105Articles
9Categories
2026-03-13Date
🚨 CISA KEV 1[−]
13 Mar KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability These types of vulnerabil…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 40[−]
13 MarOpenSSH GSSAPI Flaw Can Be Exploited to Crash SSH Child ProcessesA newly discovered vulnerability in the GSSAPI Key Exchange patch for OpenSSH is putting multiple Linux distributions at risk. Tracked as CVE-2026-3497, the flaw allows unauthenticated attackers to crash SSH child processes using a single crafted packet. This leads to reliable de…GBHACKERS.COM
13 MarVeeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code ExecutionVeeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows - CVE-2026-21666 (CVSS score: 9.9) - A vulnerabilit…THEHACKERNEWS.COM
13 Mar KEVGoogle Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in…THEHACKERNEWS.COM
13 MarCVE-2026-3904Information published.MSRC.MICROSOFT.COM
13 MarCVE-2026-3805 use after free in SMB connection reuseInformation published.MSRC.MICROSOFT.COM
13 Mar KEVTwo Newly Discovered Chrome Zero-Days Exploited in the Wild to Run Malicious CodeGoogle has released an urgent security update for its Chrome desktop browser to address two critical zero-day vulnerabilities. Tracked as CVE-2026-3909 and CVE-2026-3910, both flaws are categorized as high-severity and are confirmed to be actively exploited by attackers in the wi…GBHACKERS.COM
13 Mar KEVVeeam warns admins to patch now as critical RCE flaws hit Backup & ReplicationBackup vendor Veeam has released security updates to patch multiple vulnerabilities in its widely used Backup and Replication platform, including three critical flaws that could allow authenticated users to execute code on backup servers. Detailed in the company’s advisory KB4830…CSOONLINE.COM
13 MarNew Critical AdGuard Home Flaw Lets Attackers Bypass AuthenticationAdGuard Home, a highly popular network-wide ad and tracker blocking solution, has recently issued an emergency security hotfix to address a critical flaw. This severe vulnerability, officially tracked under the identifier CVE-2026-32136, has been assigned a maximum severity ratin…GBHACKERS.COM
13 Mar KEVGoogle warns of two actively exploited Chrome zero daysThreat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately. Google has issued emergency patches for the two holes, CVE-2026-3909 and CVE-2026-3910. This comes just days after the release of 29 fix…CSOONLINE.COM
13 MarChromium: CVE-2026-3942 Incorrect security UI in PictureInPictureThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3931 Heap buffer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3941 Insufficient policy enforcement in DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3940 Insufficient policy enforcement in DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3939 Use after free in WebViewThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3938 Insufficient policy enforcement in ClipboardThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3937 Incorrect security UI in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3935 Incorrect security UI in WebAppInstallsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3934 Insufficient policy enforcement in ChromeDriverThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3932 Insufficient policy enforcement in PDFThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3925 Incorrect security UI in LookalikeChecksThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3915 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3936 Use after free in WebViewThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3929 Side-channel information leakage in ResourceTimingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3928 Insufficient policy enforcement in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3927 Incorrect security UI in PictureInPictureThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3926 Out of bounds read in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3924 Use after free in WindowDialogThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3923 Use after free in WebMIDIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3922 Use after free in MediaStreamThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3921 Use after free in TextEncodingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3920 Out of bounds memory access in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3919 Use after free in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3918 Use after free in WebMCPThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3917 Use after free in AgentsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3916 Out of bounds read in Web SpeechThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3914 Integer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3913 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3930 Unsafe navigation in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.MSRC.MICROSOFT.COM
13 MarChromium: CVE-2026-3910 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2026-3910 exists in…MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
13 MarTelus Digital hit with massive data breachTelus Digital, which provides business process outsourcing (BPO) services to a range of organizations worldwide, has been hit with a massive cyberattack conducted by extortion group ShinyHunters The group, which has been in operation since 2020, specializes in stealing data from …CSOONLINE.COM
