🚨 CISA KEV 2[−]
18 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector …CISA.GOV
18 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-20963 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for mal…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
18 MarCritical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, ca…THEHACKERNEWS.COM
18 MarFortiClient Hit by Severe SQL Injection Vulnerability Enabling Database IntrusionCybersecurity researchers have a detailed a critical security flaw in Fortinet’s FortiClient Enterprise Management Server (EMS). Tracked as CVE-2026-21643, this severe pre-authentication SQL injection vulnerability carries a near-maximum CVSS severity score of 9.1. It allows unau…GBHACKERS.COM
18 MarResearchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM AccessResearchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as “RegPwn”. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how Windows handles registry co…GBHACKERS.COM
18 MarNew Kubernetes NFS CSI Vulnerability Enables Unauthorized Directory Deletion and ChangesA newly disclosed security flaw in the Kubernetes Container Storage Interface (CSI) Driver for Network File System (NFS) exposes storage servers to unauthorized directory modification and deletion. Tracked as CVE-2026-3864 with a medium-severity CVSS v3.1 score of 6.5, this vulne…GBHACKERS.COM
18 MarApple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOSApple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigatio…THEHACKERNEWS.COM
18 MarCVE-2026-23241 audit: add missing syscalls to read classInformation published.MSRC.MICROSOFT.COM
18 MarCVE-2025-71239 audit: add fchmodat2() to change attributes classInformation published.MSRC.MICROSOFT.COM
18 MarUbuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing ExploitA high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible sy…THEHACKERNEWS.COM
18 MarUbuntu Desktop Vulnerability Lets Attackers Escalate Privileges to Full Root AccessThe Qualys Threat Research Unit (TRU) has disclosed a critical Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. Tracked as CVE-2026-3888, this high-severity flaw carries a CVSS v3.1 score of 7.8 and allows u…GBHACKERS.COM
18 MarCritical Telnetd Vulnerability Enables Remote Code Execution AttacksA critical buffer overflow vulnerability has been discovered in the GNU InetUtils telnetd daemon. Tracked as CVE-2026-32746, the flaw carries a maximum CVSS 3.1 score of 9.8 and allows unauthenticated attackers to execute arbitrary code with root privileges. There is no confirmed…GBHACKERS.COM
18 MarInterlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root AccessAmazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of …THEHACKERNEWS.COM
18 MarThe Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsIntroduction Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at l…CLOUD.GOOGLE.COM
18 MarAmazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewallsAmazon threat intelligence has identified an active Interlock ransomware campaign exploiting CVE-2026-20131, a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software that could allow an unauthenticated, remote attacker to execute arbitrary Java code as r…AWS.AMAZON.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
18 MarAnother Medicat Device Firm HitMedical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrat…CYBERSECURITYTODAY.LIBSYN.COM
18 MarAWS Bedrock AgentCore Sandbox Bypass Enables Stealthy C2 and Data ExfiltrationA newly disclosed vulnerability in AWS Bedrock AgentCore Code Interpreter allows threat actors to bypass network isolation and establish stealthy command-and-control (C2) channels. AWS originally advertised this mode as providing complete isolation without external access, resear…GBHACKERS.COM
18 MarFake Telegram Download Site Delivers Stealthy In-Memory Malware LoaderA newly discovered malware campaign is exploiting user trust in Telegram by distributing a trojanized installer through a typosquatted website, telegrgam[.]com. The site closely mimics the official Telegram download portal and delivers a malicious executable named tsetup-x64.6.ex…GBHACKERS.COM
18 MarCISOs rethink their data protection strategiesScott Kopcha witnessed what CISOs everywhere are seeing: employees eager to use artificial intelligence, whether through public models or custom AI tools, accessing company data at a breathtaking rate and volume. Kopcha already had a mature data protection strategy in place; as a…CSOONLINE.COM
18 MarAura - 903,080 breached accountsIn March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses . The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included n…HAVEIBEENPWNED.COM
18 MarFrom Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFANot every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate wi…TRENDMICRO.COM
18 MarCybersecurity and privacy priorities for 2026: The legal risk mapEscalating cybersecurity threats and growing privacy concerns lurk around every corner these days. Evolving technology and mounting regulations continue to present both the perils and solutions. All players — public and private, organizations and individuals alike — are to conque…CSOONLINE.COM
18 MarClickFix treibt neue Infostealer-Kampagnen anClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten. Gorodenkoff | shutterstock.com Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Be…CSOONLINE.COM
