within hybrid IT–OT environments connected by cloud-based identity, remote access, and complex vendor ecosystems that did not exist when those systems were built. Identity has become the central control layer across all of it. Microsoft Threat Intelligence and Incident Response investigations show a convergence of identity-driven intrusion, living-off-the-land (LOTL) persistence, and nation-state prepositioning across CI. Against this backdr

A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update,

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack.

What to know about the era of AI The first thing to know is that AI isn’t magic The best way to think about how to effectively use and secure a modern AI system is to imagine it like a very new, very junior person. It’s very smart and eager to help but can also be extremely unintelligent. Like a junior person, it works at its best when it’s given clear, fairly specific goals, and the vaguer its instructions, the more likely it is to misinterpret them. If you’re giving it the ability to do anything consequential, think about how you would give that responsibility to someone very new: at what point would you want them to stop and check with you before continuing, and what information would you want them to show you so that you could tell they were on track? Apply that same kind of human reasoning to AI and you will get best results. Microsoft Deputy CISOs To hear more from Microsoft Deputy CISOs, check out the OCISO blog series . To stay on top of important security industry updates, explore resources specifically designed for CISOs, and learn best practices for improving your organization’s security posture, join the Microsoft CISO Digest distribution list . At its core, a language model is really a role-playing engine that tries to understand what kind of conversation you want to have and continues it. If you ask it a medical question in the way a doctor would ask another doctor, you’ll get a very different answer than if you asked it the question the way a patient would. The more it’s in the headspace of “I am a serious professional working with other serious professionals,” the more professional its responses get. This also means that AI is most helpful when working together with humans who understand their fields and it is most unpredictable when you ask it about something you don’t understand at all. The second thing to know is that AI is software AI is essentially a stateless piece of software running in your environment. Unless the code wrapping does so explicitly, it doesn’t store your data in a log somewhere or use it to train AI models for new uses. It doesn’t learn dynamically. It doesn’t consume your data in new ways. Often, AI works similarly to the way most other software works: in the ways you expect and the ways you’re used to, with the same security requirements and implications. The basic security concerns—like data leakage or access—are the same security concerns we’re all already aware of and dealing with for other software. An AI agent or chat experience needs to be running with an identity and with permissions, and you should follow the same rules of access control that you’re used to. Assign the agent a distinct identity that suits the use case, whether as a service identity or one derived from the user, and ensure its access is limited to only what is necessary to perform its function. Never rely on AI to make access control decisions. Those decisions should always be made by deterministic, non-AI mechanisms. You should sim

Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds

CareCloud, a major provider of medical records storage, said hackers accessed one of its repositories of patient data earlier in March. It provides technnology for more than 45,000 providers covering millions of patients.

AI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. [...]

Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. [...]