Internet-exposed devices that give BIOS-level access? What could possibly go wrong? Researchers are warning about the risks posed by a low-cost device that can give insiders a
Published: 2026-03-17T17:07:12
Most of the devices are made by Asus and are located in the US. Researchers say they have uncovered a takedown-resistant botnet of 14,000 routers and other network devices pri
Published: 2026-03-11T21:27:16
The long, strange trip of a large assembly of advanced iOS exploits. The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch three critical
Published: 2026-03-06T19:41:33
What exactly is AGI? Nobody knows, but Google's AI lab is asking for help trying to define it If a bot actually achieved artificial general intelligence (AGI), how would we even know? Google DeepMind boffins have come up with what they say is an empi
Published: 2026-03-18T16:51:16
Second emergency fix in days targets Windows 11 24H2 and 25H2 Microsoft has pushed out yet another out-of-band hotpatch, this time to fix Bluetooth issues in Windows 11 25H2 and 24H2.
Published: 2026-03-17T12:27:08
'OpenClaw is the operating system for personal AI,' insists Nvidia CEO gtc In Pixar's Toy Story, a trio little green aliens explain, "The claw chooses who will go and who will stay." The claw in that instance was a mechanical claw in a vending machi
Published: 2026-03-16T20:15:28
Skia graphics lib and V8 JavaScript engine brings browser's tally of actively exploited bugs to three in 2026 Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before
Published: 2026-03-13T11:25:14
US medical equipment provider Stryker said its global networks were disrupted by a cyberattack on Wednesday, allegedly carried out by a hacking group linked to Iran. The attack impacted Stryker's internal Microsoft environment and deleted information from devices, with one employee telling NBC News that company phones stopped working, grinding work and communications to a […] 
US medical equipment provider Stryker said its global networks were disrupted by a cyberattack on Wednesday, allegedly carried out by a hacking group linked to Iran. The attack impacted Stryker's internal Microsoft environment and deleted informati...
Published: 2026-03-12T07:28:53
Meta is adding more scam detection tools to Facebook, Messenger, and WhatsApp that can help users protect their accounts. In its announcement, Meta says the new features aim to alert users about suspicious activities before they engage with them, such as unrecognized friend requests and device linking notifications, because "we know that scammers try to […] 
Meta is adding more scam detection tools to Facebook, Messenger, and WhatsApp that can help users protect their accounts. In its announcement, Meta says the new features aim to alert users about suspicious activities before they engage with them, s...
Published: 2026-03-11T07:00:00
Anthropic CEO Dario Amodei is reportedly back at the negotiating table with the Department of Defense in an attempt to salvage the company's relationship with the US military and prevent it from being iced out of defense work for being a "supply chain risk." Talks between the two parties imploded on Friday after weeks of […] 
Anthropic CEO Dario Amodei is reportedly back at the negotiating table with the Department of Defense in an attempt to salvage the company's relationship with the US military and prevent it from being iced out of defense work for being a "supply ch...
Published: 2026-03-05T06:46:46
The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January. [...]
Published: 2026-03-18T12:53:42
Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. [...]
Published: 2026-03-18T11:32:39
Refund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. [...]
Published: 2026-03-18T10:05:15
A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. [...]
Published: 2026-03-18T10:02:08
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. [...]
Published: 2026-03-17T21:06:31
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]
Published: 2026-03-17T17:42:54
The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]
Published: 2026-03-17T14:41:59
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. [...]
Published: 2026-03-17T09:59:12
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. [...]
Published: 2026-03-17T08:09:35
Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. [...]
Published: 2026-03-17T07:07:05
Introduction Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to
Published: 2026-03-18T14:00:00
Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark Introduction Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ran
Published: 2026-03-16T14:00:00
Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Beno t Sevens, Fred Plan Executive Summary Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of
Published: 2026-03-05T14:00:00
Introduction Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023). The exploit kit
Published: 2026-03-03T14:00:00
The post Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway. appeared first on ProPublica. In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s
Published: 2026-03-18T10:00:00
The post This DHS Official Oversees the Security of Federal Elections. He Wants to Ban Voting Machines. appeared first on ProPublica. In his top post at the Department of Homeland Security, David Harvilicz sets policy on protecting the nation’s ele
Published: 2026-03-14T18:00:00
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub o... 
Published: 2026-03-11T16:20:13
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), bu... 