18 MarCan you prove the person on the other side is real?In my role, I spend a lot of time thinking about what “trust” means when money, grief and identity collide. By 2026, the real competition in our space won’t be who automates fastest or offers the most AI features. It will be who can still tell a legitimate executor, beneficiary o…CSOONLINE.COM
18 MarResearcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchMeta does not plan on fixing the vulnerability because it involves the use of a modified client application. The post Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarForceMemo Hijacks GitHub Accounts, Backdoors Python ReposForceMemo is an active software supply‑chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force‑pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen‑token ecosystem and uses the Solana blockchain as a resilient …GBHACKERS.COM
18 MarReco targets AI agent blind spots with new security capabilitySaaS security platform Reco has decided to address the “agent sprawl” challenge from the increased adoption of AI-driven tools by enterprises. It argues that enterprises are faced with a security situation as numerous autonomous agents now traverse multiple systems, accessing sen…CSOONLINE.COM
18 MarApple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass AttacksApple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mechanism on March 17, 2026, th…GBHACKERS.COM
18 MarCrypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/crypto-platform-accuses-north-korea-hackSH.ITJUST.WORKS
18 MarThe Refund Fraud Economy: Exploiting Major Retailers and Payment PlatformsRefund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. [...]BLEEPINGCOMPUTER.COM
18 MarNew “Darksword” iOS exploit used in infostealer attack on iPhonesA new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. [...]BLEEPINGCOMPUTER.COM
18 Mar‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware VendorsTargeting six iOS vulnerabilities and leading to full device compromise, the exploit chain is meant for surveillance. The post ‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarRansomware gang exploits Cisco flaw in zero-day attacks since JanuaryThe Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January. [...]BLEEPINGCOMPUTER.COM
18 MarAI Reinforces Your BiasAI systems can pick up on user language and reinforce it throughout a conversation. Even casual framing—like praising a coding technique—can influence responses and steer the model toward agreement. This creates a subtle but serious risk: AI may present biased or incorrect ideas …YOUTUBE.COM
18 MarConnectWise patches new flaw allowing ScreenConnect hijackingConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. [...]BLEEPINGCOMPUTER.COM
18 MarShipping-Themed Phishing Scams Target the Middle East and AfricaA surge in shipping-related phishing scams is targeting the Middle East and Africa (MEA) region, according to researchers at Group-IB.KNOWBE4.COM
18 MarThe Collapse of Predictive Security in the Age of Machine-Speed AttacksWith exploitation of vulnerabilities taking just days, preemptive security must be the new model for defenders. The post The Collapse of Predictive Security in the Age of Machine-Speed Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
18 Mar KEVCISA orders feds to patch Zimbra XSS flaw exploited in attacksCISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). [...]BLEEPINGCOMPUTER.COM
18 MarCISA Urges Endpoint Management System Hardening After Cyberattack Against US OrganizationCISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment. 1 To defend against similar ma…CISA.GOV
📋 SECURITY BULLETINS 1[−]
18 MarApple Debuts Background Security Improvements With Fresh WebKit PatchesThe lightweight updates are meant to deliver security protections between security updates. The post Apple Debuts Background Security Improvements With Fresh WebKit Patches appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 11[−]
🔥 INCIDENT REPORTING 10[−]
18 MarMicrosoft Teams-Based Vishing Attack Tricks Victims Into Quick Assist TakeoverThreat actors are increasingly relying on social engineering rather than complex software vulnerabilities to breach corporate networks. In November 2025, Microsoft’s Detection and Response Team (DART) investigated a notable identity-first intrusion where attackers successfully us…GBHACKERS.COM
18 MarLeakNet boosts ransomware with ClickFix lures, stealthy Deno loaderLeakNet is scaling its ransomware operation by pairing mass-market ClickFix lures with a stealthy Deno-based loader that executes almost entirely in memory, shrinking the window for defenders to intervene. Ransomware operator LeakNet is currently averaging around three victims pe…GBHACKERS.COM
18 MarLess Lucrative Ransomware Market Makes Attackers Alter Methodssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/threat-intelligence/less-lucrative-ransomware-market-makes-attackers-alter-methodsSH.ITJUST.WORKS
18 Mar9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four VendorsCybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span four different produ…THEHACKERNEWS.COM
18 MarIranian Hackers Likely Used Malware-Stolen Credentials in Stryker BreachThe medtech giant has been working on restoring systems affected by the cyberattack conducted by the Handala hackers. The post Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarRobotic Surgery Giant Intuitive Discloses Cyberattack - SecurityWeeksubmitted by kid to cybersecurity 3 points | 0 comments https://www.securityweek.com/robotic-surgery-giant-intuitive-discloses-cyberattack/SH.ITJUST.WORKS
