Security and Surveillance

Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records

(Jonathan Greig – The Record) North Korean hackers targeted cryptocurrency e-commerce platform Bitrefill during an attack on March 1, according to a post-mortem from the company published Tuesday. In a lengthy statement, Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses and metadata including IP addresses. Bitrefill is designed to allow people to live off of cryptocurrency, enabling users to buy digital gift cards or pay bills online with it. The company has partnerships with Amazon, Doordash, Apple, Uber, Walmart and more. – https://therecord.media/crypto-platform-accuses-north-korea-hack

/Bank software vendor Marquis says more than 670,000 impacted by August breach

(Jonathan Greig – The Record) The cyberattack on bank vendor Marquis Software exposed the information of 672,075 people, according to regulatory filings. The company, which provides software that allows financial institutions to communicate with customers, previously warned in November that at least 74 banks, credit unions and financial institutions were impacted by a data breach that occurred in August. At the time, the company did not say how many people were affected. In letters to victims, the company said it discovered the breach on August 14 and notified law enforcement before hiring cybersecurity experts to assist with the recovery. The investigation revealed that the hackers copied files from Marquis Software’s systems. – https://therecord.media/marquis-bank-vendor-data-breach

AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure

(Phil Muncaster – Infosecurity Magazine) AI and automation helped threat actors to rapidly accelerate attacks in 2025, collapsing the “predictive window” between vulnerability disclosure and exploitation, according to Rapid7. The security vendor’s new 2026 Global Threat Landscape Report is based on Rapid7 MDR incident response investigations and other internal data. It claimed that “what once unfolded over weeks now materializes in days, and in some cases, minutes.” – https://www.infosecurity-magazine.com/news/exploitation-accelerates-in-2025/

Crypto Scam “ShieldGuard” Dismantled After Malware Discovery

(Alessandro Mascellino – Infosecurity Magazine) A cryptocurrency scam known as “ShieldGuard” has been dismantled after researchers identified it as a malicious browser extension designed to harvest sensitive user data. The operation, uncovered by Okta Threat Intelligence and described in an advisory published on March 17, initially presented itself as a security tool aimed at protecting crypto wallets from phishing and harmful smart contracts. ShieldGuard combined social media promotion, a browser extension listing and a token “airdrop” incentive model to attract users. Participants were encouraged to download the extension and promote it in exchange for future cryptocurrency rewards. The project claimed its software could detect suspicious transactions before users approved them. However, analysis revealed a very different purpose. – https://www.infosecurity-magazine.com/news/crypto-scam-shieldguard-dismantled/

Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats

(Kevin Poireault – Infosecurity Magazine) Hundreds of GitHub repositories seemingly offering “free game cheats” deliver malware, including the Vidar infostealer, Acronis Threat Research Unit (TRU) has found. While the identified malicious repositories already target “virtually every major online game title,” the security researchers estimate the true number “could be in the thousands”, they warned in a report published on March 17. They also found Reddit posts mentioning and promoting a game cheat for Counter-Strike 2 leading to a fake website that encourages the user to download and install Vidar 2.0. – https://www.infosecurity-magazine.com/news/vidar-stealer-exploits-github/

The Path of Least Resistance: Why Active Inertia is the Real AI Threat

(Gavin Millard – Infosecurity Magazine) If you’ve been in the cyber industry for a while, you start to notice cybersecurity has a “Groundhog Day” quality. We change acronyms and leverage hot new phrases, but the headlines remain the same: passwords still get stolen, people still get phished, S3 buckets still get left open and confidential data still gets leaked. We often lie to ourselves to explain this. We say the C-suite doesn’t care. We complain about “executive apathy,” picturing a board of suits shrugging their shoulders at our heat maps. In my experience, this is rarely true. Most boards care deeply and are terrified of being the next headline. They are approving cyber spend, reading reports and hiring talent to try and solve the problem. They aren’t apathetic – they are suffering from Active Inertia. – https://www.infosecurity-magazine.com/opinions/active-inertia-real-ai-threat/

AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner

(Phil Muncaster – Infosecurity Magazine) Custom-built AI applications are set to cause major headaches for security teams over the coming years, unless they can get involved in projects early on, Gartner has warned. The analyst predicted that by 2028, at least half of enterprise incident response efforts would be devoted to managing the fallout from security issues connected to these apps. “AI is evolving quickly, yet many tools – especially custom-built AI applications – are being deployed before they’re fully tested,” warned Gartner VP analyst, Christopher Mixter. “These systems are complex, dynamic and difficult to secure over time. Most security teams still lack clear processes for handling AI-related incidents, which means issues can take longer to resolve and require far more effort.” – https://www.infosecurity-magazine.com/news/ai-issues-half-incident-response/

How to Cut MTTR by 21 Minutes Per Case: An Action Plan for CISOs

(Alex Ford – Infosecurity Magazine) Unnecessary escalations cost time, focus and confidence. Add a week of noisy alerts and MTTR starts to climb in a way that’s hard to explain in a report, and even harder to fix with “work faster” pressure. Top CISOs are rolling out a clear action plan that tightens early decisions, reduces back-and-forth, and keeps cases moving from first signal to containment. That approach has helped cut MTTR by 21 minutes per case, without sacrificing investigation quality. – https://www.infosecurity-magazine.com/blogs/how-to-cut-mttr-by-21-minutes-ciso/