13 MarStarbucks discloses data breach affecting hundreds of employeesStarbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. [...]BLEEPINGCOMPUTER.COM
13 MarGoogle fixes two new Chrome zero-days exploited in attacksGoogle has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. [...]BLEEPINGCOMPUTER.COM
13 MarAuthorities Disrupt SocksEscort Proxy Service Powered by AVrecon BotnetLaw enforcement agencies in the US and Europe targeted the cybercrime service that has impacted 360,000 devices since 2020. The post Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarChrome 146 Update Patches Two Exploited Zero-DaysThe flaws can be exploited to manipulate data and bypass security restrictions, potentially leading to code execution. The post Chrome 146 Update Patches Two Exploited Zero-Days appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarNine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container IsolationCybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees. The nine confused d…THEHACKERNEWS.COM
13 MarAuthorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 CountriesA court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud. "SocksEscort infected home and small business internet rou…THEHACKERNEWS.COM
13 MarAuthorities Shut Down Proxy Service Linked to Malware Campaign Targeting Thousands of UsersA coordinated international law enforcement operation successfully dismantled SocksEscort, a massive malicious residential proxy network. Led by the U.S. Justice Department alongside several European allies, the operation disrupted a sophisticated infrastructure that compromised …GBHACKERS.COM
13 MarStarbucks Data Breach Exposes Personal Data of Hundreds of UsersStarbucks Corporation recently disclosed a targeted cybersecurity incident that compromised the personal and financial information of 889 individuals. This internal platform is utilized by the company to manage human resources, employee benefits, and payroll details. While the nu…GBHACKERS.COM
13 MarStorm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise CredentialsA financially motivated threat actor tracked as Storm-2561 is running a credential theft campaign that abuses SEO poisoning and fake, signed VPN installers to steal enterprise VPN credentials. Active since May 2025, Storm-2561 continues to exploit user trust in search results, kn…GBHACKERS.COM
13 MarIran War Bait Fuels TA453, TA473 Phishing CampaignsTA453, TA473, and several emerging threat clusters are exploiting breaking news about the Iran war to run highly targeted phishing campaigns against governments and policy organizations across the Middle East and beyond. These operations blend traditional espionage with opportuni…GBHACKERS.COM
13 MarApple Releases Emergency iOS 15.8.7 Update to Block ‘Coruna’ Exploit KitApple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect users of older iPhones and iPads from a sophisticated threat known as the Coruna exploit kit. Released on March 11, 2026, this critical patch backports several major security fixes that we…GBHACKERS.COM
13 MarCritical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Full Root TakeoverA newly disclosed set of nine vulnerabilities, dubbed “CrackArmor,” has exposed a critical flaw in AppArmor, a foundational Linux security module. AppArmor serves as the default mandatory access control system for Ubuntu, Debian, SUSE, and numerous cloud platforms, th…GBHACKERS.COM
13 MarHybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mindI used to think hybrid incidents would get easier once we standardized on “one tool”: one monitoring platform, one ticketing system, one on-call process. After a few real outages, I changed my mind. Hybrid response fails at the seams between ownership models: on-prem teams, cloud…CSOONLINE.COM
13 MarStorm-2561 targets enterprise VPN users with SEO poisoning, fake clientsMicrosoft has warned enterprises that cybercriminal group Storm-2561 is hijacking search engine results to serve trojanized VPN clients, stealing corporate credentials, and then covering its tracks before victims suspect anything is wrong. The group pushes spoofed websites to the…CSOONLINE.COM
13 MarThe cyber perimeter was never dead. We just abandoned it.Industry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it. The FBI’s Win…CSOONLINE.COM
13 MarPolice sinkholes 45,000 IP addresses in cybercrime crackdownAn international law enforcement action codenamed "Operation Synergia III" has sinkholed tens of thousands of IP addresses and seized servers linked to cybercrime operations worldwide. [...]BLEEPINGCOMPUTER.COM
13 MarAI May Speed Zero-Day DiscoverySecurity researchers are seeing signs that zero-day exploits are becoming more common in real-world attacks. Some experts believe the shift may be tied to faster vulnerability discovery processes. AI tools aren’t magically generating exploits on demand. But they can help research…YOUTUBE.COM
13 MarIn Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime CrackdownOther noteworthy stories that might have slipped under the radar: Telus Digital data breach, vulnerabilities in Linux AppArmor allow root privileges, US defense contractor behind Coruna exploits. The post In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Cra…SECURITYWEEK.COM