18 MarShadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesFrom Chaos to Control examines the chaos that often comes from shadow AI hidden in SaaS apps and urges better visibility and control over agentic AI. The post Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarMarquis says over 672,000 people had personal and financial data stolen in ransomware attackFintech company Marquis is notifying hundreds of thousands of people that hackers stole their personal and financial information, including their Social Security numbers.TECHCRUNCH.COM
18 MarMarquis: Ransomware gang stole data of 672K people in cyberattackMarquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. [...]BLEEPINGCOMPUTER.COM
18 MarAura confirms data breach exposing 900,000 marketing contactsIdentity protection company Aura has confirmed that an authorized party gained access to nearly 900,000 customer records containing names and email addresses. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 28[−]
18 MarNews alert: GitGuardian study shows AI coding tools double leak rates as 29M credentials hit GitHubNEW YORK, Mar.17, 2026, CyberNewswire — GitGuardian, the security leader behind GitHub’s most installed application, today released the 5th edition of its “State of Secrets Sprawl” report, documenting how mainstream AI adoption in 2025 reshaped software delivery and acceler…LASTWATCHDOG.COM
18 MarNews alert: Orchid Security brings Zero-Trust to AI Agent identities, earns Gartner recognitionNEW YORK, Mar. 17, 2026, CyberNewswire — Orchid Security , the company bringing clarity and control to the complexity of enterprise identity, today announced it has been recognized as a Representative Vendor in Gartner’s Market Guide for Guardian Agents , … (more…) The post…LASTWATCHDOG.COM
18 MarJudicial Targets Hit by COVERT RAT via Court Docs and GitHub PayloadsAttackers are abusing fake court documents and GitHub‑hosted payloads in a focused spear‑phishing campaign that deploys a stealthy Rust‑based COVERT RAT against Argentina’s judicial sector. This operation chains Windows LNK shortcuts, BAT loaders, and PowerShell to quietly fetch …GBHACKERS.COM
18 MarBoggy Serpens Hits Diplomats, Critical Infrastructure in Espionage WavesBoggy Serpens, also known as MuddyWater, has escalated its cyberespionage operations over the past year, focusing on diplomats and critical infrastructure organizations in a coordinated, multi-wave campaign. Boggy Serpens has moved beyond its earlier noisy, high-volume phishing s…GBHACKERS.COM
18 MarVidar Stealer 2.0 Spreads via Fake Game Cheats Shared on GitHub and RedditLarge‑scale campaigns abusing GitHub and Reddit to spread Vidar Stealer 2.0 through fake “free game cheats,” targeting players of popular online titles across the board. The operation shows how the takedown of other infostealers has shifted criminal demand toward Vidar, while gam…GBHACKERS.COM
18 MarLanguage of the Board as CISO-Board Time Falls Short and CISOs Struggle with Risk - BSW #439Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable? Ben Wilc…YOUTUBE.COM
18 MarIran Cyber Ops Merge With PsyOps and EW Amid Escalating ConflictA new phase of the Iran war is unfolding in which ballistic missiles, drones, electronic warfare, and cyber operations are being deployed in parallel, with cyber activity increasingly tied to kinetic targeting, damage assessment, and strategic messaging. Iran’s leadership has fra…GBHACKERS.COM
18 MarOpenAI Introduces GPT-5.4 Mini and Nano for Faster, Lightweight AI PerformanceOpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, introducing high-efficiency models optimized for automated workflows, coding subagents, and latency-sensitive deployments. These models are designed to reduce application programming interface (API) overhead while main…GBHACKERS.COM
18 MarBSI moniert Software-Sicherheit im GesundheitswesenSchwachstellen bei Praxisverwaltungssystemen hätten zu Cyberangriffen führen können. Khakimullin Aleksandr – shutterstock.com Das Bundesamt für Sicherheit in der Informationstechnik (BSI) mahnt einen besseren Schutz sensibler Gesundheitsdaten in Computer-Anwendungen von Arztpraxe…CSOONLINE.COM
18 MarMeta’s AI Glasses and PrivacySurprising no one, Meta’s new AI glasses are a privacy disaster . I’m not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby.SCHNEIER.COM
18 MarISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 MarAndroid OS-Level Attack Bypasses Mobile Payment Security - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/android-attack-bypasses-payment/SH.ITJUST.WORKS
18 MarHackers Target Cybersecurity Firm Outpost24 in 7-Stage Phishsubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/hackers-target-cybersecurity-firm-outpost24-phishSH.ITJUST.WORKS
18 MarCursorJack’ Attack Path Exposes Code Execution Risk in AI Development - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/cursor-jack-attack-path-ai/SH.ITJUST.WORKS
18 MarUIDAI Introduces Bug Bounty Program to Strengthen Aadhaar DefensesThe Unique Identification Authority of India (UIDAI) has officially launched its first structured bug bounty program to fortify the Aadhaar system. As the foundation of a massive national identity database, securing Aadhaar requires continuous innovation and rigorous testing. Thi…GBHACKERS.COM
