ARTICLES 2026 MARCH January(387) February(431) March(447) April(451) May(23) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 31.3.26 | Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts | Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to | AI | The Hacker News |
| 31.3.26 | Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains | Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a | Virus | The Hacker News |
| 31.3.26 | Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account | The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious | Virus | The Hacker News |
| 31.3.26 | OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability | A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, | AI | The Hacker News |
| 31.3.26 | DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials | A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as | Virus | The Hacker News |
| 30.3.26 | Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels | Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are | APT | The Hacker News |
| 30.3.26 | Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign | Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a | APT | The Hacker News |
| 30.3.26 | Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack | Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation | APT | The Hacker News |
| 29.3.26 | Backdoored Telnyx PyPI package pushes malware hidden in WAV audio | TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. | Virus | |
| 29.3.26 | Fake VS Code alerts on GitHub spread malware to developers | A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. | Virus | |
| 29.3.26 | Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing. | Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. | Cyber | |
| 29.3.26 | European Commission investigating breach after Amazon cloud account hack | The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to the Commission's Amazon cloud environment. | BigBrothers | BleepingComputer |
| 29.3.26 | Anti-piracy coalition takes down AnimePlay app with 5 million users | The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. | Cyber | |
| 29.3.26 | Windows 11 KB5079391 update rolls out Smart App Control improvements | Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. | OS | |
| 29.3.26 | Dutch Police discloses security breach after phishing attack | The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data. | Phishing | BleepingComputer |
| 29.3.26 | Ajax football club hack exposed fan data, enabled ticket hijack | Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. | Incindent | |
| 29.3.26 | CISA: New Langflow flaw actively exploited to hijack AI workflows | The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. | Exploit | |
| 29.3.26 | UK sanctions Xinbi marketplace linked to Asian scam centers | The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. | Cryptocurrency | |
| 29.3.26 | TikTok for Business accounts targeted in new phishing campaign | Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. | Social | |
| 29.3.26 | Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers | Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. | CyberCrime | BleepingComputer |
| 29.3.26 | Coruna iOS exploit framework linked to Triangulation attacks | The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. | OS | |
| 29.3.26 | Russia arrests suspected owner of LeakBase cybercrime forum | Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. | CyberCrime | |
| 29.3.26 | Suspected RedLine infostealer malware admin extradited to US | An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years | Virus | |
| 29.3.26 | GitHub adds AI-powered bug detection to expand security coverage | GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks | AI | BleepingComputer |
| 29.3.26 | PolyShell attacks target 56% of all vulnerable Magento stores | Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. | CyberCrime | |
| 29.3.26 | Bubble AI app builder abused to steal Microsoft account credentials | Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. | AI | |
| 29.3.26 | New Torg Grabber infostealer malware targets 728 crypto wallets | A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. | Virus | |
| 29.3.26 | Citrix urges admins to patch NetScaler flaws as soon as possible | Citrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. | Vulnerebility | BleepingComputer |
| 29.3.26 | Paid AI Accounts Are Now a Hot Underground Commodity | AI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and resell premium AI access at scale. | AI | |
| 28.3.26 | Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug | A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to | Vulnerebility | The Hacker News |
| 28.3.26 | CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager | Vulnerebility | The Hacker News |
| 28.3.26 | TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign | Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword | APT | The Hacker News |
| 28.3.26 | Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits | Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge | OS | The Hacker News |
| 28.3.26 | TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files | TeamPCP, the threat actor behind the supply chain attack targeting Trivy , KICS , and litellm , has now compromised the telnyx Python package by pushing two | Hack | The Hacker News |
| 28.3.26 | Kali Linux 2026.1 released with 8 new tools, new BackTrack mode | Kali Linux 2026.1, the first release of the year, is now available for download, featuring 8 new tools, a theme refresh, and a new BackTrack mode for Kali-Undercover. | OS | |
| 28.3.26 | TP-Link warns users to patch critical router auth bypass flaw | TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. | Vulnerebility | |
| 28.3.26 | Manager of botnet used in ransomware attacks gets 2 years in prison | A Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. | BotNet | BleepingComputer |
| 28.3.26 | PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug | PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. | ICS | |
| 28.3.26 | Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens | The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. | Incindent | |
| 28.3.26 | FCC bans new routers made outside the USA over security risks | The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. | BigBrothers | BleepingComputer |
| 28.3.26 | Firefox now has a free built-in VPN with 50GB monthly data limit | Mozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. | Security | |
| 28.3.26 | Microsoft fixes bug causing Classic Outlook sync issues with Gmail | Microsoft has fixed a known issue causing Gmail and Yahoo email synchronization and connection problems for classic Outlook users. | Security | |
| 28.3.26 | Zero Trust: Bridging the Gap Between Authentication and Trust | Passing MFA doesn't mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. | Security | |
| 28.3.26 | HackerOne discloses employee data breach after Navia hack | Bug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. | Incindent | |
| 28.3.26 | Infinite Campus warns of breach after ShinyHunters claims data theft | Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. | Incindent | BleepingComputer |
| 28.3.26 | Yanluowang ransomware access broker gets 81 months in prison | A Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks. | Ransom | |
| 28.3.26 | Dutch Ministry of Finance discloses breach affecting employees | The Dutch Ministry of Finance confirmed on Monday that some of its systems were breached in a cyberattack detected last week. | Incindent | |
| 28.3.26 | Mazda discloses security breach exposing employee and partner data | Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. | Incindent | BleepingComputer |
| 28.3.26 | Tycoon2FA phishing platform returns after recent police disruption | The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. | Phishing | |
| 28.3.26 | NICKEL ALLEY strategy: Fake it ‘til you make it | Counter Threat Unit™ (CTU) researchers continue to investigate trends in Contagious Interview campaign activity conducted by NICKEL ALLEY, a threat group operating on behalf of the North Korean government. | Cyber blog | SOPHOS |
| 28.3.26 | The global CISO landscape: A leadership gap too large to ignore | The 2026 CISO Report, published by Cybersecurity Ventures in partnership with Sophos, highlights a critical imbalance in global cybersecurity leadership. | Cyber blog | SOPHOS |
| 28.3.26 | Every year, the cyber threat landscape forces defenders to adapt to evolving adversary tactics, techniques, and procedures (TTPs). In 2025, Mandiant observed a clear divergence in adversary pacing that closely aligns with the trends we have been documenting for defenders over the past year. | Cyber blog | GTI | |
| 28.3.26 | China’s APT41 and the Expanding Enterprise Attack Surface: What Security Teams Must Prepare For | APT41’s hybrid model exposes gaps in enterprise security, targeting cloud, supply chains, and OT with advanced tactics and persistent access. | APT blog | Cyble |
| 28.3.26 | The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break | Energy sector ransomware nightmare continued in 2025 but here’s lessons to learn for critical infrastructure protection in 2026. | Ransom blog | Cyble |
| 28.3.26 | The Agentic AI Attack Surface: Prompt Injection, Memory Poisoning, and How to Defend Against Them | Prompt injection attacks are reshaping agentic AI risk. Discover how they exploit reasoning layers and how to defend against evolving AI threats. | AI blog | Cyble |
| 28.3.26 | India’s Evolving Cyber Threat Landscape: State-Sponsored Attacks, Hacktivism, and What’s Next in 2026 | India cyber threat landscape 2026 highlights state sponsored cyber attacks India, growing hacktivism, and shifting cyber risks. | BigBrother blog | Cyble |
| 28.3.26 | When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures | During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll forms, filing reminders, and requests from tax professionals, to push malicious attachments, links, or QR codes. | Phishing blog | Microsoft blog |
| 28.3.26 | Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities | This blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed. | Malware blog | Trend Micro |
| 28.3.26 | Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach | Litellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps. | AI blog | Trend Micro |
| 28.3.26 | Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries | We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. | Hacking blog | Trend Micro |