Published: 2026-03-11T00:32:51
AI-based assistants or “agents” — autonomous programs that have access to the user’s computer, files, online services and can automate virtually any task — are growing in popularity with developers and IT workers. But as... 
Published: 2026-03-08T23:35:42
Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.
Published: 2026-03-18T17:40:31
Researchers map full org chart of the scam from dodgy recruiters to helpful Western collaborators Researchers at IBM X Force and Flare Research have uncovered data that sheds light on how North Korea's fake IT worker schemes operate and infiltrate companies in order to funnel money back to the regime and steal sensitive information.
Published: 2026-03-18T13:57:07
No 1 Space Operations Squadron will get a persistent stare capability The Ministry of Defence (MoD) plans to spend 17.5 million on a remotely-operated satellite monitoring facility in Cyprus, partly to protect the UK's secure communications system Skynet.
Published: 2026-03-18T12:34:15
Even without a navy, or air power, 'They'll still have the ability to hack' Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.
Published: 2026-03-18T07:32:08
Big Tech donates $12.5 million to get things rolling Half a dozen Big Tech players have together delivered $12.5 million in grants towards a project that aims to help maintainers of open source projects to cope with AI slop bug reports.
Published: 2026-03-18T04:05:45
In less polite places, this is called hacking back or offensive cyber-ops Japan's government yesterday decided to allow its Self-Defense Force to conduct offensive cyber-operations, starting on October 1st.
Published: 2026-03-18T02:49:49
Sell your soul to the orb Sam Altman has cooked up a plan to make his cryptocurrency/identity/eyeball-scanning-orb venture more useful by you guessed it adding agentic AI to the mix. Now the technology behind it will be used to identify the human behind bots.
Published: 2026-03-17T20:26:08
State-sponsored attackers joined by Chinese snoops and hackers-for-hire in latest round of economic penalties The Council of the European Union sanctioned Emennet Pasargad on Monday, a company used as a front for a series of Iranian cyberattacks.
Published: 2026-03-17T16:18:38
Midmarket security leaders aren't as secure as they think, says Intruder's report Partner Content The midmarket matters. JP Morgan estimates approximately 300,000 organizations generating $13T in annual revenue. Yet they occupy an awkward position in the security landscape. They're large enough to be attractive targets with complex digital estates, significant revenue, and valuable data, but not large enough to have the headcount, budget maturity, or tooling sophistication of an enterprise security team.
Published: 2026-03-17T09:00:16
SCION: Proven in banking and healthcare, slow to spread everywhere else Feature BGP, the Border Gateway Protocol, was not designed to be secure. It was designed to work to route packets between the thousands of autonomous systems that make up the internet, quickly and at scale.
Published: 2026-03-17T08:15:07
Admins may be even more exhausted by then, because securing Microsoft's AI helper is not a trivial job Gartner analyst Dennis Xu has half-jokingly suggested banning use of Microsoft's Copilot AI on Friday afternoons, because he fears at that time of week users may be too lazy to properly check its possibly offensive output.
Published: 2026-03-17T04:37:40
AI helped send weekly threat signal count from 80 million to 400 billion, then helped response time shrink from two days to 30 minutes Australia's Commonwealth Bank built its own agentic AI threat hunting tools, because vendors are too slow to develop tools that can cope with emerging AI-powered threats, according to General Manager of Cyber Defence Operations Andrew Pade.
Published: 2026-03-17T02:37:16
Operations and hospital networks not affected, we're told Robotics-assisted surgical tech firm Intuitive said that unauthorized intruders gained access to some of its internal IT business applications after stealing an employee's credentials during a phishing attack.
Published: 2026-03-16T20:04:08
Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts' Cybercrime has skyrocketed since the start of the Iran war, according to Akamai, which reports a 245 percent increase in everything from credential harvesting attempts to automated reconnaissance traffic aimed at banks and other critical businesses.
Published: 2026-03-16T18:40:30
Interpol says fraud schemes using the tech are 4.5x more profitable AI is apparently good for the bottom line if your business is crime. Financial fraud schemes carried out with the help of artificial intelligence are 4.5 times more profitable than those that aren't enhanced, according to Interpol's latest estimates.
Published: 2026-03-16T16:40:06
Back button blunder in WebFiling service run by Companies House revealed confidential paperwork Companies House was forced to pull down its record-filing platform for the entire weekend to rectify a "security issue" that exposed the personal details of company directors and other data to any logged in users.