Researchers warn of unpatched, critical Telnetd flaw affecting all versions

(Pierluigi Paganini – Security Affairs) Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in the LINEMODE handler, causing a buffer overflow. The flaw affects all versions up to 2.7. A patch is expected by April 1, 2026, and users are urged to update as soon as it becomes available. GNU InetUtils telnetd is a server component of GNU InetUtils that provides remote login access via the Telnet protocol. It allows users to connect to a system over a network and run commands remotely, though it’s largely outdated and insecure compared to modern alternatives like SSH. – https://securityaffairs.com/189620/hacking/researchers-warn-of-unpatched-critical-telnetd-flaw-affecting-all-versions.html

CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

(Pierluigi Paganini – Infosecurity Magazine) Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control of vulnerable systems. The bug relies on a cleanup window of 10–30 days, but can ultimately lead to full system compromise. It stems from how snap-confine manages privileged execution and how systemd-tmpfiles removes old temporary files. “The Qualys Threat Research Unit has identified a Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components: snap-confine and systemd-tmpfiles.” reads the advisory. – https://securityaffairs.com/189614/security/cve-2026-3888-ubuntu-desktop-24-04-vulnerable-to-root-exploit.html

Robotic surgery firm Intuitive reports data breach after targeted phishing attack

(Pierluigi Paganini – Security Affairs) Intuitive is an American company that designs, manufactures, and sells robotic systems for minimally invasive surgery. Its most well-known products include the da Vinci Surgical System for general surgery and the Ion endoluminal system for precise procedures inside the lungs. These robotic platforms help surgeons perform complex procedures with smaller incisions, greater precision, and faster recovery times for patients. The company disclosed a data breach caused by a targeted phishing attack. Threat actors used a compromised employee account to access internal systems, exposing customer contact details, employee data, and corporate information. The company quickly responded by securing affected applications and activating incident response measures. – https://securityaffairs.com/189598/data-breach/robotic-surgery-firm-intuitive-reports-data-breach-after-targeted-phishing-attack.html

China: Cybercrime Bill Entrenches Censorship, Surveillance

(Human Rights Watch) The Chinese government’s proposed law to combat cybercrime extends far beyond addressing legitimate legal concerns and contains sweeping provisions that pose a significant threat to human rights, Human Rights Watch said today. China’s Ministry of Public Security on January 31, 2026, published a 68-article Draft Law on Cybercrime Prevention and Control. If enacted, the bill would bring together rules that govern China’s telecommunication, internet, and banking systems under a single framework, strengthening authorities’ ability to trace user activity across platforms. The bill also expands police and other authorities’ ability to suspend access to financial accounts and communication services and bar people from leaving the country in cybercrime-related cases without meaningful oversight or redress provisions. Notably, the draft law has problematic extraterritorial reach. – https://www.hrw.org/news/2026/03/17/china-cybercrime-bill-entrenches-censorship-surveillance

Brief, Bold and Beautiful? Reactions on the US National Cyber Strategy

(Louise Marie Hurel, Pia Hüsch, James A. Lewis, Erica D Lonergan, Gareth Mott and Conrad Prince CB – RUSI) Earlier in March, the Trump administration finally published its National Cyber Strategy after months of suspense regarding the content and tone it would convey, globally, about the US’s ambitions in cyberspace. The announcement came at a strategic time: at the start of the second year of Trump’s presidency, after a series of demonstrations of US use of cyber capabilities in the operation to extract Maduro from Venezuela, and at the outset of the unfolding war in Iran. There is no single standard for a national cyber strategy; some can be closer to an action plan, outlining budget lines and action items; others might still be lengthy and focused on elaborate ‘pillars of action’. Unlike many ‘strategies’ so far, the US National Cyber Strategy has five pages of text and has raised both praise and critiques about its level of detail and concrete action. There is certainly no meandering when it comes to communicating ambitions in this strategy, and we have brought together a series of experts to reflect on: (i) the continuities and ruptures the NCS presents compared to its predecessors; (ii) what it means for the US’s posture on the use of offensive cyber capabilities; (iii) the role of the private sector in enabling the aspirations set out in the NCS; (iv) how realistic are the ambitions it presents on AI; and (v) what the strategy means for UK-US transatlantic relations. –  https://www.rusi.org/explore-our-research/publications/commentary/brief-bold-and-beautiful-reactions-us-national-cyber-strategy

Frontiers

Green light for massive UK AI tech park

(DigWatch) North Lincolnshire Council has granted outline planning permission for the Elsham Tech Park, a proposed AI data centre campus that would rank among the largest of its kind in the UK. At full build-out, the site would include up to 15 hyperscale data centre buildings across 176 hectares, delivering more than 1.5 million square metres of floorspace and up to 1GW of computing capacity. The development is expected to cost between £5.5 billion and £7.5 billion to build and could attract up to £10 billion in private investment over its lifetime. – https://dig.watch/updates/green-light-for-massive-uk-ai-tech-park

NVIDIA expands physical AI ecosystem to accelerate real world robotics

(DigWatch) Partnerships across the robotics sector are positioning NVIDIA at the centre of what is increasingly described as ‘physical AI’, a shift towards intelligent machines capable of perceiving, reasoning and acting in real environments. A new generation of tools, including NVIDIA Cosmos world models and updated NVIDIA Isaac simulation frameworks, aims to support developers in training and validating robots before deployment. These systems enable companies to simulate complex environments, reducing the risks and costs of real-world testing. – https://dig.watch/updates/nvidia-expands-physical-ai-ecosystem-to-accelerate-real-world-robotics

6G will make wireless networks capable of thinking for themselves

(DigWatch) Unlike its predecessors, 6G is being designed from the ground up with AI as a core feature rather than a performance add-on. From user devices and base stations through to the network core, AI and machine learning will enable 6G networks to self-optimise, manage interference, predict user mobility, and make real-time decisions with minimal human intervention. – https://dig.watch/updates/6g-will-make-wireless-networks-capable-of-thinking-for-themselves