| 28.3.26 | Juniper JunOS Evolved Pre-authenticated Remote Code Execution (CVE-2026-21902) | The SonicWall Capture Labs threat research team became aware of a severe unauthenticated Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved (PTX Series), assessed their impact, and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 28.3.26 | Three Decades for a 3-Line Fix: The Critical telnetd Bug Hiding in Plain Sight (CVE-2026-32746) | The SonicWall Capture Labs threat research team became aware of an out-of-bounds write vulnerability in the Telnet server shipped with GNU Inetutils, assessed its impact and developed mitigation measures. Telnetd hardly needs an introduction. It is one of the oldest and most widely distributed network utilities on Linux systems. | Vulnerebility blog | SonicWall |
| 28.3.26 | Google Authenticator: The Hidden Mechanisms of Passwordless Authentication | Passwordless authentication is often presented as the end of account takeover. But to understand the real threat landscape, we need to examine how passwordless is actually deployed in the real world. Attackers do not break protocols in theory. | Vulnerebility blog | Palo Alto |
| 28.3.26 | TP-Link, Canva, HikVision vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-p | Vulnerebility blog | CISCO TALOS |
| 28.3.26 | Talos Takes: 2025 insights from Talos and Splunk | This episode of Talos Takes breaks down the 2025 Year in Review as well as Splunk's Top 50 Cybersecurity Threats report. | Cyber blog | CISCO TALOS |
| 28.3.26 | Beers with Talos breaks down the 2025 Talos Year in Review | The Beers with Talos team unpack the biggest cybersecurity threats of 2025, from React2Shell to ransomware and identity abuse, and what it all means for defenders going forward. | Cyber blog | CISCO TALOS |
| 28.3.26 | RSAC 2026 wrap-up – Week in security with Tony Anscombe | This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with | AI blog | Eset |
| 28.3.26 | A cunning predator: How Silver Fox preys on Japanese firms this tax season | Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them | Spam blog | Eset |
| 28.3.26 | Virtual machines, virtually everywhere – and with real security gaps | Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves | Security blog | Eset |
| 28.3.26 | Cloud workload security: Mind the gaps | As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning | Cyber blog | Eset |
| 28.3.26 | The Ghost SPN Attack: Catching Stealthy Kerberoasting Before It's Too Late Using Trellix NDR | This study breaks down the 'Ghost SPN' vector, which uses delegated administrative permissions to create temporary exposure windows. | Attack blog | Trelix |
| 27.3.26 | Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks | Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow | Vulnerebility | The Hacker News |
| 27.3.26 | AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion | Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a | Phishing | The Hacker News |
| 27.3.26 | We Are At War | Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we | Cyber | The Hacker News |
| 27.3.26 | Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware | A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat | Ransom | The Hacker News |
| 27.3.26 | LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks | Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could | AI | The Hacker News |
| 27.3.26 | China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks | A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against | APT | The Hacker News |
| 26.3.26 | TeamPCP deploys Iran-targeted wiper in Kubernetes attacks | The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. | Hack | |
| 26.3.26 | Crunchyroll probes breach after hacker claims to steal 6.8M users' data | Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. | Incindent | |
| 26.3.26 | Trivy supply-chain attack spreads to Docker, GitHub repos | The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company's GitHub organization to tamper with dozens of repositories. | Hack | |
| 26.3.26 | Varonis Atlas: Securing AI and the Data That Powers It | AI agents can access data directly, making data security the foundation of AI security. Learn more about how Varonis Atlas helps orgs see, secure, and control AI systems and the data they can reach. | AI | |
| 26.3.26 | Microsoft Exchange Online service change causes email access issues | Microsoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their cloud-based Exchange Online mailboxes via Outlook mobile and Mac desktop clients since Thursday. | OS | BleepingComputer |
| 26.3.26 | FBI warns of Handala hackers using Telegram in malware attacks | The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks. | BigBrothers | |
| 26.3.26 | CISA orders feds to patch DarkSword iOS flaws exploited attacks | CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit | Exploit | |
| 26.3.26 | New KB5085516 emergency update fixes Microsoft account sign-in | Microsoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. | OS | BleepingComputer |
| 26.3.26 | VoidStealer malware steals Chrome master key via debugger trick | An information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. | Virus | |
| 26.3.26 | Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website | Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious | AI | The Hacker News |
| 26.3.26 | Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks | The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the | OS | The Hacker News |
| 26.3.26 | WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites | Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, | CyberCrime | The Hacker News |
| 26.3.26 | LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace | The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported | CyberCrime | The Hacker News |
| 25.3.26 | GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data | Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an | Virus | The Hacker News |
| 25.3.26 | Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks | The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to | APT | The Hacker News |
| 25.3.26 | Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse | Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than | Phishing | The Hacker News |
| 25.3.26 | FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns | The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing | BigBrothers | The Hacker News |
| 25.3.26 | TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise | TeamPCP , the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm , pushing two | Virus | The Hacker News |
| 25.3.26 | Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR | A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents | Spam | The Hacker News |
| 25.3.26 | Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner | An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency | Cryptocurrency | The Hacker News |
| 24.3.26 | The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills | Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in | Cyber | The Hacker News |
| 24.3.26 | TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials | Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as | Virus | The Hacker News |
| 24.3.26 | U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage | A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against | Ransom | The Hacker News |
| 24.3.26 | Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks | Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to | Vulnerebility | The Hacker News |
| 24.3.26 | North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware | The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked | Virus | The Hacker News |
| 24.3.26 | Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware | Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. | Phishing | The Hacker News |
| 24.3.26 | Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper | Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack , highlighting the widening | Virus | The Hacker News |
| 24.3.26 | Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems | Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to | Exploit | The Hacker News |
| 22.3.26 | FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks | Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications | Social | The Hacker News |
| 22.3.26 | Trivy vulnerability scanner breach pushed infostealer via GitHub Actions | The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. | Vulnerebility | |
| 22.3.26 | Google adds ‘Advanced Flow’ for safe APK sideloading on Android | Google has announced a new mechanism in Android called Advanced Flow that will allow sideloading APKs from unverified developers for power users in a more secure way. | Security | |
| 22.3.26 | Microsoft Azure Monitor alerts abused for callback phishing attacks | Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. | Phishing | |
| 22.3.26 | FBI links Signal phishing attacks to Russian intelligence services | The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. | Phishing | |
| 22.3.26 | Oracle pushes emergency fix for critical Identity Manager RCE flaw | Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. | Vulnerebility | BleepingComputer |
| 22.3.26 | Police take down 373,000 fake CSAM sites in Operation Alice | An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. | CyberCrime | |
| 22.3.26 | CISA orders feds to patch max-severity Cisco flaw by Sunday | The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. | Vulnerebility | BleepingComputer |
| 22.3.26 | How CISOs Can Survive the Era of Geopolitical Cyberattacks | Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. | Cyber | |
| 22.3.26 | International joint action disrupts world’s largest DDoS botnets | Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. | BotNet | BleepingComputer |
| 22.3.26 | Microsoft: March Windows updates break Teams, OneDrive sign-ins | Microsoft says the March Windows 11 update breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. | OS | |
| 22.3.26 | Ex-data analyst stole company data in $2.5M extortion scheme | A North Carolina man was found guilty of extorting a D.C.-based technology company while still being employed as a data analyst contractor. | Incindent | |
| 22.3.26 | Navia discloses data breach impacting 2.7 million people | Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. | Incindent | |
| 22.3.26 | New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores | A newly disclosed vulnerability dubbed 'PolyShell' affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover. | Vulnerebility | |
| 22.3.26 | Bitrefill blames North Korean Lazarus group for cyberattack | Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. | APT | BleepingComputer |
| 22.3.26 | FBI seizes Handala data leak site after Stryker cyberattack | The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. | BigBrothers | |