13 MarStorm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal CredentialsMicrosoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to maliciou…THEHACKERNEWS.COM
13 MarINTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global CybercrimeINTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from…THEHACKERNEWS.COM
13 MarCyber criminals too are working from home… your homeThe FBI is so concerned about the threat of residential proxy attacks and the dangers posed by cyber criminals using the technique that it has posted guidance on its website . Residential proxies are used by cybercriminals to reroute traffic between individuals and the websites t…CSOONLINE.COM
13 MarMultiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. De…CISECURITY.ORG
📋 SECURITY BULLETINS 1[−]
13 MarMicrosoft: Windows 11 users can't access C: drive on some Samsung PCsMicrosoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 2[−]
🔥 INCIDENT REPORTING 9[−]
13 MarAI Agent Hacks McKinsey Chatbot in 2 HoursAI Agent Hacks McKinsey Chatbot in 2 Hours, NPM Phantom Raven, Router Malware & Trojaned AI Models This episode covers how researchers at CodeWall used an autonomous AI security agent to gain read/write access to McKinsey's internal chatbot Lilli database in about two hours by ch…CYBERSECURITYTODAY.LIBSYN.COM
13 MarFileless Remcos RAT Attack Uses JavaScript and PowerShell to Slip Past DetectionA recent Remcos RAT campaign showcases how commodity malware has fully embraced fileless, multi‑stage execution to bypass traditional defenses and remain stealthy on compromised Windows systems. Instead of dropping a static executable to disk, the operators rely on JavaScript, Po…GBHACKERS.COM
13 MarA React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)On Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because the accompanying credential stealing web page was dynamically constructed using Re…ISC.SANS.EDU
13 MarPsExec and Renamed Backup Tools Enabled Data Theft Before INC Ransomware AttackA ransomware intrusion in which attackers used legitimate Windows tools and a renamed backup utility to quietly stage and exfiltrate sensitive data before deploying INC ransomware. The incident highlights how threat actors increasingly rely on “living off the land” techniques to …GBHACKERS.COM
13 MarSix Packagist Packages Linked to Trojanized jQuery CampaignSix malicious OphimCMS themes on Packagist have been caught shipping trojanized jQuery and other JavaScript, exposing movie‑streaming sites and their visitors to redirects, URL exfiltration, and aggressive ad schemes tied to sanctioned FUNNULL infrastructure. Socket’s Threat Rese…GBHACKERS.COM
13 MarIran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During WarPro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war, raising the risk of American defense contractors, power stations and water plants. The post Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk…SECURITYWEEK.COM
13 MarStarbucks Data Breach Impacts EmployeesStarbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds. The post Starbucks Data Breach Impacts Employees appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarPoland's nuclear research centre targeted by cyberattackPoland's National Centre for Nuclear Research (NCBJ) says hackers targeted its IT infrastructure, but the attack was detected and blocked before causing any impact. [...]BLEEPINGCOMPUTER.COM
13 MarExposed: Bank Leak, Copilot Zero-Click, AI Agent Hijacks, Stryker Wipe & Josh Marpet - SWN #563This episode is all about trust getting abused at scale. We start with Chinese-nexus operators pivoting fast onto Qatar using conflict lures and familiar tradecraft. Then we hit banking, because they deserve it: Lloyds, Halifax, and Bank of Scotland customers seeing other people’…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 21[−]
13 MarISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 MarOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
13 MarMicrosoft Copilot Email and Teams Summarization Flaw Opens Door to Phishing AttacksArtificial intelligence assistants have transformed daily business operations, helping teams manage overflowing inboxes and summarize complex communications. Microsoft Copilot integrates directly into these workflows, pulling context from various Microsoft 365 applications to str…GBHACKERS.COM
13 MarAcademia and the “AI Brain Drain”In 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fund the building of physical infrastructure, such as data centers (see go.nature.…SCHNEIER.COM
13 MarBold Security Emerges From Stealth With $40 Million in FundingThe startup relies on AI to turn devices into active agents that understand users’ actions and provide protection in real time. The post Bold Security Emerges From Stealth With $40 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarGoogle Paid Out $17 Million in Bug Bounty Rewards in 2025Google paid over $3.7 million for Chrome vulnerabilities, and more than $3.5 million for cloud security defects. The post Google Paid Out $17 Million in Bug Bounty Rewards in 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarIran-Linked Hacker Attack on Stryker Disrupted Manufacturing and ShippingEvidence indicates that the attackers leveraged existing endpoint management software rather than malware to wipe devices. The post Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarOnyx Security Launches With $40 Million in FundingThe startup is building a control pane to help organizations oversee autonomous AI agents and rapidly adopt them. The post Onyx Security Launches With $40 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