Published: 2026-03-16T12:18:23
PLUS: Citrix CISO urges patch blitz; Mandiant founder reveals AI red-teaming tech; Bitter privacy news for Starbucks; And more Infosec In Brief Canadian outsourcer Telus Digital has admitted it fell victim to a cyberattack.
Published: 2026-03-15T23:24:51
And then they send victims to the legit VPN download to hide their tracks A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti, and other vendors to steal users' credentials, according to Microsoft.
Published: 2026-03-13T17:17:19
Operation Synergia's third season is the most productive to date Ninety-four people were arrested as part of a global, multi-month cybercrime crackdown, Interpol revealed today.
Published: 2026-03-13T12:39:54
Take your YOLO and box it up exclusive NanoClaw, an open source agent platform, can now run inside Docker Sandboxes, furthering the project's commitment to security.
Published: 2026-03-13T11:50:11
Skia graphics lib and V8 JavaScript engine brings browser's tally of actively exploited bugs to three in 2026 Google has pushed out an emergency Chrome update to fix two previously unknown vulnerabilities that attackers were already exploiting before the patches landed.
Published: 2026-03-13T11:25:14
Prompt like a hard-ass boss who won't tolerate failure and bots will find ways to breach policy AI agents work together to bypass security controls and stealthily steal sensitive data from within the enterprise systems in which they operate, according to tests carried out by frontier security lab Irregular.
Published: 2026-03-12T23:49:32
International cops stuck down 23 servers in 7 countries Cops from eight countries this week disrupted SocksEscort, a residential proxy service used by criminals to compromise hundreds of thousands of routers worldwide and carry out digital fraud, costing businesses and consumers millions.
Published: 2026-03-12T16:23:38
No rest for project maintainers battered by slew of vulnerability disclosures The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n.
Published: 2026-03-12T13:34:55
Like deleting data, exposing keys, and loading malicious content - which may be why Beijing has reportedly banned it China's National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks.
Published: 2026-03-12T01:37:09
State news published a list of nearly 30 sites that could be targeted Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran's state-affiliated Tasnim news agency.
Published: 2026-03-11T22:18:44
Meanwhile, Verifone says 'no evidence' to support the digital intruders' claims A hacking crew with ties to Iran's intelligence agency claimed to be behind a global network outage at med-tech firm Stryker on Wednesday, and said the cyberattack was in response to the US-Israel airstrikes.
Published: 2026-03-11T20:40:12
150k accounts nuked, 21 suspects arrested Not every scam starts with malware or a compromised account. Sometimes all it takes is a friend request or a link shared via chat.
Published: 2026-03-11T17:21:30
Blue-on-blue internal investigation lands force 66k fine The UK's data protection watchdog has fined Police Scotland 66,000 ($88,000) for what it calls a "serious failure" in handling an alleged victim's sensitive data.
Published: 2026-03-11T14:06:01
Officials suspend Basel-Stadt trial and launch probe A Swiss canton has suspended its pilot of electronic voting after failing to count 2,048 votes cast in national referendums held on March 8.
Published: 2026-03-11T12:31:39
17-year-old allegedly withdrew large sums of cash from ATMs Dutch police have arrested a 17-year-old boy who detectives suspect was responsible for 16 bank card frauds across the Netherlands.
Published: 2026-03-11T12:12:08
Advocate General urges rethink of PSD2 to speed compensation after scams Analysis One of the European Union's top legal advisors is trying to change how banks treat cybercrime victims meaning they could enjoy greater financial protections sooner than expected.
Published: 2026-03-11T11:29:21
Reflecting on the relaunch of the UK Cyber Team and introducing the next phase of leadership Partner Content The UK Cyber Team is a government initiative led by the Department for Science, Innovation and Technology in partnership with SANS Institute. Its purpose is to identify, develop, and support the UK's most promising emerging cyber talent, while ensuring the UK is represented with confidence and credibility on the international cyber stage.
Published: 2026-03-11T09:00:09
Could steal sensitive personal and financial data After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn't exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we're sure is a welcome change to sysadmins.
Published: 2026-03-10T20:35:16
Ransomware, malware-as-a-service, infostealers benefit MOIS, too Iranian government-backed snoops are increasingly using cybercrime malware and ransomware infrastructure in their operations - not just hiding behind criminal masks as a cover for destructive cyber activity, according to security researchers.