| 22.3.26 | Russian hackers exploit Zimbra flaw in Ukrainian govt attacks | Hackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. | APT | BleepingComputer |
| 22.3.26 | 7 Ways to Prevent Privilege Escalation via Password Resets | Password resets are often weaker than login security, making them a prime target for privilege escalation. Specops Software explains how attackers abuse reset workflows and how to secure them. | Security | |
| 21.3.26 | Max severity Ubiquiti UniFi flaw may allow account takeover | Ubiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts. | Vulnerebility | BleepingComputer |
| 21.3.26 | CISA urges US orgs to secure Microsoft Intune systems after Stryker breach | CISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker's systems. | Exploit | |
| 21.3.26 | New ‘Perseus’ Android malware checks user notes for secrets | A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. | Virus | |
| 21.3.26 | Critical Microsoft SharePoint flaw now exploited in attacks | A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. | Exploit | |
| 21.3.26 | Aura confirms data breach exposing 900,000 marketing contacts | Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 customer records containing names and email addresses. | Incindent | |
| 21.3.26 | CISA orders feds to patch Zimbra XSS flaw exploited in attacks | CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). | Exploit | BleepingComputer |
| 21.3.26 | ConnectWise patches new flaw allowing ScreenConnect hijacking | ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. | Vulnerebility | |
| 21.3.26 | Ransomware gang exploits Cisco flaw in zero-day attacks since January | The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January. | Ransom | BleepingComputer |
| 21.3.26 | Marquis: Ransomware gang stole data of 672K people in cyberattack | Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. | Ransom | |
| 21.3.26 | The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms | Refund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. | Exploit | BleepingComputer |
| 21.3.26 | New DarkSword iOS exploit used in infostealer attack on iPhones | A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. | Exploit | |
| 21.3.26 | Nordstrom's email system abused to send crypto scams to customers | Customers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick's Day promotion. | Spam | |
| 21.3.26 | Apple pushes first Background Security Improvements update to fix WebKit flaw | Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. | OS | |
| 21.3.26 | GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX | The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. | Virus | |
| 21.3.26 | Europe sanctions Chinese and Iranian firms for cyberattacks | The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. | APT | BleepingComputer |
| 21.3.26 | Top 5 Things CISOs Need to Do Today to Secure AI Agents | AI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. | AI | |
| 21.3.26 | New font-rendering trick hides malicious commands from AI tools | A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. | AI | BleepingComputer |
| 21.3.26 | Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager | Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited | Vulnerebility | The Hacker News |
| 21.3.26 | Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages | The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the | Hack | The Hacker News |
| 21.3.26 | CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities ( KEV ) catalog, urging federal agencies to patch them by April 3, 2026. | Exploit | The Hacker News |
| 21.3.26 | Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets | Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver | Hack | The Hacker News |
| 21.3.26 | Android devices ship with firmware-level malware | Keenadu malware gives an attacker control over a device but appears to be used primarily to facilitate ad fraud | Malware blog | SOPHOS |
| 21.3.26 | Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. | OS Blog | GTI | |
| 21.3.26 | Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ransomware has become one of the most pervasive threats to organizations across almost every industry vertical and region. | Ransom blog | GTI | |
| 21.3.26 | Your KVM is the Weak Link: How $30 Devices Can Own Your Entire Network | 9 vulnerabilities across 4 vendors turn low-cost IP-KVMs into attack platforms | Vulnerebility blog | Eclypsium |
| 21.3.26 | New Malware Highlights Increased Systematic Targeting of Network Infrastructure | New Malware Highlights Increased Systematic Targeting of Network Infrastructure | Malware blog | Eclypsium |
| 21.3.26 | Operation GhostMail: Russian APT exploits Zimbra Webmail to Target Ukraine State Agency | Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Malicious Archive Delivery Stage 2 – Malicious Shortcut Execution Stage 3 | Cyber blog | Seqrite |
| 21.3.26 | North Korea’s Crypto Theft Operations: The Role of Lazarus Group in State-Sponsored Financial Warfare | Lazarus Group cyberattack on Bitrefill highlights how North Korean hackers exploit crypto platforms via credentials and human error for theft. | Cryptocurrency blog | Cyble |
| 21.3.26 | The Week in Vulnerabilities: Juniper, Cisco SD-WAN, and Critical ICS Exposure | Critical Juniper, Cisco SD-WAN, and EV charging infrastructure vulnerabilities surfaced on underground forums, while ICS flaws impacted Energy and Transportation sectors. | Vulnerebility blog | Cyble |
| 21.3.26 | Inside Russia’s Shift to Credential-Based Intrusions: What CISOs Need to Know in 2026 | Russia’s credential-based intrusions are rising, leading to more account takeover attacks and new risks for critical infrastructure in 2026. | APT blog | Cyble |
| 21.3.26 | Cyble and Optiv Partner to Bring Digital Risk Protection to Managed Security Operations | Cyble Optiv partnership brings digital risk protection into MSSP operations, enabling visibility into external threats across the open, deep, and dark web. | Cyber blog | Cyble |
| 21.3.26 | AI-Powered Cyber Warfare: How Autonomous Attack Agents Are Changing the Threat Landscape | Autonomous attack agents and AI-driven malware are reshaping cyber warfare—making attacks faster, smarter, and harder to stop than ever before. | AI blog | Cyble |
| 21.3.26 | Middle East Cyber Warfare Intensifies: Rising Attacks, Hacktivist Surge, and Global Risk Exposure | Middle East cyber warfare escalates in 2026 as hybrid attacks disrupt infrastructure, supply chains, and global security. | Cyber blog | Cyble |
| 21.3.26 | AI-Assisted Phishing Campaign Exploits Browser Permissions to Capture Victim Data | Cyble analyzes an AI-driven phishing campaign that abuses browser permissions to capture victims images and exfiltrate the data to attacker-controlled Telegram bots. | AI blog | Cyble |
| 21.3.26 | Libyan Oil Refinery Among Targets in Long-running Likely Espionage Campaign | The modular backdoor AsyncRAT was deployed on targeted networks. | Malware blog | SECURITY.COM |
| 21.3.26 | New Malware Targets Users of Cobra DocGuard Software | Novel, parasitic threat cleverly uses Cobra DocGuard’s functionality and hunts for documents related to ballistic missiles. | Malware blog | SECURITY.COM |
| 21.3.26 | When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures | During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including refund notices, payroll forms, filing reminders, and requests from tax professionals, to push malicious attachments, links, or QR codes. | Cyber blog | Microsoft blog |
| 21.3.26 | From Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFA | Not every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate without MFA. | Hacking blog | Trend Micro |
| 21.3.26 | Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries | We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques. | Malware blog | Trend Micro |
| 21.3.26 | An In-Depth Look at Scarface Stealer | This week, the SonicWall Capture Labs Threat Research team analyzed a sample of ScarfaceStealer, a Go-compiled information stealer that utilizes sophisticated anti-analysis techniques including | Malware blog | SonicWall |
| 21.3.26 | Juniper JunOS Evolved Pre-authenticated Remote Code Execution (CVE-2026-21902) | The SonicWall Capture Labs threat research team became aware of a severe unauthenticated Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved (PTX Series), assessed their impact, and developed mitigation measures. Juniper PTX Series routers are high-performance core and peering routers built for high throughput, low latency, and scale. They are commonly used by internet service providers, telecommunication services, and cloud network applications. | Vulnerebility blog | SonicWall |
| 21.3.26 | Analyzing the Current State of AI Use in Malware | Unit 42 researchers searched through open-source intelligence (OSINT) and our internal telemetry for potential signs of malware made to any degree with large language models (LLMs). This includes either using LLMs to create the malware entirely or to assist with their functionality. This article examines two samples, both of which originated from our OSINT hunts. | AI blog | Palo Alto |
| 21.3.26 | Open, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models | Unit 42 researchers have developed a genetic algorithm-inspired prompt fuzzing method to automatically generate variants of disallowed requests that preserved their original meaning. This method also measures guardrail fragility under systematic rephrasing. | AI blog | Palo Alto |
| 21.3.26 | You have to invite them in | While a garlic and wooden stakes keep the vampires at bay in movies, they won’t save your network once an attacker has been "invited in." Discover why identity is the new frontier of cyber horror in this week’s edition. | Cyber blog | CISCO TALOS |
| 21.3.26 | Everyday tools, extraordinary crimes: the ransomware exfiltration playbook | Attackers use trusted tools for data theft, making traditional detection unreliable. The Exfiltration Framework enables defenders to spot exfiltration by focusing on behavioral signals across endpoints, networks, and cloud environments rather than static tool indicators. | Ransom blog | CISCO TALOS |
| 21.3.26 | Transparent COM instrumentation for malware analysis | In this article, Cisco Talos presents DispatchLogger, a new open-source tool that delivers high visibility into late-bound IDispatch COM object interactions via transparent proxy interception. | Malware blog | CISCO TALOS |
| 21.3.26 | Move fast and save things: A quick guide to recovering a hacked account | What you do – and how fast – after an account is compromised often matters more than it may seem | Hacking blog | Eset |
