118Articles
9Categories
2026-03-19Date
🚨 CISA KEV 2[−]
19 Mar KEVCISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning ListThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and organizations using the platform must apply the nece…GBHACKERS.COM
19 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserializa…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 37[−]
19 Mar KEVCISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vu…THEHACKERNEWS.COM
19 MarCVE-2026-23244 nvme: fix memory allocation in nvme_pr_read_keys()Information published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23243 RDMA/umad: Reject negative data_len in ib_umad_writeInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-3644 Incomplete control character validation in http.cookiesInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23247 tcp: secure_seq: add back ports to TS offsetInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflowInformation published.MSRC.MICROSOFT.COM
19 Mar KEVCISA Warns of Attacks Exploiting Recent SharePoint VulnerabilityThe SharePoint remote code execution vulnerability CVE-2026-20963, which Microsoft patched in January, has been exploited in the wild. The post CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarInterlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Accesssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/interlock-ransomware-exploits-cisco-fmc.htmlSH.ITJUST.WORKS
19 MarCritical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCEsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.htmlSH.ITJUST.WORKS
19 MarTelnet vulnerability opens door to remote code execution as rootA critical Telnet vulnerability with a CVSS rating of 9.8 enables attackers to take full control of affected systems before authentication even kicks in, security researchers at Dream Security have warned. Tracked as CVE-2026-32746, the vulnerability is in GNU inetutils telnetd, …CSOONLINE.COM
19 MarRansomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appearedOne of the world’s most active ransomware groups, Interlock, started exploiting a critical-rated Cisco firewall vulnerability as a zero day weeks before it was patched in early March, Amazon has revealed. The vulnerability in question is CVE-2026-20131 , a remotely exploitable de…CSOONLINE.COM
19 MarCVE-2026-32169 Azure Cloud Shell Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26139 Microsoft Purview Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26138 Microsoft Purview Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-32191 Microsoft Bing Images Remote Code Execution VulnerabilityImproper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-23658 Azure DevOps: msazure Elevation of Privilege VulnerabilityInsufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26120 Microsoft Bing Tampering VulnerabilityServer-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-23659 Azure Data Factory Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-24299 M365 Copilot Information Disclosure VulnerabilityImproper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26136 Microsoft Copilot Information Disclosure VulnerabilityImproper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26137 Microsoft 365 Copilot BizChat Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-32194 Microsoft Bing Images Remote Code Execution VulnerabilityImproper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
19 MarZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
19 MarZDI-26-220: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
19 MarZDI-26-219: GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
19 MarZDI-26-218: GIMP ANI File Parsing Integer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
19 MarZDI-26-217: GIMP PSD File Parsing Integer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
⚠️ VULNERABILITY DISCLOSURE 33[−]
19 MarInteresting Message Stored in Cowrie Logs, (Wed, Mar 18th)This activity was found and reported by BACS student Adam Thorman&#xc2&#x3b;&#xa0&#x3b;as part of one of his assignments which I posted his final paper &#x5b&#x3b; 1 &#x5d&#x3b; last week. This activity appeared to only have occurred on the…ISC.SANS.EDU
19 Mar KEVCisco Firewall Zero-Day Actively Exploited to Deliver Interlock RansomwareSecurity research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors c…GBHACKERS.COM
19 MarNew iOS Exploit Uses Advanced iPhone Hacking Tools to Steal Personal DataGoogle Threat Intelligence Group (GTIG) has uncovered a highly sophisticated iOS full-chain exploit dubbed DarkSword. Active since November 2025, this exploit leverages multiple zero-day vulnerabilities to compromise Apple devices running iOS 18.4 through 18.7 fully. DarkSword is…GBHACKERS.COM
