Nine “LeakyLooker” flaws in Google Looker Studio allowed cross-tenant SQL access across GCP services before being patched.
Get the latest international news and world events from around the world.
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
It also means carving out space for this work in how you prioritize. If strategic efforts like attack surface reduction are always competing against urgent patching, they will always lose. That might mean setting aside time each quarter to review and reduce exposure, or assigning clear ownership so someone is accountable for it — not just when a crisis hits, but routinely.
3. Continuous monitoring
Attack surface reduction isn’t a one-time exercise. Exposure changes constantly — a firewall rule gets edited, a new service gets deployed, a subdomain gets forgotten — and your team needs to detect those changes quickly.
New ‘BlackSanta’ EDR killer spotted targeting HR departments
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.
Described as “sophisticated,” the campaign mixes social engineering with advanced evasion techniques to steal sensitive information from compromised systems.
It is unclear how the attack begins, but researchers at Aryaka, a network and security solutions provider, suspect that the malware is distributed via spear-phishing emails.
New BeatBanker Android malware poses as Starlink app to hijack devices
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store.
The malware combines banking trojan functions with Monero mining, and can steal credentials, as well as tamper with cryptocurrency transactions.
Kaspersky researchers discovered BeatBanker in campaigns targeting users in Brazil. They also found that the most recent version of the malware deploys the commodity Android remote access trojan called BTMOB RAT, instead of the banking module.
New ‘Zombie ZIP’ technique lets malware slip past security tools
A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products.
Trying to extract the files with standard utilities like WinRAR or 7-Zip results in errors or corrupted data. The technique works by manipulating ZIP headers to trick parsing engines into treating compressed data as uncompressed.
Instead of flagging the archive as potentially dangerous, security tools trust the header and scan the file as if it were a copy of the original in a ZIP container.
Microsoft releases Windows 10 KB5078885 extended security update
Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevents some devices from shutting down.
If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a ’Check for Updates.’
After installing this update, Windows 10 will be updated to build 19045.7058, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.7058.
Surviving the Death of the Sun — Moving Earth or Finding a New Home
Discover how to move worlds and forge new stars. Go to the link: https://imprintapp.com/isaacarthur to get 25% off an annual membershipVisit our Website: http…
Highly efficient expression of DNA-peptide conjugates in growth-arrested cells
Mohamedshah et al. present an enzymatic strategy for covalently linking nuclear localization sequence (NLS) peptides to DNA cassettes by incorporating a strained cyclooctyne and using SPAAC chemistry, greatly enhancing transfection efficiency compared to previous methods. [ https://www.nature.com/articles/s41467-025-68167-5](https://www.nature.com/articles/s41467-025-68167-5)
Efficient nuclear delivery of DNA remains a major challenge in non-viral gene therapy. Here the authors present an improved workflow for generating DNA oligonucleotide-peptide conjugates which are ligated to linear DNA and achieve nuclear localization.
Focused ultrasound subtly primes human brain to respond, EEG study finds
A research team at Carnegie Mellon University has developed a new noninvasive brain stimulation technique, by showing how focused ultrasound affects the human brain. Using brainwave recordings from human participants, the team found that focused ultrasound can subtly influence brain activity without directly causing neurons to fire. The work clarifies conflicting results in the field and introduces a new approach to noninvasive brain stimulation. The study is published in Nature Communications.
Focused ultrasound has been studied for years, but its effects in humans are not well understood. One challenge is that the technology makes a quiet beeping sound that can trigger hearing pathways in the brain, making it hard to know whether changes are caused by the sound or by the ultrasound itself. Previous studies using MRI scans may also produce misleading signals.
To address these limitations, researchers conducted a resting-state study in 27 human participants using concurrent whole-brain EEG recordings. They compared low-intensity transcranial focused ultrasound (tFUS) alone, a mild electrical brain stimulation called tDCS, and a new approach that combines the two, deemed transcranial electro-acoustic stimulation (tEAS). When used alone, neither ultrasound nor electrical stimulation caused clear, targeted brain responses. However, when combined, they produced strong, specific activity in the targeted area.