| 21.3.26 | EDR killers explained: Beyond the drivers | ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers | Hacking blog | Eset |
| 21.3.26 | A Deep Dive into the GetProcessHandleFromHwnd API | In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. | Vulnerebility blog | PROJECT ZERO |
| 21.3.26 | Dark Web Roast February 2026 Edition | Grab your mug and settle in: February’s roast is served hot, fresh, and with zero detections. | Cyber blog | Trelix |
| 21.3.26 | Getting Roasted? Trellix Helix sees through AS-REP Attack | This blog demonstrates how Trellix Helix's Advanced Correlation Engine (ACE) identifies AS-REP Roasting attacks based on behavioral patterns and technique fingerprints rather than tool-specific indicators. | Attack blog | Trelix |
| 20.3.26 | Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure | A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat | Vulnerebility | The Hacker News |
| 20.3.26 | Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams | Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified | OS | The Hacker News |
| 20.3.26 | LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks | The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. | Ransom | BleepingComputer |
| 20.3.26 | Microsoft shares fix for Windows C: drive access issues on Samsung PCs | Microsoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. | OS | |
| 20.3.26 | New Windows 11 hotpatch fixes Bluetooth device visibility issue | Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. | OS | |
| 20.3.26 | Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic | Microsoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in. | OS | |
| 20.3.26 | Stryker attack wiped tens of thousands of devices, no malware needed | Last week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. | Virus | BleepingComputer |
| 20.3.26 | DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks | The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things | BotNet | The Hacker News |
| 20.3.26 | Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks | Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via | OS | The Hacker News |
| 20.3.26 | Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers | Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called | Virus | The Hacker News |
| 20.3.26 | 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security | A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable | Exploit | The Hacker News |
| 20.3.26 | New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data | Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to | Virus | The Hacker News |
| 19.3.26 | CISA flags Wing FTP Server flaw as actively exploited in attacks | CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. | Exploit | BleepingComputer |
| 19.3.26 | UK’s Companies House confirms security flaw exposed business data | Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025. | Incindent | |
| 19.3.26 | Microsoft Exchange Online outage blocks access to mailboxes | Microsoft is working to address an ongoing Exchange Online outage that is preventing customers from accessing their mailboxes and calendars. | OS | |
| 19.3.26 | Shadow AI is everywhere. Here’s how to find and secure it. | Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern risky AI activity. | AI | |
| 19.3.26 | Microsoft pulls Samsung app blocking Windows C: drive from Store | Microsoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and desktop models running Windows 11 | OS | |
| 19.3.26 | OpenAI says ChatGPT ads are not rolling out globally for now | OpenAI told BleepingComputer that ChatGPT ads on Free and Go plans are not yet rolling out outside the United States, even though some users noticed references to ads in the updated privacy policy. | AI | BleepingComputer |
| 19.3.26 | Betterleaks, a new open-source secrets scanner to replace Gitleaks | A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. | Security | |
| 19.3.26 | Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw | Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. | OS | BleepingComputer |
| 19.3.26 | AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code | The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. | Cryptocurrency | |
| 19.3.26 | DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover | A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, | Exploit | The Hacker News |
| 19.3.26 | CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting | Exploit | The Hacker News |
| 18.3.26 | OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs | The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the | APT | The Hacker News |
| 18.3.26 | Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access | Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco | Ransom | The Hacker News |
| 18.3.26 | Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE | Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an | Vulnerebility | The Hacker News |
| 18.3.26 | 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors | Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant | Vulnerebility | The Hacker News |
| 18.3.26 | Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit | A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root | Vulnerebility | The Hacker News |
| 18.3.26 | Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS | Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, | OS | The Hacker News |
| 18.3.26 | AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE | Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution | AI | The Hacker News |
| 18.3.26 | LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader | The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial | Ransom | The Hacker News |
| 17.3.26 | Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware | North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop | Virus | The Hacker News |
| 17.3.26 | CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known | Exploit | The Hacker News |
| 17.3.26 | GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos | The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of | Virus | The Hacker News |
| 16.3.26 | ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers | Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync . "Unlike | Hack | The Hacker News |
| 16.3.26 | DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage | Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 | Virus | The Hacker News |
| 16.3.26 | Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse | Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the | OS | The Hacker News |
| 15.3.26 | OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration | China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of | AI | The Hacker News |
| 15.3.26 | GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers | Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it | Virus | The Hacker News |
| 15.3.26 | Microsoft: Windows 11 users can't access C: drive on some Samsung PCs | Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. | OS | |
| 15.3.26 | FBI seeks victims of Steam games used to spread malware | The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. | Virus | |
| 15.3.26 | Poland's nuclear research centre targeted by cyberattack | Poland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. | Incindent | |
| 15.3.26 | Microsoft investigates classic Outlook sync and connection issues | Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. | OS | BleepingComputer |
| 15.3.26 | From VMware to what’s next: Protecting data during hypervisor migration | Hypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions. | Security | |
| 15.3.26 | Police sinkholes 45,000 IP addresses in cybercrime crackdown | An international law enforcement action codenamed "Operation Synergia III" has sinkholed tens of thousands of IP addresses and seized servers linked to cybercrime operations worldwide. | CyberCrime | |
| 15.3.26 | Fake enterprise VPN sites used to steal company credentials | A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. | CyberCrime | |
| 15.3.26 | Starbucks discloses data breach affecting hundreds of employees | Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. | Incindent | |
| 15.3.26 | Google fixes two new Chrome zero-days exploited in attacks | Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. | Exploit | BleepingComputer |
| 15.3.26 | Canadian retail giant Loblaw notifies customers of data breach | Still, out of an abundance of caution, Loblaw says it has automatically logged out all customers from their accounts. Account holders who need to access the company's digital services will have to log in again. | Incindent | |
| 15.3.26 | England Hockey investigating ransomware data breach | England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site. | Incindent | |
| 15.3.26 | AI-generated Slopoly malware used in Interlock ransomware attack | A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. | AI | |
| 15.3.26 | Veeam warns of critical flaws exposing backup servers to RCE attacks | Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. | Vulnerebility | BleepingComputer |
| 15.3.26 | US disrupts SocksEscort proxy network powered by Linux malware | Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. | BigBrothers | BleepingComputer |
| 15.3.26 | Google paid $17.1 million for vulnerability reports in 2025 | Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025. | Vulnerebility | |
| 15.3.26 | Telus Digital confirms breach after hacker claims 1 petabyte data theft | Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. | Incindent | |
| 15.3.26 | Going the Extra Mile: Travel Rewards Turn into Underground Currency. | Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency. | CyberCrime | |
| 15.3.26 | Apple patches older iPhones and iPads against Coruna exploits | Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. | OS | BleepingComputer |
| 15.3.26 | US charges another ransomware negotiator linked to BlackCat attacks | The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation. | Ransom | BleepingComputer |
| 15.3.26 | WhatsApp introduces parent-managed accounts for pre-teens | WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join. | Social | BleepingComputer |
| 15.3.26 | SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites | An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication. | Vulnerebility | BleepingComputer |
| 15.3.26 | CISA orders feds to patch n8n RCE flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. | Exploit | |
| 15.3.26 | Medtech giant Stryker offline after Iran-linked wiper malware attack | Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. | Virus | BleepingComputer |