Published: 2026-03-10T18:25:47
Rapid7 says crims broke into more than 250 sites globally, including a US Senate candidate's campaign page Cyber baddies quietly compromised legitimate WordPress websites, including the campaign site of a US Senate candidate, turning them into launchpads for a global infostealer operation.
Published: 2026-03-10T16:29:14
Russian-speaking attackers lure HR staff into downloading ISO files that disable defenses A Russian-speaking cyber criminal is targeting corporate HR teams with fake CVs that quietly install malware which can disable security tools before stealing data from infected machines.
Published: 2026-03-10T13:31:11
Crooks used simple phone scam to compromise vendor account, spilling personal and financial data belonging to more than 15,000 people A voice-phishing scam targeting one of Ericsson's service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over access.
Published: 2026-03-10T12:16:28
Digital freedom needs a Kali Linux for the rest of us Opinion The hacker mind is a curious way to be. To have it means to embody endless analytical curiosity, an awareness of any given rule set as just one system among many, and an ability to see any system in ways that its creators never expected. Combine this with a drive to find the bad and make things better, and you become one of the fundamental forces of the technological universe.
Published: 2026-03-10T12:09:31
Kids profited from tools used to attack popular websites, say officials Polish police have referred seven suspected juvenile cybercriminals to family court over an alleged scheme to flog DDoS kits online.
Published: 2026-03-10T11:41:28
David and Goliath but with AI agents Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours.
Published: 2026-03-09T22:22:07
And they abused a Mandiant-developed open source tool in the attacks ShinyHunters told The Register that it has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.
Published: 2026-03-09T18:30:27
An attack on the company's AWS platform may have exposed customers' names and home addresses Exclusive ELECQ, maker of smart electric vehicle (EV) chargers, is warning customers that their personal details may have been stolen in a ransomware attack that encrypted and copied user data from its cloud systems.
Published: 2026-03-09T16:02:48
Two-week deadline to fraudsters to fess up or have their faces plastered across every screen in the country Dutch national police are taking a novel stand against scammers - 100 suspects now have less than two weeks to hand themselves in or face public shaming.
Published: 2026-03-09T13:08:28
Dutch spies flag large-scale campaign to hijack secure messaging accounts Russian-linked hackers are trying to break into the Signal and WhatsApp accounts of government officials, journalists, and military personnel globally not by cracking encryption, but by simply tricking people into handing over the keys.
Published: 2026-03-09T12:40:53
This isn't just a nostalgia trip billions of legacy microcontrollers may be at risk AI can reverse engineer machine code and find vulnerabilities in ancient legacy architectures, says Microsoft Azure CTO Mark Russinovich, who used his own Apple II code from 40 years ago as an example.
Published: 2026-03-09T11:58:46
Britain's Ministry of Defence wants a counter-drone system designed, contracted, and delivered within weeks Britain's Royal Navy is urgently seeking a ship-based counter-drone system and recent world events likely explain why.
Published: 2026-03-09T09:30:13
Cyber is no longer the hush-hush thing it used to be, as team Trump invades Iran with hackers taking the lead Kettle Unlike previous military conflicts, the cyber domain has been front and center since the Trump administration invaded Iran, upending the traditionally quiet role played by hackers in military conflicts.
Published: 2026-03-09T01:31:10
PLUS: Europol takes down two crime gangs; LastPass users phished (again); Crooks increase crypto hauls; And more Infosec In Brief The FBI is investigating a breach of its systems which reportedly affected systems related to wiretapping and surveillance.
Published: 2026-03-08T23:14:54
Crims 'will do what gets them their objective easiest and fastest,' Microsoft threat intel boss tells The Reg interview AI agents allow cybercriminals and nation-state hackers to outsource the "janitorial-type work" needed to plan and carry out cyberattacks, according to Sherrod DeGrippo, Microsoft's GM of global threat intelligence. North Korea is taking advantage.
Published: 2026-03-08T11:00:06
A powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites.
Published: 2026-03-18T14:00:00
On March 26, a panel of WIRED experts will dissect the defense tech industry’s impact on modern warfare. Submit your questions now.
Published: 2026-03-18T10:30:00
Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud.