18 MarScans for "adminer", (Wed, Mar 18th)A very popular target of attackers scanning our honeypots is "phpmyadmin". phpMyAdmin is a script first released in the late 90s, before many security concepts had&#;x26;#;xc2;&#;x26;#;xa0;been discovered. It&#;x26&…ISC.SANS.EDU
18 MarFancyBear Server Leak Exposes Stolen Credentials, 2FA Secrets, NATO TargetsFancyBear’s latest operational security failure has exposed a live Russian espionage server packed with stolen credentials, 2FA secrets, and detailed insight into the ongoing targeting of European government and military networks. The exposed infrastructure, tied to APT28/FancyBe…GBHACKERS.COM
18 MarManifold Raises $8 Million for AI Detection and ResponseFocused on securing autonomous AI on endpoints, the startup will invest in product development. The post Manifold Raises $8 Million for AI Detection and Response appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarThe Lost Art of BIABusiness impact analysis (BIA) used to be a routine part of security and risk planning. According to Ben Wilcox, that discipline is fading, especially after COVID, as teams focus more on speed and delivery than operational resilience. Without understanding business impact, securi…YOUTUBE.COM
18 MarRussians caught stealing personal data from Ukrainians with new advanced iPhone hacking toolsA suspected group of Russian government hackers was caught targeting Ukrainians with new iPhone hacking tools designed for espionage and potentially to steal crypto.TECHCRUNCH.COM
18 MarVirtual Summit Today: Supply Chain & Third-Party Risk SummitCyber risk doesn’t stop at your perimeter. Today’s most dangerous threats could be hiding in your software supply chain. The post Virtual Summit Today: Supply Chain & Third-Party Risk Summit appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarEU Sanctions Chinese, Iranian Firms Supporting Hacking OperationsThe sanctions target two Chinese individuals, two Chinese companies, and one Iranian firm involved in hacking EU member states. The post EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarCloud Security Startup Native Exits Stealth With $42 Million in FundingPhil Venables, former CISO of Google Cloud and now a venture partner at Ballistic Ventures, has joined Native’s board of directors. The post Cloud Security Startup Native Exits Stealth With $42 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarObservability for AI Systems: Strengthening visibility for proactive risk detectionAs AI systems grow more autonomous, observability becomes essential. Learn how visibility into AI behavior helps detect risk and strengthen secure development. The post Observability for AI Systems: Strengthening visibility for proactive risk detection appeared first on Microsoft…MICROSOFT.COM
18 MarOFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote JobsThe U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses…THEHACKERNEWS.COM
18 MarAutonomous Offensive Security Firm XBOW Raises $120M at $1B+ ValuationThe company has developed an AI-powered platform that autonomously discovers and validates software vulnerabilities. The post Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarWho Really Owns AI DecisionsAI doesn’t sit in one department. It impacts security, technology, and business operations at the same time. This shifts the conversation from “who owns AI” to “who owns the decisions around AI.” Creating a Chief AI Officer (CAIO) may turn into a coordination role rather than tru…YOUTUBE.COM
18 MarHow NextWave’s Evolution Drives Shared SuccessPalo Alto Networks evolves the NextWave Partner Program. Discover new incentives and a framework of Access, Commitment and Profitability drive success. The post How NextWave’s Evolution Drives Shared Success appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
🎙️ PODCASTS 1[−]
18 MarRisky Business #829 -- Sneaky lobsters: Why AI is the new insider threatOn this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They discuss: Iran’s Intune-based wiper attack on medical device maker Stryker Qihoo 360’s AI publishes its own wildcard TLS cert private key Instagram is canning its end-to-en…RISKY.BIZ
📡 INFOSEC NEWS 8[−]
18 MarWeekly Threat Bulletin – March 18th, 2026These are the top threats you should know about this week.F5.COM
18 MarWhy East-West Visibility Matters for Grid SecurityLearn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid infrastructure and critical OT networks.TRENDMICRO.COM
18 MarProduct Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown JewelsSecurity teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context: Q: Which exposures, misconfigurations, and vulnerabilities ch…THEHACKERNEWS.COM
18 MarClaude Code Security and Magecart: Getting the Threat Model RightWhen a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical …THEHACKERNEWS.COM
18 MarNordstrom's email system abused to send crypto scams to customersCustomers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick's Day promotion. [...]BLEEPINGCOMPUTER.COM
18 MarFBI is buying location data to track US citizens, director confirmsFBI director Kash Patel told lawmakers that the agency is actively purchasing commercially available location data, which can track Americans without needing a warrant.TECHCRUNCH.COM
18 MarProofpoint Pursues FedRAMP High Authorization Process for Collaboration SecurityPROOFPOINT.COM
18 MarThe SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in MexicoKaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt for this threat.SECURELIST.COM