| 15.3.26 | New PhantomRaven NPM attack wave steals dev data via 88 packages | New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. | Hack | BleepingComputer |
| 15.3.26 | Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools | Meta is introducing new anti-scam protections across its platforms, deploying systems and user-facing warnings to protect users against scammers. | Social | BleepingComputer |
| 14.3.26 | New ‘BlackSanta’ EDR killer spotted targeting HR departments | For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. | APT | BleepingComputer |
| 14.3.26 | New BeatBanker Android malware poses as Starlink app to hijack devices | A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. | Virus | |
| 14.3.26 | New 'Zombie ZIP' technique lets malware slip past security tools | A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. | Virus | |
| 14.3.26 | Microsoft releases Windows 10 KB5078885 extended security update | Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting down. | Vulnerebility | BleepingComputer |
| 14.3.26 | Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws | Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities. | Vulnerebility | |
| 14.3.26 | Windows 11 KB5079473 & KB5078883 cumulative updates released | Microsoft has released Windows 11 KB5079473 and KB5078883 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. | Vulnerebility | |
| 14.3.26 | HPE warns of critical AOS-CX flaw allowing admin password resets | Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues. | Vulnerebility | |
| 14.3.26 | Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys | Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. | Phishing | BleepingComputer |
| 14.3.26 | New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network | A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. | BotNet | BleepingComputer |
| 14.3.26 | The New Turing Test: How Threats Use Geometry to Prove 'Humanness' | Malware is evolving to evade sandboxes by pretending to be a real human behind the keyboard. The Picus Red Report 2026 shows 80% of top attacker techniques now focus on evasion and persistence, including geometry-based cursor tests and CPU timing checks. | Virus | |
| 14.3.26 | CISA: Recently patched Ivanti EPM flaw now actively exploited | CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks. | Vulnerebility | |
| 14.3.26 | Microsoft to enable Windows hotpatch security updates by default | Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update. | OS | |
| 14.3.26 | APT28 hackers deploy customized variant of Covenant open-source tool | The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations. | APT | BleepingComputer |
| 14.3.26 | Microsoft Teams phishing targets employees with A0Backdoor malware | Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. | Phishing | BleepingComputer |
| 14.3.26 | Google: Cloud attacks exploit flaws more than weak credentials | Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. | Vulnerebility | BleepingComputer |
| 14.3.26 | Dutch govt warns of Signal, WhatsApp account hijacking attacks | Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. | Virus | BleepingComputer |
| 14.3.26 | Initial access techniques used by Iran-based threat actors | Analysis of attacks originating from Iran-linked threat groups reveals a preference for certain techniques | APT blog | SOPHOS |
| 14.3.26 | Evil evolution: ClickFix and macOS infostealers | Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers | Malware blog | SOPHOS |
| 14.3.26 | Threat actors leverage destructive malware to destroy data, eliminate evidence of malicious activity, or manipulate systems in a way that renders them inoperable | Hacking blog | GTI | |
| 14.3.26 | The Future of Supply Chain Backdoor Detections | The XZ Utils backdoor (CVE-2024-3094) was discovered in March 2024 and is an example of a software supply chain attack that would have allowed hackers in possession of a specific private key to connect to the backdoored system and run their own commands as an administrator. | Malware blog | Eclypsium |
| 14.3.26 | Operation CamelClone: Multi-Region Espionage Campaign Targets Government and Defense Entities Amidst Regional Tensions | Contents Introduction Key Targets Industries Affected Geographical focus Geopolitical Context Infection Chain Timeline of Activity Initial Findings Looking into the Decoy Documents Technical Analysis Stage 1 – Malicious Archive Delivery Stage 2 – Malicious Shortcut Execution Stage 3 | Cyber blog | Seqrite |
| 14.3.26 | The Ultimate Guide to Dark Web Monitoring in 2026: Protect Your Data Before Attackers Strike | Dark web intelligence helps organizations detect stolen credentials, leaked data, and cyber threats early, enabling faster response and stronger security. | Cyber blog | Cyble |
| 14.3.26 | Australia, New Zealand, Tonga, Warn of Rising INC Ransom Attacks Targeting Pacific Networks | ACSC, NCSC, and CERT Tonga warn of growing INC Ransom activity targeting healthcare and organizations across Australia, New Zealand, and Pacific states. | BigBrother blog | Cyble |
| 14.3.26 | TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense | At [un]prompted 2026, TrendAI™ demonstrated how documents can be used to exploit AI-driven KYC pipelines and introduced FENRIR, an automated system for discovering AI vulnerabilities at scale. | AI blog | Trend Micro |
| 14.3.26 | CISOs in a Pinch: A Security Analysis of OpenClaw | Learn about OpenClaw (a sovereign agent) and how this can be viable for enterprises. | Security blog | Trend Micro |
| 14.3.26 | Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites | Our analysis of an active KongTuke campaign deploying modeloRAT — malware capable of reconnaissance, command execution, and persistent access — through compromised WordPress sites and fake CAPTCHA lures shows that the group still operates this delivery chain in parallel with the newer CrashFix technique. | Malware blog | Trend Micro |
| 14.3.26 | Deno Runtime Exploited: The Emerging Threat You Can’t Ignore | Recently, the SonicWall Capture Labs threat research team observed threat actors have started abusing Deno, a modern JavaScript runtime, to run malicious JavaScript outside the browser, bypassing the need for Node.js. | APT blog | SonicWall |
| 14.3.26 | Insights: Increased Risk of Wiper Attacks | Unit 42 is tracking an increased risk of wiper attacks related to the conflict with Iran, including multiple related incidents impacting organizations in Israel and the US. For the latest intelligence on cyberattacks associated with this conflict, review our Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran. | Hacking blog | Palo Alto |
| 14.3.26 | Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia | We identified a cluster of malicious activity targeting Southeast Asian military organizations, suspected with moderate confidence to be operating out of China. We designate this cluster as CL-STA-1087, with STA representing our assessment that the activity is conducted by state-sponsored actors. We traced this activity back to at least 2020. | APT blog | Palo Alto |
| 14.3.26 | Auditing the Gatekeepers: Fuzzing "AI Judges" to Bypass Security Controls | As organizations scale AI operations, they increasingly deploy AI judges — large language models (LLMs) acting as automated security gatekeepers to enforce safety policies and evaluate output quality. Our research investigates a critical security issue in these systems: They can be manipulated into authorizing policy violations through stealthy input sequences, a type of prompt injection. | AI blog | Palo Alto |
| 14.3.26 | Iranian MOIS Actors & the Cyber Crime Connection | Iran-linked actors are increasingly engaging with the cyber crime ecosystem. Their activity suggests a growing reliance on criminal tools, services, and operational models in support of state objectives. | APT blog | CHECKPOINT |
| 14.3.26 | “Handala Hack” – Unveiling Group’s Modus Operandi | Handala Hack is an online persona operated by Void Manticore (aka Red Sandstorm, Banished Kitten), an actor affiliated with Iranian Ministry of Intelligence and Security (MOIS) | APT blog | CHECKPOINT |
| 14.3.26 | This one’s for you, Mom | This week, Joe talks about allyship and how being aware of an issue is the first step in helping to fix it. | Cyber blog | CISCO TALOS |
| 14.3.26 | Agentic AI security: Why you need to know about autonomous agents now | There are many benefits and security risks of deploying agentic AI within organizations. This blog emphasizes the importance of robust risk management and threat modeling to defend against both internal operational errors and potential malicious exploitation. | AI blog | CISCO TALOS |
| 14.3.26 | Spinning complex ideas into clear docs with Kri Dontje | The episode features Kri Dontje discussing her role in translating complex technical cybersecurity topics into clear, accessible documentation, emphasizing the importance of consistency, accuracy, and collaboration with subject matter experts. | Hacking blog | CISCO TALOS |
| 14.3.26 | DirectX, OpenFOAM, Libbiosig vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX. The vulnerabilities mentioned in this blog post have been patched | Vulnerebility blog | CISCO TALOS |
| 14.3.26 | Microsoft Patch Tuesday for March 2026 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for March 2026 which includes 79 vulnerabilities, including three that Microsoft marked as “critical.” | Vulnerebility blog | CISCO TALOS |
| 14.3.26 | Face value: What it takes to fool facial recognition | ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026 | Cyber blog | Eset |
| 14.3.26 | Cyber fallout from the Iran war: What to have on your radar | The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses. | Cyber blog | Eset |
| 14.3.26 | Sednit reloaded: Back in the trenches | The resurgence of one of Russia’s most notorious APT groups | APT blog | Eset |
| 14.3.26 | Malware-As-A-Service Redefined: Why XWorm is outpacing every other RAT in the underground malware market | XWorm has surged to the #3 global threat, using stealthy memory-only execution and the WinRAR CVE-2025-8088 exploit to bypass traditional security stacks. | Malware blog | Trelix |
| 14.3.26 | Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution | This blog examines a Remcos campaign demonstrating the transition from phishing-based initial access to fully fileless execution. | Malware blog | Trelix |
| 14.3.26 | Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware | A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates | APT | The Hacker News |
| 14.3.26 | Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 | Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are | Social | The Hacker News |
| 14.3.26 | INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime | INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and | CyberCrime | The Hacker News |
