← Cybersecurity Headlines
Cybersecurity Headlines
Chrome quantum-safe certificates, Gemini Live vulnerability, UK warns of Iranian cyberattacks
00:07:34
Loading summary
Transcript4 lines
- [00:00]
A
From the CISO series, it's Cybersecurity Headlines
- [00:07]
B
these are the cybersecurity headlines for Tuesday, March 3, 2026. I'm Sarah Lane. Chrome unveils quantum Safe certificates Google's Chrome team is testing quantum resistant HTTPs certificates to protect against future attacks by quantum computers. The initiative uses Merkle Tree certificates, which replace traditional certificate chains with compact proofs, reducing TLS handshake data and integrating transparency into issuance. Chrome's three phase rollout began with feasibility testing alongside cloudflare with public deployment and a dedicated quantum resistant root store planned for 2027. Vulnerability allowed hijacking Gemini Live in other Chrome news, a vulnerability allowed malicious extensions to hijack the browser's Gemini Live AI assistant, giving attackers access to local files, camera, microphone and other system resources. Exploitation required the Declarative. Net requests API, letting injected JavaScript manipulate the AI panel. The flaw was reported to Google back in October and patched in Chrome 143. Palo Alto Networks warns that hijacking such AI assistance can allow complex spying, phishing or data exfiltration without user consent. UK warns of Iranian cyber attack risks the UK's National Cybersecurity center, or NCSC, warned British organizations of potential Iranian cyber attacks amid Middle east tensions. State sponsored and Iran linked hackers are believed to retain some operational capability to despite Iran's ongoing Internet blackout. The NCSC advised organizations with Middle east supply chains or assets to review their attack surface, increase monitoring and follow guidance on DDoS, phishing and ICS targeting threats. Alleged Scam mastermind convicted A German court sentenced Mikhail Biniashvili to 7.5 years in prison for leading a branch of the Milton Group investment scam network, which defrauded victims of about 8 million euros between 2017 and 2019 through fraudulent online trading platforms. Prosecutors say he also developed and sold proprietary scam software Puma TS, enabling copycat operations that caused an additional 42 million euros in losses worldwide. The court ordered 2.4 million euros confiscated, but the verdict can still be appealed. Huge thanks to our sponsor Adaptive Security this episode is brought to you by Adaptive Security, the first security awareness platform built to stop AI powered social engineering. Today's phishing doesn't just hit inboxes, it can sound like your CFO or look like your CEO on zoom. AI, voices, video and deepfakes are turning trust into the attack surface. Adaptive fights back with AI driven risk scoring, deepfake simulations featuring your own executives and interactive training your team will actually Remember. Take a 3 minute tour or request a CEO deepfake demo at adaptivesecurity.com OpenClaw vulnerability hijacks AI agents A vulnerability in the OpenClaw AI assistant let malicious websites hijack self hosted agents without user interaction. Attackers could connect via local host brute force passwords and gain administrator privileges, enabling access to files, logs, slack messages and execution of commands across connected devices. The flaw relied on trusted local host access and unthrottled password attempts. Opencloth patched the issue within 24 hours and advising users to update to version February 5, 202625 or later. Memory scalpers hunt scarce DRAM DataDome reports a bot campaign sending over 10 million scraping requests to e commerce sites to track scarce DDR5 DRAM inventory, hitting product pages nearly six times more often than legitimate users and using cash busting and and AI tools to evade anti bot defenses. The goal is to identify and quickly buy limited memory stock for profitable resale, worsening an existing shortage driven by AI and hyperscaler demand. Analysts expect DRAM prices to potentially double in Q1 of 2026, with supply constraints also impacting smaller cloud providers and entry level device shipments. Microsoft License fraudster imprisoned A Florida woman was sentenced to 22 months in prison and fined $50,000 for running a years long scheme selling stolen Microsoft Certificate of authenticity labels and extracted product keys. Prosecutors say she bought tens of thousands of genuine Windows and Office COA labels at discounted prices, then had employees manually extract and sell the license code separately, wiring more than $5.1 million to a supplier between 2018 and 2023. Standalone sales of COA labels violates federal law because they have to be distributed with licensed software or hardware. MSG Data Breach Confirmed Madison Square Garden confirmed a data breach tied to the 2025 Oracle E business suite hacking campaign in which the clop gang exploited zero day flaws to steal data from more than 100 organizations. Hackers allegedly took over 210 GB of archive files from MSG's third party hosted EBS instance in August of 2025, then leaked the data after a ransom was not paid. The company is notifying affected individuals, saying that stolen information includes names and Social Security numbers, but the total number impacted is unclear. It is easy to focus on the latest advancements in security tooling, but security incidents often don't happen because you lacked the latest and greatest technology. They happen because your work culture is actively working against your security efforts. We'll try to focus on how to fix that in our latest episode of the CISO Series podcast. Look for the episode I Our security team's love language is buying new tools wherever you get your podcasts. And if you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we really want to hear from you. I am Sarah Lane reporting for the CISO series, and you have a great day, all of you. That's in order.
- [07:18]
A
Cybersecurity headlines are available every weekday. Head to CISO series.com for the full stories behind the headlines.
- [07:25]
B
It.