Published: 2026-03-17T10:00:00
Dozens of Telegram channels reviewed by WIRED include job listings for “AI face models.” The (mostly) women who land these gigs are likely being used to dupe victims out of their money.
Published: 2026-03-16T09:00:00
Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.
Published: 2026-03-14T10:30:00
A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline.
Published: 2026-03-12T18:00:00
Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks.
Published: 2026-03-12T16:14:39
Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday.
Published: 2026-03-11T12:01:28
Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned.
Published: 2026-03-10T18:23:28
Delivery apps are glitching and navigation routes are changing abruptly thanks to electronic warfare disrupting the satellite signals that power everything from missiles to your ride home.
Published: 2026-03-10T15:22:35
Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more.
Published: 2026-03-07T11:30:00
As missiles and drones cross the region’s skies, the Gulf’s layered air-defense networks from THAAD to Patriot batteries are being tested in real time.
Published: 2026-03-07T11:00:00
Iran’s internet shutdown has reduced connectivity by 99 percent, with air strikes likely causing additional outages, and few workarounds remaining.
Published: 2026-03-06T20:06:06
New research shows hundreds of attempts by apparent Iranian state hackers to hijack consumer-grade cameras, timed to missile and drone strikes. Israel, Russia, and Ukraine have also adopted this trick.
Published: 2026-03-06T11:30:00
As the conflict in the Middle East continues to escalate, more than a dozen countries in the region have reportedly been affected by air strikes.
Published: 2026-03-05T22:28:33
Donald Trump said he would replace the secretary of the Department of Homeland Security. Noem’s tenure was marked by aggressive anti-immigration tactics and ICE and CBP’s killing of two US protesters.
Published: 2026-03-05T19:43:46
Frustrated by fragmented war news, Anghami’s Elie Habib built World Monitor, a platform that fuses global data, like aircraft signals and satellite detections, to track conflicts as they unfold.
Published: 2026-03-05T10:00:00
A pair of US lawmakers are calling for an investigation into how easily spies can steal information based on devices’ electromagnetic and acoustic leaks a spying trick the NSA once codenamed TEMPEST.
Published: 2026-03-04T19:00:00
A highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government.
Published: 2026-03-03T19:01:35
After strikes killed senior Iranian officials, Iran cut off internet access. Journalists are relying on satellite links, encrypted apps, and smuggled footage to report from inside the country.
Published: 2026-03-03T09:30:00
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass destruction (WMD) programs. "The North Korean
Published: 2026-03-18T22:56:00
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to
Published: 2026-03-18T21:30:00
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set
Published: 2026-03-18T18:00:00
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins. A detailed analysis of where Claude
Published: 2026-03-18T17:28:00
Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow
Published: 2026-03-18T17:12:00
Security teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations security teams still struggle to understand context: Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable attack paths to crown jewels? Even the most mature security teams can’t answer that
Published: 2026-03-18T16:00:00
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system. "This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access
Published: 2026-03-18T13:38:00
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. The
Published: 2026-03-18T12:01:00
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells
Published: 2026-03-17T22:09:00
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials
Published: 2026-03-17T20:04:00
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, examines how organizations are securing AI infrastructure and highlights critical gaps tied to skills shortages and
Published: 2026-03-17T17:00:00
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni. "Initial access was achieved through a spear-phishing email disguised as a
Published: 2026-03-17T15:23:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions
Published: 2026-03-17T10:53:00
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects including Django apps, ML research code, Streamlit dashboards, and PyPI packages by appending obfuscated code to files like setup.py, main.py, and app.py," StepSecurity said. "Anyone who runs
Published: 2026-03-17T01:07:00
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There’s a good mix here: weird abuse of trusted stuff, quiet infrastructure ugliness,
Published: 2026-03-16T19:47:00
If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an automated pentesting product, in another. A vulnerability scanner feeding an attack surface management platform somewhere else. Each tool gives you a slice of the picture. None of them talks to each other in any
Published: 2026-03-16T17:28:00
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction usually in the form of copying and executing commands making it particularly effective against users who may not appreciate the implications of running
Published: 2026-03-16T17:11:00
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware
Published: 2026-03-16T14:37:00
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week. AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened
Published: 2026-03-16T11:13:00
China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source and self-hosted autonomous artificial intelligence (AI) agent. In a post shared on WeChat, CNCERT noted that the platform's "inherently weak default security configurations," coupled with its
Published: 2026-03-14T21:47:00
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive
Published: 2026-03-14T18:25:00
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation. "The activity demonstrated strategic operational patience and
Published: 2026-03-13T23:03:00
Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said in a help document. "If you're on an older version of Instagram, you may also need to update the
Published: 2026-03-13T22:39:00
INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effort is part of an international law enforcement operation that involved 72 countries and territories.