19 MarScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack SessionsConnectWise has released a critical security update for its ScreenConnect remote desktop software to address a severe vulnerability that allows attackers to hijack user sessions. The flaw, which compromises the protection of server-level cryptographic material, prompted the compa…GBHACKERS.COM
19 MarAura Confirms Data Breach Exposing 900,000 Customer RecordsDigital security provider Aura has confirmed a data breach affecting approximately 900,000 user records following a targeted social engineering attack. The incident highlights the ongoing threat of sophisticated phishing campaigns aimed at bypassing technical defenses by exploiti…GBHACKERS.COM
19 MarAnthropic ban heralds new era of supply chain risk — with no clear playbookThe Trump administration’s decision to ban AI company Anthropic from Pentagon assets and other government systems as a “supply chain risk” could force CISOs into a position few have faced before: preparing to identify, isolate, and potentially remove a specific AI technology from…CSOONLINE.COM
19 MarCisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware AttacksAmazon found evidence that the FMC software vulnerability has been exploited since late January, and found links to Russia. The post Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarYour MFA isn’t broken — it’s being bypassed, and your employees can’t tell the differenceMulti-factor authentication was supposed to be the solution. For years, security teams have told employees that MFA would keep them safe. Password stolen? No problem — attackers still need that second factor. But adversary-in-the-middle (AiTM) phishing has changed everything. The…CSOONLINE.COM
19 MarHacking a Robot VacuumSomeone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that .SCHNEIER.COM
19 MarDarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device TakeoverA new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial s…THEHACKERNEWS.COM
19 MarCritical Microsoft SharePoint flaw now exploited in attacksA critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. [...]BLEEPINGCOMPUTER.COM
19 MarPyronut Package Backdoors Telegram Bots With RCEMalicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system.​ The malicious package , pyronut , was uploaded to PyPI as a fake alternative to pyr…GBHACKERS.COM
19 MarThe multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threatLast year, most businesses faced a cloud security incident. Here’s what stands out — it wasn’t sophisticated cybercriminals behind these events. Instead, basic errors opened the door. According to the Cloud Security Alliance’s 2024 report on risks in cloud computing , misconfigur…CSOONLINE.COM
19 MarCISA urges US orgs to secure Microsoft Intune systems after Stryker breachCISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker's systems. [...]BLEEPINGCOMPUTER.COM
19 MarClaude Vulnerabilities Allow Data Exfiltration and Malicious Redirect AttacksSecurity researchers recently uncovered a critical attack chain within Anthropic’s Claude.ai platform. Dubbed “Claudy Day,” this vulnerability sequence allows attackers to silently extract sensitive user data through prompt manipulation and malicious redirects. …GBHACKERS.COM
19 MarCISA orders feds to patch Zimbra XSS flaw exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/SH.ITJUST.WORKS
19 MarRussian APT Exploits Zimbra Vulnerability Against UkraineInsufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser. The post Russian APT Exploits Zimbra Vulnerability Against Ukraine appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarNew Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive DataCybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evo…THEHACKERNEWS.COM
19 Mar7 Ways to Prevent Privilege Escalation via Password ResetsPassword resets are often weaker than login security, making them a prime target for privilege escalation. Specops Software explains how attackers abuse reset workflows and how to secure them. [...]BLEEPINGCOMPUTER.COM
19 MarCybersecurity Responsibility Is ShiftingA new shift in cybersecurity policy is placing more responsibility on state and local governments instead of relying primarily on federal leadership. This creates a coordination challenge across government, private industry, and education. Local entities may lack the resources, e…YOUTUBE.COM
19 MarThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & MoreThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well …THEHACKERNEWS.COM