| 14.3.26 | Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials | Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine | APT | The Hacker News |
| 13.3.26 | Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 | Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the | Exploit | The Hacker News |
| 13.3.26 | Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation | Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by | Vulnerebility | The Hacker News |
| 13.3.26 | Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries | A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of | BotNet | The Hacker News |
| 13.3.26 | Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution | Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully | Vulnerebility | The Hacker News |
| 13.3.26 | Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays | Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure | Virus | The Hacker News |
| 13.3.26 | Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks | Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a | AI | The Hacker News |
| 12.3.26 | Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit | Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the | OS | The Hacker News |
| 12.3.26 | Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets | Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices | OS | The Hacker News |
| 12.3.26 | Dutch govt warns of Signal, WhatsApp account hijacking attacks | Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. | Social | |
| 12.3.26 | Ericsson US discloses data breach after service provider hack | Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to over 15,000 employees and customers after hacking one of its service providers. | Incindent | |
| 12.3.26 | Microsoft Teams will tag third-party bots trying to join meetings | Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings. | BotNet | |
| 12.3.26 | ShinyHunters claims ongoing Salesforce Aura data theft attacks | Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances. | APT | BleepingComputer |
| 12.3.26 | FBI warns of phishing attacks impersonating US city, county officials | The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. | Phishing | |
| 12.3.26 | Why Password Audits Miss the Accounts Attackers Actually Want | Password audits often focus on complexity rules but miss the accounts attackers actually target. Specops Software explains how breached passwords, orphaned users, and service accounts can leave organizations exposed. | Security | |
| 12.3.26 | Microsoft still working to fix Windows Explorer white flashes | Microsoft has confirmed that it's still working to fully address a known issue that causes bright white flashes when opening the File Explorer on some Windows 11 systems. | OS | |
| 12.3.26 | EU court adviser says banks must immediately refund phishing victims | Athanasios Rantos, the Advocate General of the Court of Justice of the EU (CJEU), has issued a formal opinion suggesting that banks must immediately refund account holders affected by unauthorized transactions, even when it's their fault. | BigBrothers | BleepingComputer |
| 12.3.26 | Hackers abuse .arpa DNS and ipv6 to evade phishing defenses | Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. | Phishing | BleepingComputer |
| 12.3.26 | CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited | Exploit | The Hacker News |
| 11.3.26 | Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes | Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user | AI | The Hacker News |
| 11.3.26 | Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials | Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that | Vulnerebility | The Hacker News |
| 11.3.26 | Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown | Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership | Social | The Hacker News |
| 11.3.26 | Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices | SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. | Vulnerebility | The Hacker News |
| 11.3.26 | Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days | Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have | OS | The Hacker News |
| 11.3.26 | UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours | A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a | APT | The Hacker News |
| 11.3.26 | Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets | Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat | AI | The Hacker News |
| 10.3.26 | FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials | Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) | Exploit | The Hacker News |
| 10.3.26 | KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet | Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying | Virus | The Hacker News |
| 10.3.26 | New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries | Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL | Vulnerebility | The Hacker News |
| 10.3.26 | APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military | The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to | APT | The Hacker News |
| 10.3.26 | Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool | Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by | Spam | The Hacker News |
| 10.3.26 | CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) | Exploit | The Hacker News |
| 10.3.26 | Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials | Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) | Virus | The Hacker News |
| 9.3.26 | UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device | The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency | Cryptocurrency | The Hacker News |
| 9.3.26 | Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft | Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer , offering attackers a way to push malware to | Hack | The Hacker News |
| 9.3.26 | Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure | High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The | Exploit | The Hacker News |
| 8.3.26 | Look What You Made Us Patch: 2025 Zero-Days in Review | Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of zero-days is lower than the record high observed in 2023 (100), it is higher than 2024’s count (78) and remained within the 60–100 range established over the previous four years, indicating a trend toward stabilization at these levels. | Exploit blog | GTI |
| 8.3.26 | Termite ransomware breaches linked to ClickFix CastleRAT attacks | Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. | Ransom | |
| 8.3.26 | Microsoft: Hackers abusing AI at every stage of cyberattacks | Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. | AI | |
| 8.3.26 | Cognizant TriZetto breach exposes health data of 3.4 million patients | TriZetto Provider Solutions, a healthcare IT company that develops software and services used by health insurers and healthcare providers, has suffered a data breach that exposed the sensitive information of over 3.4 million people. | Incindent | |
| 8.3.26 | CISA warns feds to patch iOS flaws exploited in crypto-theft attacks | CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. | OS | |
| 8.3.26 | EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security | EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite, with four new role-based AI certifications debuting alongside Certified CISO v4, an overhauled executive cyber leadership program. | AI | |
| 8.3.26 | Fake Claude Code install guides push infostealers in InstallFix attacks | Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. | Hack | |
| 8.3.26 | Microsoft 365 Backup to add file-level restore for faster recovery | Microsoft will soon begin rolling out a significant upgrade to Microsoft 365 Backup to speed up recovery by allowing administrators to restore individual files and folders. | Security | |
| 8.3.26 | Ghanain man pleads guilty to role in $100 million fraud ring | A Ghanaian national pleaded guilty to his role in a massive fraud ring that stole over $100 million from victims across the United States through business email compromise attacks and romance scams. | CyberCrime | BleepingComputer |
| 8.3.26 | FBI investigates breach of surveillance and wiretap systems | The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants. | Incindent | |
| 8.3.26 | Chinese state hackers target telcos with new malware toolkit | Chinese state hackers target telcos with new malware toolkit | Virus | |
| 8.3.26 | Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware | Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware. | AI | BleepingComputer |
| 8.3.26 | Wikipedia hit by self-propagating JavaScript worm that vandalized pages | The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. | Virus | |
| 8.3.26 | OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues | OpenAI on Friday began rolling out Codex Security , an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes | AI | The Hacker News |
| 8.3.26 | Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model | Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 | AI | The Hacker News |
| 7.3.26 | WordPress membership plugin bug exploited to create admin accounts | Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. | Exploit | |
| 7.3.26 | FBI arrests suspect linked to $46M crypto theft from US Marshals | A U.S. government contractor's son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin. | BigBrothers | |
| 7.3.26 | Google says 90 zero-days were exploited in attacks last year | Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. | Exploit | |
| 7.3.26 | Police dismantles online gambling ring exploiting Ukrainian women | Spanish and Ukrainian law enforcement authorities dismantled a criminal ring that exploited war-displaced Ukrainian women to run an online gambling scheme that laundered nearly €4.75 million in illicit proceeds. | BigBrothers | |
| 7.3.26 | Cisco flags more SD-WAN flaws as actively exploited in attacks | Cisco has flagged two Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices. | Exploit | |
| 7.3.26 | Phobos ransomware admin pleads guilty to wire fraud conspiracy | A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide. | Ransom | |
| 7.3.26 | Bitwarden adds support for passkey login on Windows 11 | Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication. | OS | |
| 7.3.26 | Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers | A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication. | Attack | BleepingComputer |
| 7.3.26 | Windows 10 KB5075039 update fixes broken Recovery Environment | Microsoft has released the KB5075039 Windows Recovery Environment update for Windows 10 to fix a long-standing issue that prevented some users from accessing the Recovery environment. | OS | |