13 MarEmail DLP: Everything You Need to KnowWhat is Email Data Loss Prevention (DLP)? Traditionally, email data loss prevention software has used static rules to stop users from emailing sensitive or confidential data. Specifically, email DLP protects organizations from accidentally exposing sensitive data such as bank acc…KNOWBE4.COM
13 MarAI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPPMenlo Park, California, USA, March 13th, 2026, CyberNewswire AI-HealthTech innovator Humata Health announced that it is partnering with AccuKnox, a leader in Code to Cognition Security, Zero Trust Cloud-Native Application Protection Platform (CNAPP), to streamline security for it…GBHACKERS.COM
13 MarFake enterprise VPN downloads used to steal company credentialsA threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. [...]BLEEPINGCOMPUTER.COM
13 Mar45,000 malicious IP addresses taken down in international cyber operationsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.interpol.int/News-and-Events/News/2026/45-000-malicious-IP-addresses-taken-down-in-international-cyber-operationINFOSEC.PUB
13 MarChinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun MalwareA suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers …THEHACKERNEWS.COM
13 MarSupply-chain attack using invisible code hits GitHub and other repositoriessubmitted by cm0002 to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2026/03/supply-chain-attack-using-invisible-code-hits-github-and-other-repositories/INFOSEC.PUB
13 MarFriday Squid Blogging: Increased Squid Population in the FalklandsSome good news : squid stocks seem to be recovering in the waters off the Falkland Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
13 MarAnthropic Refused Pentagon AI Request#nationalsecurityAI developers are increasingly working with government and defense organizations that want to deploy advanced models for operational use. In this discussion, Anthropic reportedly declined certain uses of its model Claude AI requested by the United States Departme…YOUTUBE.COM
13 MarCyberRisk TV Live Coverage from RSAC 2026 - Day 4CyberRisk TV is broadcasting live from RSAC Conference 2026 in San Francisco! Join us for exclusive interviews with cybersecurity leaders, actionable insights, and the latest thinking from practitioners shaping the future of modern cyber defense from the industry’s largest and mo…YOUTUBE.COM
13 MarCyberRisk TV Live Coverage from RSAC 2026 - Day 3CyberRisk TV is broadcasting live from RSAC Conference 2026 in San Francisco! Join us for exclusive interviews with cybersecurity leaders, actionable insights, and the latest thinking from practitioners shaping the future of modern cyber defense from the industry’s largest and mo…YOUTUBE.COM
13 MarCyberRisk TV Live Coverage from RSAC 2026 - Day 2CyberRisk TV is broadcasting live from RSAC Conference 2026 in San Francisco! Join us for exclusive interviews with cybersecurity leaders, actionable insights, and the latest thinking from practitioners shaping the future of modern cyber defense from the industry’s largest and mo…YOUTUBE.COM
13 MarCyberRisk TV Live Coverage from RSAC 2026 - Day 1CyberRisk TV is broadcasting live from RSAC Conference 2026 in San Francisco! Join us for exclusive interviews with cybersecurity leaders, actionable insights, and the latest thinking from practitioners shaping the future of modern cyber defense from the industry’s largest and mo…YOUTUBE.COM
13 MarRisky Biz Soap Box: It took a decade, but allowlisting is cool againIn this Soap Box edition of the Risky Business podcast Patrick Gray sits down with Airlock Digital co-founders Daniel Schell and David Cottingham to talk about the role AI models could play in managing enterprise allowlists. They also talk about the durability of allowlisting as …RISKY.BIZ
🌐 CYBER THREAT LANDSCAPE 3[−]
13 MarInvestigating a New Click-Fix VariantDisclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publicat…THEHACKERNEWS.COM
13 MarThe FBI is investigating malware hidden inside games hosted on SteamThe FBI believes a series of video games published on Steam in the last two years were embedded with malware by the same hacker.TECHCRUNCH.COM
13 MarFBI seeks victims of Steam games used to spread malwareThe FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 5[−]
13 MarFrom VMware to what’s next: Protecting data during hypervisor migrationHypervisor migrations can introduce hidden risks that threaten data availability and recovery. Acronis explains why verified backups and cross-platform recovery are essential during VMware transitions. [...]BLEEPINGCOMPUTER.COM
13 MarMicrosoft investigates classic Outlook sync and connection issues​Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. [...]BLEEPINGCOMPUTER.COM
13 MarMeta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the socia…THEHACKERNEWS.COM
13 MarFace value: What it takes to fool facial recognitionESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026WELIVESECURITY.COM
13 MarManaging Elastic Security Detection Rules with TerraformLearn to define and deploy Elastic Security detection rules and exceptions using the Elastic Stack Terraform Provider vs detection-rules repository DaC capabilities.ELASTIC.CO