DJBSEC's CyberNews 2026-03-24

Created in March 24, 2026

2026   ·   Daily News   ·   News

Google Expands Gemini to Help Analysts Search the Dark Web

Google has introduced Gemini-powered capabilities aimed at helping defenders search and analyze dark web activity more efficiently. The idea is to use AI agents to speed up threat intelligence work by surfacing relevant signals, identifying malicious infrastructure, and helping analysts process large volumes of underground data. Supporters see it as a force multiplier for security teams that are already overwhelmed by the scale and speed of cyber threats. The bigger issue is trust: defenders will need to validate AI-generated findings carefully so these tools improve investigations instead of adding noise or false confidence.
Read More

North Korean Remote IT Worker Caught After a VPN Slip-Up

Researchers say a suspected North Korean operative successfully landed a remote IT job at a Western company before being discovered just 10 days later. According to LevelBlue, the individual was assigned work involving sensitive Salesforce data and initially blended in, but security tools flagged behavioral anomalies and a login from an unmanaged device in St. Louis, Missouri. Investigators also tied the activity to Astrill VPN, which researchers described as a strong indicator associated with North Korean operations, especially for masking location and routing traffic through U.S. exit nodes. The case is a sharp reminder that remote hiring fraud is now a real insider-threat problem, especially when it is tied to state-sponsored revenue generation.
Read More

NetScaler ADC and Gateway Flaws Open the Door to Remote Attacks

Researchers are warning that critical vulnerabilities in NetScaler ADC and Gateway can enable remote attacks against exposed systems. The flaws affect infrastructure that often sits directly in front of enterprise apps and remote access services, which makes them especially high-value targets for attackers. If exploited, these bugs could give threat actors a path to compromise appliances, disrupt services, or pivot deeper into the environment. For organizations using NetScaler, this is a patch-now issue, not something to leave in the queue.
Read More

Critical QNAP QVR Pro Bug Could Let Attackers Access Systems Remotely

A critical vulnerability in QNAP’s QVR Pro platform could let remote attackers gain unauthorized access to affected systems. Because QVR Pro is tied to surveillance and video management, the risk is not just technical compromise but also potential exposure of sensitive monitoring infrastructure. A bug like this can give attackers a foothold in environments where cameras and recording systems are connected to broader networks. Organizations using QNAP gear should treat this as a serious exposure point and move quickly on remediation.
Read More

North Korean Hackers Abuse VS Code Auto-Run Tasks to Drop Malware

Threat actors linked to North Korea are reportedly abusing Visual Studio Code auto-run tasks to deploy StoatWaffle malware. The tactic is dangerous because it leverages a trusted developer tool and can blend into normal workflows, making malicious activity less obvious. It also reinforces a bigger pattern: developer environments are now prime targets because compromising one workstation can open the door to source code, secrets, CI/CD pipelines, and downstream software supply chains. This is exactly the kind of attack that shows why securing developer tooling is no longer optional.
Read More

CISOs Debate How Much Humans Still Matter in AI-Driven Security

At RSAC 2026, security leaders debated whether the old “human in the loop” model still makes sense in an era of increasingly autonomous AI security tools. The discussion reflects a real tension in the industry: companies want AI to move faster than people can, but they also do not want to hand critical security decisions to systems that can still be wrong in dangerous ways. Some leaders see human oversight as essential for judgment, accountability, and context, while others argue that too much human involvement can become a bottleneck. The real answer is likely not all-human or all-AI, but figuring out exactly where people add the most value and where automation should take the lead.
Read More

Tycoon2FA Bounces Back Days After Law Enforcement Disruption

The Tycoon2FA phishing-as-a-service platform is already back near normal activity levels just days after a major police disruption. According to reporting, the earlier operation seized 330 domains tied to its infrastructure, but CrowdStrike observed the service rapidly recover and resume operations. That rebound shows how resilient phishing platforms have become: even when infrastructure is taken down, the operators can often rebuild fast enough that the disruption ends up being temporary. It is another reminder that takedowns matter, but they rarely end the threat on their own.
Read More

CanisterWorm Targets Kubernetes and Ends With a Kamikaze Wiper

CanisterWorm is a new campaign targeting Kubernetes clusters through what researchers describe as an npm supply chain attack. After spreading and hijacking developer accounts, the malware ultimately deploys a destructive “Kamikaze” wiper payload, turning the compromise from persistence into outright sabotage. That makes this campaign especially concerning because it blends software supply chain abuse, cloud-native targeting, and destructive intent in one package. For security teams, this is a warning that attacks against developers can quickly become attacks against production infrastructure.
Read More

OpenAI Rolls Out ChatGPT Library for Stored Personal Files

OpenAI has rolled out a ChatGPT Library feature that stores users’ uploaded and created files in a dedicated location for easier reuse later. According to reporting, uploaded documents, spreadsheets, presentations, and images can now persist across chats instead of remaining isolated to a single conversation. That may be convenient for users, but it also changes the security and privacy conversation because stored files become a more durable asset that users need to manage intentionally. The upside is better continuity; the risk is that people may not realize how much information they are leaving behind in a central AI workspace.
Read More

Palo Alto Expands Security Platform to Discover AI Agents

Palo Alto Networks has updated its security platform with capabilities designed to discover AI agents operating inside enterprise environments. That matters because companies are rapidly adopting AI assistants, autonomous workflows, and agentic tools, often faster than security teams can inventory or govern them. The move reflects a growing realization that AI agents are becoming a new asset class that needs visibility, policy control, and risk monitoring just like endpoints, SaaS apps, and cloud workloads. In plain terms, security teams cannot protect what they cannot see, and right now many organizations do not fully know where their AI agents are or what data they can reach.
Read More



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2026-04-16
  • DJBSEC's CyberNews 2026-04-15
  • DJBSEC's CyberNews 2026-04-14
  • DJBSEC's CyberNews 2026-04-13
  • DJBSEC's CyberNews 2026-04-10