| 7.3.26 | Fake LastPass support email threads try to steal vault passwords | Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts. | Security | |
| 7.3.26 | Cisco warns of max severity Secure FMC flaws giving root access | Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. | Vulnerebility | |
| 7.3.26 | Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks | A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks. | Virus | |
| 7.3.26 | Hacker mass-mails HungerRush extortion emails to restaurant patrons | Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond. | CyberCrime | |
| 7.3.26 | FBI seizes LeakBase cybercrime forum, data of 142,000 members | The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data. | BigBrothers | BleepingComputer |
| 7.3.26 | Europol-coordinated action disrupts Tycoon2FA phishing platform | An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month. | BigBrothers | |
| 7.3.26 | Mississippi medical center reopens clinics hit by ransomware attack | The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT systems. | Ransom | |
| 7.3.26 | How a Brute Force Attack Unmasked a Ransomware Infrastructure Network | A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ransomware-as-a-service ecosystem tied to initial access brokers. | Attack | BleepingComputer |
| 7.3.26 | CISA flags VMware Aria Operations RCE flaw as exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. | Exploit | |
| 7.3.26 | Paint maker giant AkzoNobel confirms cyberattack on U.S. site | The multinational Dutch paint company AkzoNobel has confirmed to BleepingComputer that hackers breached the network of one of its U.S. sites. | Cyber | |
| 7.3.26 | Firewall Vulnerability Exploitation: Why the Edge is Fraying | There is a reasonable assumption baked into most enterprise security strategies: the firewall is the defender. It sits at the edge, it inspects traffic, it keeps the bad stuff out. Organizations spend real money on these devices specifically because of that assumption. | Security blog | Eclypsium |
| 7.3.26 | ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader | Cyble has identified a new Linux threat named ClipXDaemon that targets cryptocurrency users by intercepting and manipulating copied wallet addresses. | Malware blog | Cyble |
| 7.3.26 | Middle East on the Brink: Iran-US-Israel Hostilities Trigger Cyber-Kinetic Conflict | Middle East faces unprecedented hybrid warfare as Iran, US, and Israel clash through cyberattacks, missile strikes, and hacktivist campaigns. | APT blog | Cyble |
| 7.3.26 | Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company | This activity began in early February and has continued in recent days. What organizations should expect next from Iran-aligned groups and the steps they should take to guard against cyberattacks. | APT blog | SECURITY.COM |
| 7.3.26 | AI as tradecraft: How threat actors operationalize AI | Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877). | AI blog | Microsoft blog |
| 7.3.26 | Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale | Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with Europol and industry partners to facilitate a disruption of Tycoon2FA’s infrastructure and operations. | Phishing blog | Microsoft blog |
| 7.3.26 | Europol, Microsoft, TrendAI™ and Collaborators Halt Tycoon 2FA Operations | Tycoon 2FA was dismantled this week by law enforcement and industry partners including TrendAI™. The phishing-as-a-service platform offered MFA bypass services using adversary-in-the-middle (AitM) proxying. | Phishing blog | Trend Micro |
| 7.3.26 | New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages | The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users. | Malware blog | Trend Micro |
| 7.3.26 | CISOs in a Pinch: A Security Analysis of OpenClaw | Learn how Claude Code Security set Cybersecurity stocks on fire. | AI blog | Trend Micro |
| 7.3.26 | Budibase Cloud View Filter Eval Injection Allows Full Remote Code Execution | SonicWall Capture Labs threat research team became aware of the threat CVE-2026-27702, assessed its impact, and developed mitigation measures for this vulnerability. CVE-2026-27702, also known as Budibase Cloud View Filter Map Function RCE, is a critical remote code execution vulnerability affecting Budibase in versions prior to 3.30.4. | Vulnerebility blog | SonicWall |
| 7.3.26 | PDF-Borne Living-off-the-Land Attacks with RMM Abuse | PDF files have long been abused by attackers to evade security detections and to deliver malware payloads. This time SonicWall Capture Labs threat research team has observed four distinct campaigns where PDF-based social engineering techniques being used to deliver remote monitoring and management (RMM) software for unauthorized system access. These tools, while legitimate in managed IT environments, become powerful weapons when deployed without user consent. | Malware blog | SonicWall |
| 7.3.26 | Scam Alerts Deceiving Users to Download Harmful Android Applications | SonicWall Capture Labs threat researchers identified an ongoing Android scam campaign targeting users with fake promotional offers, cashback rewards, and traffic-fine notifications. Distributed via social media, messaging platforms, and third-party app stores, the campaign deceives victims into installing a malicious application disguised as a legitimate service. | Spam blog | SonicWall |
| 7.3.26 | Inside a New VioletRAT Campaign: Multi Staged Delivery and Stealthy Payload Execution | Recently, the SonicWall Capture Labs threat research team observed a new campaign spreading Violet RAT using a multistage Python-based APC injection technique. The campaign employs a multi-stage delivery chain that involves archives, batch scripts, and a Python loader to deploy the final payload via shellcode injection. The complete infection chain can be visualized in the following figure 1. | Malware blog | SonicWall |
| 7.3.26 | An Investigation Into Years of Undetected Operations Targeting High-Value Sectors | Since at least 2020, we have observed a cluster of activity targeting high-value organizations across South, Southeast and East Asia. The attacks focus on critical sectors such as aviation, energy, government, law enforcement, pharmaceutical, technology and telecommunications. | APT blog | Palo Alto |
| 7.3.26 | Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran | On Feb. 28, 2026, the United States and Israel launched a significant joint offensive code named Operation Epic Fury (U.S.) and Operation Roaring Lion (Israel). In the hours following the initial strikes, Iran began a multi-vector retaliatory campaign, which has evolved into a significant trans-regional conflict. | APT blog | Palo Alto |
| 7.3.26 | Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild | Large language models (LLMs) and AI agents are becoming deeply integrated into web browsers, search engines and automated content-processing pipelines. While these integrations can expand functionality, they also introduce a new and largely underexplored attack surface. | AI blog | Palo Alto |
| 7.3.26 | Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East | During the ongoing conflict, we identified intensified targeting of IP cameras from two manufacturers starting on February 28, originating from infrastructure we attribute to Iranian threat actors. | APT blog | CHECKPOINT |
| 7.3.26 | Silver Dragon Targets Organizations in Southeast Asia and Europe | Check Point Research (CPR) is tracking Silver Dragon, an advanced persistent threat (APT) group which has been actively targeting organizations across Europe and Southeast Asia since at least mid-2024. The actor is likely operating within the umbrella of Chinese-nexus APT41. | APT blog | CHECKPOINT |
| 7.3.26 | Talos on the developing situation in the Middle East | Cisco Talos continues to monitor the ongoing conflict in the Middle East. As always, we will be watching closely for any cyber-related incidents that are tied to the conflict. | APT blog | CISCO TALOS |
| 7.3.26 | Patch, track, repeat: The 2025 CVE retrospective | Thor analyzes CVE data from 2025 and provides recommendations for where and how organizations should strengthen their defenses. | Vulnerebility blog | CISCO TALOS |
| 7.3.26 | UAT-9244 targets South American telecommunication providers with three new malware implants | Cisco Talos is disclosing UAT-9244, who we assess with high confidence is a China-nexus advanced persistent threat (APT) actor closely associated with Famous Sparrow. | APT blog | CISCO TALOS |
| 7.3.26 | What cybersecurity actually does for your business | The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed | Cyber blog | Eset |
| 7.3.26 | How SMBs use threat research and MDR to build a defensive edge | We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses | Security blog | Eset |
| 7.3.26 | Protecting education: How MDR can tip the balance in favor of schools | The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative? | Security blog | Eset |
| 7.3.26 | This month in security with Tony Anscombe – February 2026 edition | In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools | AI blog | Eset |
| 7.3.26 | The Iranian Cyber Capability 2026 | This report examines Iranian-linked threat activity from 2024 onward. | APT blog | Trelix |
| 7.3.26 | Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India | The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding | AI | The Hacker News |
| 7.3.26 | Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT | Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted | Virus | The Hacker News |
| 7.3.26 | Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor | New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in | APT | The Hacker News |
| 6.3.26 | China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks | A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, | APT | The Hacker News |
| 6.3.26 | Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer | Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way | Virus | The Hacker News |
| 6.3.26 | Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation | Vulnerebility | The Hacker News |
| 6.3.26 | Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities | Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in | Exploit | The Hacker News |
| 6.3.26 | Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware | A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry | Virus | The Hacker News |
| 6.3.26 | APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine | Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously | APT | The Hacker News |
| 5.3.26 | Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks | Tycoon 2FA , one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential | BigBrothers | The Hacker News |