19 MarRussian hackers exploit Zimbra flaw in Ukrainian govt attacksHackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. [...]BLEEPINGCOMPUTER.COM
19 MarBeijing wants its own quantum-resistant encryption standards rather than adopt NIST’sChina is reportedly planning to develop its own national post-quantum cryptography standards within the next three years, even as most of the world has already begun migrating to those finalized by the US in 2024 . Post-quantum cryptography deals with algorithms that can protect …CSOONLINE.COM
19 MarCritical ScreenConnect Vulnerability Exposes Machine KeysLatest ScreenConnect version adds encrypted storage and management to prevent unauthorized access to machine keys. The post Critical ScreenConnect Vulnerability Exposes Machine Keys appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarPrivacy Platform Cloaked Raises $375M to Expand Consumer Tools and Enterprise ReachCloaked plans to introduce AI agents designed to act on behalf of users to monitor, manage, and enforce privacy preferences and security postures. The post Privacy Platform Cloaked Raises $375M to Expand Consumer Tools and Enterprise Reach appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarNews alert: SpyCloud study reveal stolen tokens, session data fuel surge in non-human identity attacksAUSTIN, Texas, Mar. 19, 2026, CyberNewswire — SpyCloud , the leader in identity threat protection, today released its annual 2026 Identity Exposure Report , one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the … (more…) …LASTWATCHDOG.COM
19 Mar KEVAnton’s Security Blog Quarterly Q1 2026My Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog , Google Cloud community blog , and our Cloud Security Podcast ( subscribe on Spotify, now with VIDEO ). Gemini image for this Top 10 posts with the most lifet…MEDIUM.COM
19 MarCISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian groupThe US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala. The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is …CSOONLINE.COM
19 MarThat cheap KVM device could expose your network to remote compromiseResearchers have found nine vulnerabilities in four popular low-cost KVM-over-IP devices, ranging from unauthenticated command injection to weak authentication defenses and insecure firmware updates. The flaws are particularly concerning given the growing presence of such devices…CSOONLINE.COM
19 MarSpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity TheftNew Report Highlights Surge in Exposed API Keys, Session Tokens, and Machine Identities, and more. SpyCloud , the leader in identity threat protection, today released its annual 2026 Identity Exposure Report , one of the most comprehensive analyses of stolen credentials and ident…CSOONLINE.COM
19 MarHacking IP KVMs & Reversing with Radare2 - Sergi Àlvarez - PSW #918In this episode, we sit down with the Radare community leader, Pancake, the creator of the Radare2 reverse engineering framework. Whether you’ve never heard of Radare, already use it daily, or are thinking about contributing to its development, this conversation will demystify wh…YOUTUBE.COM
19 MarBuilding an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware AnalysisSingle-tool LLM analysis produces reports that look authoritative but aren't. A serial consensus pipeline catches artifacts and hallucinations at source.SENTINELONE.COM
19 MarLinux & Cloud Detection Engineering - Getting Started with Defend for Containers (D4C)This technical resource provides a comprehensive walkthrough of Elastic’s Defend for Containers (D4C) integration, covering Kubernetes-based deployment, the analysis of BPF-enriched runtime telemetry, and the practical application of policy-driven security controls to monitor and…ELASTIC.CO
📢 SECURITY ADVISORIES 6[−]
19 Mar5 key priorities for your RSAC 2026 agendaRSA Conference 2026 arrives at a significant inflection point for the cybersecurity industry — one that will see its more than 43,000 attendees and 600-plus exhibitors navigating an agenda that has fundamentally shifted in character. For the first time, “AI” is not a track at RSA…CSOONLINE.COM
19 MarCISA Calls on Organizations to Strengthen Microsoft Intune Security After Stryker IncidentThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert calling on organizations to aggressively harden their endpoint management systems. Released on March 18, 2026, the critical warning follows a significant cyberattack against U.S.-based medical …GBHACKERS.COM
19 MarCISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devicesThe U.S. cybersecurity agency urged companies to prevent access to systems used for remotely managing their fleets of employee devices after hackers broke into a major U.S. medical tech giant and remotely wiped thousands of phones and computers.TECHCRUNCH.COM