Published: 2026-03-13T20:50:00
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients
Published: 2026-03-13T19:08:00
Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is intended for informational and preparedness purposes only. Read more blogs around threat
Published: 2026-03-13T18:58:00
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML
Published: 2026-03-13T14:47:00
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees. The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The
Published: 2026-03-13T13:48:00
A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud. "SocksEscort infected home and small business internet routers with malware," the U.S. Department of Justice (DoJ) said. "The malware allowed SocksEscort to direct internet
Published: 2026-03-13T10:56:00
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows - CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21667 (
Published: 2026-03-13T09:45:00
Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian
Published: 2026-03-12T23:01:00
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to take
Published: 2026-03-12T22:32:00
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helps
Published: 2026-03-12T19:00:00
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how
Published: 2026-03-12T18:44:00
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity industry has focused on the front door of phishing defense: employee training, email gateways that
Published: 2026-03-12T17:00:00
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit. The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was
Published: 2026-03-12T15:28:00
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT. PixRevolution, according to
Published: 2026-03-12T13:26:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched
Published: 2026-03-12T10:48:00
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio
Published: 2026-03-11T22:08:00
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated
Published: 2026-03-11T20:21:00
Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The effort also led to 21 arrests made by the Royal Thai Police, the company said. The action builds upon
Published: 2026-03-11T18:45:00
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization
Published: 2026-03-11T17:56:00
“You knew, and you could have acted. Why didn’t you?” This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident. For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing
Published: 2026-03-11T17:00:00
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four
Published: 2026-03-11T14:45:00
A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used this
Published: 2026-03-11T13:01:00
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March
Published: 2026-03-11T10:42:00
Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology
Published: 2026-03-10T21:51:00
Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has
Published: 2026-03-10T21:51:00
Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus Labs team at Lumen. A lesser number of
Published: 2026-03-10T21:30:00
Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in
Published: 2026-03-10T18:50:00
CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in […]
Published: 2026-03-18T15:06:28
Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control […]
Published: 2026-03-18T11:35:29
Intuitive suffered a phishing attack leading to a data breach exposing customer, employee, and corporate information. Intuitive is an American company that designs, manufactures, and sells robotic systems for minimally invasive surgery. Its most well-known products include the da Vinci Surgical System for general surgery and the Ion endoluminal system for precise procedures inside the […]
Published: 2026-03-18T09:08:53
Iran war likely prolonged, increasing cyber threats, energy disruption, and instability, with companies in the Middle East facing higher risk. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, Iran)
Published: 2026-03-18T08:46:36
EU sanctions Chinese and Iranian firms and individuals for cyberattacks targeting critical infrastructure and over 65,000 devices across member states. The Council of the European Union has imposed sanctions on three companies and two individuals linked to cyberattacks against EU countries and partners. “The Council adopted today restrictive measures against three entities and two individuals responsible for cyber-attacks carried […]
Published: 2026-03-17T22:12:25
RondoDox botnet targets 174 flaws, reaching 15,000 daily exploit attempts in a more focused and strategic campaign. RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with up to 15,000 daily exploitation attempts in a more focused and strategic campaign, Bitsight reported. “We gathered all these exploit attempts (identifiable by indicators like the User-Agent and […]
Published: 2026-03-17T15:01:52
China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. “The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk […]
Published: 2026-03-17T12:01:59
ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and […]
Published: 2026-03-17T09:19:49
The recent cyberattack on Stryker wiped tens of thousands of employee devices through its Microsoft environment, and systems are still offline. A recent cyberattack on medical technology giant Stryker targeted its internal Microsoft environment and remotely wiped tens of thousands of employee devices without using malware. The company confirmed that its medical devices were not […]
Published: 2026-03-17T08:05:55
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Wing FTP Server flaw, tracked as CVE-2025-47813 (CVSS score of 4.3), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-47813 is an information disclosure vulnerability affecting Wing FTP […]
Published: 2026-03-16T21:08:53