| 5.3.26 | FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials | A joint law enforcement operation has dismantled LeakBase , one of the world's largest online forums for cybercriminals to buy and sell stolen data and | BigBrothers | The Hacker News |
| 5.3.26 | Microsoft: Hackers abuse OAuth error flows to spread malware | Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. | Virus | |
| 5.3.26 | Google Chrome shifts to two-week release cycle for increased stability | Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. | Security | |
| 5.3.26 | LexisNexis confirms data breach as hackers leak stolen files | American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information. | Incindent | |
| 5.3.26 | Compromised Site Management Panels are a Hot Item in Cybercrime Markets | Compromised cPanel credentials are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure. Flare explains how analyzing 200,000 underground posts reveals a commoditized market for hacked site management panels. | CyberCrime | |
| 5.3.26 | Star Citizen game dev discloses breach affecting user data | Cloud Imperium Games (CIG), the game developer behind Star Citizen and Squadron 42, says attackers breached systems containing some users' personal information in January. | Incindent | |
| 5.3.26 | UH Cancer Center data breach affects nearly 1.2 million people | The University of Hawaii confirmed that a ransomware gang stole the data of nearly 1.2 million individuals in August 2025 after breaching its Cancer Center's Epidemiology Division. | Incindent | |
| 5.3.26 | Android gets patches for Qualcomm zero-day exploited in attacks | Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. | OS | |
| 5.3.26 | CyberStrikeAI tool adopted by hackers for AI-powered attacks | Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. | AI | BleepingComputer |
| 5.3.26 | Fake Google Security site uses PWA app to steal credentials, MFA codes | A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers. | Hack | |
| 5.3.26 | Alabama man pleads guilty to hacking, extorting hundreds of women | A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). | CyberCrime | |
| 5.3.26 | Florida woman imprisoned for massive Microsoft license fraud scheme | A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. | CyberCrime | |
| 5.3.26 | UK warns of Iranian cyberattack risks amid Middle-East conflict | The United Kingdom's National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East. | BigBrothers | |
| 5.3.26 | How Deepfakes and Injection Attacks Are Breaking Identity Verification | Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device integrity, and behavior—to stop synthetic and injected attacks in real time. | Hack | |
| 5.3.26 | Anthropic confirms Claude is down in a worldwide outage | Claude appears to be having a major outage right now, with elevated errors reported across all platforms. | AI | |
| 5.3.26 | ClawJacked attack let malicious websites hijack OpenClaw to steal data | Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. | Attack | |
| 5.3.26 | Samsung TVs to stop collecting Texans’ data without express consent | Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs | BigBrothers | BleepingComputer |
| 5.3.26 | 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict | Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran , | BigBrothers | The Hacker News |
| 4.3.26 | Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 | Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between | Exploit | The Hacker News |
| 4.3.26 | Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux | Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform | Virus | The Hacker News |
| 4.3.26 | APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 | Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks | APT | The Hacker News |
| 4.3.26 | CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria | Exploit | The Hacker News |
| 4.3.26 | Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations | Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and- | Spam | The Hacker News |
| 3.3.26 | Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries | The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open- | AI | The Hacker News |
| 3.3.26 | Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication | Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor | Phishing | The Hacker News |
| 3.3.26 | Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets | Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional | Virus | The Hacker News |
| 3.3.26 | Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited | Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been | Vulnerebility | The Hacker News |
| 3.3.26 | SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains | The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure | APT | The Hacker News |
| 3.3.26 | New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel | Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate | AI | The Hacker News |
| 3.3.26 | Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome | Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum | Safety | The Hacker News |
| 2.3.26 | Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513 | On February 2026’s Patch Tuesday, Microsoft patched CVE-2026-21513, a security features bypass vulnerability within MSHTML framework. | Exploit | AKAMAI |
| 2.3.26 | APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday | A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28 , | APT | The Hacker News |
| 2.3.26 | North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT | Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have | APT | The Hacker News |
| 1.3.26 | QuickLens Chrome extension steals crypto, shows ClickFix attack | A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. | Cryptocurrency | |
| 1.3.26 | $4.8M in crypto stolen after Korean tax agency exposes wallet seed | South Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency. | Cryptocurrency | |
| 1.3.26 | Microsoft testing Windows 11 batch file security improvements | Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. | OS | |
| 1.3.26 | APT37 hackers use new malware to breach air-gapped networks | North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. | APT | |
| 1.3.26 | Europol-led crackdown on The Com hackers leads to 30 arrests | A yearlong Europol-coordinated operation dubbed "Project Compass" has led to 30 arrests and 179 suspects being tied to "The Com," an online cybercrime collective that targets children and teenagers. | BigBrothers | |
| 1.3.26 | CISA warns that RESURGE malware can be dormant on Ivanti devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. | Virus | |
| 1.3.26 | Third-Party Patching and the Business Footprint We All Share | Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. | Vulnerebility | |
| 1.3.26 | Ukrainian man pleads guilty to running AI-powered fake ID site | A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide. | AI | |
| 1.3.26 | Previously harmless Google API keys now expose Gemini AI data | Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. | AI | |
| 1.3.26 | Trend Micro warns of critical Apex One code execution flaws | Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. | Vulnerebility | |
| 1.3.26 | European DYI chain ManoMano data breach impacts 38 million customers | DIY store chain ManoMano is notifying customers of a data breach personal data, which was caused by hackers compromising a third-party service provider. | Incindent | |
| 1.3.26 | Critical Juniper Networks PTX flaw allows full router takeover | A critical vulnerability in the Junos OS Evolved network operating system running on PTX Series routers from Juniper Networks could allow an unauthenticated attacker to execute code remotely with root privileges. | Vulnerebility | |
| 1.3.26 | Olympique Marseille confirms 'attempted' cyberattack after data leak | French professional football club Olympique de Marseille has confirmed a cyberattack after a threat actor claimed on Monday that it breached the club's systems earlier this month. | Incindent | |
| 1.3.26 | Ransomware payment rate drops to record low as attacks surge | The number of ransomware victims paying threat actors has dropped to 28% last year, an all-time low, despite a significant increase in the number of claimed attacks. | Ransom | |
| 1.3.26 | Microsoft expands Windows restore to more enterprise devices | Microsoft now allows more enterprise users to restore their personal settings and Microsoft Store apps from a previous Windows 11 device. | OS | |
| 1.3.26 | New York sues Valve for promoting illegal gambling via game loot boxes | New York Attorney General Letitia James sued video game developer and publisher Valve Corporation for using game loot boxes to facilitate illegal gambling activities among children and teenagers. | BigBrothers | |
| 1.3.26 | Medical device maker UFP Technologies warns of data stolen in cyberattack | American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data. | Hack | |
| 1.3.26 | Fake Next.js job interview tests backdoor developer's devices | The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. | Hack | |
| 1.3.26 | Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023 | Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. | Vulnerebility | |
| 1.3.26 | Chinese cyberspies breached dozens of telecom firms, govt agencies | Google's Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and government networks. | BigBrothers | |
| 1.3.26 | Marquis sues SonicWall over backup breach that led to ransomware attack | Marquis Software Solutions has filed a lawsuit against SonicWall, accusing the cybersecurity company of gross negligence and misrepresentation that allegedly led to a ransomware attack disrupting operations at 74 U.S. banks. | Ransom | |
| 1.3.26 | The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web | OpenClaw has sparked heavy Telegram and dark web chatter, but Flare's data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills marketplace, yet limited signs of large-scale criminal operationalization. | Vulnerebility | BleepingComputer |
| 1.3.26 | Zyxel warns of critical RCE flaw affecting over a dozen routers | Taiwan networking provider Zyxel has released security updates to address a critical vulnerability affecting over a dozen router models that can allow unauthenticated attackers to gain remote command execution on unpatched devices. | Vulnerebility | |
| 1.3.26 | US sanctions Russian broker for buying stolen zero-day exploits | The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. | Exploit | BleepingComputer |
| 1.3.26 | ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket | OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally | AI | The Hacker News |