application-security

MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.

• ai-benefitsrisks
• aiml
• application-security

MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.

Nik Kale April 6, 2026

MCP’s real risk isn’t protocol flaws — it’s missing identity, leaving AI actions untraceable.

Read More Read more about MCP isn’t a protocol problem. It’s an identity crisis nobody is treating.

SparkCat malware returns on app stores, targeting cryptocurrency users

• application-security
• malware
• threat-intelligence

SparkCat malware returns on app stores, targeting cryptocurrency users

SC Staff April 6, 2026

The malware, identified by cybersecurity firm Kaspersky, has appeared in apps on both iOS and Android platforms,...

Read More Read more about SparkCat malware returns on app stores, targeting cryptocurrency users

NoVoice Android malware steals WhatsApp data via Google Play apps

• application-security
• data-security
• malware

NoVoice Android malware steals WhatsApp data via Google Play apps

SC Staff April 2, 2026

The NoVoice operation, identified by McAfee, concealed malicious components within the com.facebook.utils package, blending them with legitimate...

Read More Read more about NoVoice Android malware steals WhatsApp data via Google Play apps

WhatsApp warns of spyware in fake iPhone app

• application-security
• Privacy
• security-operations

WhatsApp warns of spyware in fake iPhone app

SC Staff April 2, 2026

WhatsApp accused Italian spyware firm SIO of creating the fake app.

Read More Read more about WhatsApp warns of spyware in fake iPhone app

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

• application-security
• devsecops
• malware
• ransomware

Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

Steve Zurier April 1, 2026

Attackers continue to evade defenders by using legitimate platforms like AWS and Microsoft utilities.

Read More Read more about Campaign combines WhatsApp with legit cloud platforms to deliver malicious VBS files

FBI warns Americans about data risks in foreign-developed mobile apps

• application-security
• data-security
• Privacy

FBI warns Americans about data risks in foreign-developed mobile apps

SC Staff April 1, 2026

The FBI's public service announcement details how certain mobile apps may continuously collect user data, even when...

Read More Read more about FBI warns Americans about data risks in foreign-developed mobile apps

Free Android VPNs expose users to tracking and risky servers, research finds

• application-security
• data-security
• Privacy

Free Android VPNs expose users to tracking and risky servers, research finds

SC Staff April 1, 2026

The analysis, using MobSF, focused on app permissions, third-party trackers, hardcoded network endpoints, and developer emails.

Read More Read more about Free Android VPNs expose users to tracking and risky servers, research finds

New critical Telegram zero-click issue threatens total device compromise

• application-security
• vulnerability-management

New critical Telegram zero-click issue threatens total device compromise

SC Staff March 31, 2026

Cybernews reports that Telegram for Android and Telegram Desktop for Linux have been affected by a critical...

Read More Read more about New critical Telegram zero-click issue threatens total device compromise

From cyber risk to business impact: A conversation with IBM and CyberSaint

• aiml
• application-security
• rsac
• security-operations
• soc

From cyber risk to business impact: A conversation with IBM and CyberSaint

SC Staff March 31, 2026

IBM's Mark Hughes and Fabio Campos discuss how organizations are rethinking cyber risk through automation, real-time data,...

Read More Read more about From cyber risk to business impact: A conversation with IBM and CyberSaint

Axios npm supply chain attack: Malicious updates add remote access trojan

• application-security
• devsecops
• identity
• malware
• supply-chain
• threat-intelligence

Axios npm supply chain attack: Malicious updates add remote access trojan

Laura French March 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

Read More Read more about Axios npm supply chain attack: Malicious updates add remote access trojan