🔥 INCIDENT REPORTING 11[−]
19 MarRaven Emerges From Stealth With $20 Million in FundingRaven’s platform observes applications at runtime to detect anomalous behavior and prevent cyberattacks. The post Raven Emerges From Stealth With $20 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarAura confirms data breach exposing 900,000 marketing contactssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/aura-confirms-data-breach-exposing-900-000-marketing-contacts/SH.ITJUST.WORKS
19 MarSecurity Firm Aura Discloses Data Breach Impacting 900,000 RecordsThe information was stolen from a marketing tool after an employee fell victim to a targeted phone phishing attack. The post Security Firm Aura Discloses Data Breach Impacting 900,000 Records appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarMarquis Data Breach Affects 672,000 IndividualsIt was previously estimated that more than 1.6 million people may be affected by the Marquis data breach. The post Marquis Data Breach Affects 672,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarFBI seizes pro-Iranian hacking group’s websites after destructive Stryker hackThe FBI and the Justice Department took down two websites linked to the pro-Iranian hacktivist group Handala, which last week hacked medical tech giant Stryker.TECHCRUNCH.COM
19 MarIran Readied Cyberattack Capabilities for Response Prior to Epic FuryAnalysis reveals a six-month buildup of Iran-linked cyber infrastructure, including US-based shell companies, designed to weather kinetic strikes and ensure the resilience of its global hacking operations. The post Iran Readied Cyberattack Capabilities for Response Prior to Epic …SECURITYWEEK.COM
19 MarFBI seizes Handala data leak site after Stryker cyberattackThe FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. [...]BLEEPINGCOMPUTER.COM
19 MarWhen tax season becomes cyberattack season: Phishing and malware campaigns using tax-related luresIn recent months, Microsoft Threat Intelligence identified email campaigns using lures around W-2, tax forms, or similar themes, or posing as government tax agencies, tax services firms, and relevant financial institutions, with many campaigns targeting individuals for personal a…MICROSOFT.COM
19 MarBitrefill blames North Korean Lazarus group for cyberattackCrypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. [...]BLEEPINGCOMPUTER.COM
19 Mar1stProtect Emerges From Stealth With $20 Million in FundingThe company’s endpoint security platform monitors behavior and verifies user intent to stop cyberattacks in real time. The post 1stProtect Emerges From Stealth With $20 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarMillions of iPhones can be hacked with a new tool found in the wildDarkSword, a powerful iPhone-hacking technique, has been discovered in use by Russian hackers.ARSTECHNICA.COM
🕵️ THREAT INTELLIGENCE 19[−]
19 MarISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 MarSnappyClient Implant Blends Remote Access, Data Theft, and Stealth EvasionA powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users.​ ThreatLabz first observed SnappyClient in December 2025, being deployed via the we…GBHACKERS.COM
19 MarWaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain AttackA North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the Moralis or Modilus clust…GBHACKERS.COM
19 MarIran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay NetworkA misconfigured open directory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a single actor stitched together a 15-node network across Iran and Finland using commodity tools and sloppy operational security. The disco…GBHACKERS.COM
19 MarOpen VSX Extension Delivers RAT and Stealer via GitHub DownloaderAn Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads as of March 17, 2026, contain…GBHACKERS.COM
19 MarResearchers disclose vulnerabilities in IP KVMs from four manufacturerssubmitted by Rekall_Incorporated to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2026/03/researchers-disclose-vulnerabilities-in-ip-kvms-from-4-manufacturers/ Internet-exposed devices that give BIOS-level access? What could possibly go wrong?SH.ITJUST.WORKS
19 MarHorabot Returns in Mexico, Spreading via Phishing and Email Worm AttacksHorabot has resurfaced in Mexico with a more complex, multi‑stage kill chain that blends fake CAPTCHA lures, living-off-the-land scripting, and an email worm‑style spreader to deliver a Latin American banking trojan. In this installment of the SOC Files series, our MDR team disse…GBHACKERS.COM
19 MarOpenWebUI Servers Targeted in Attacks Using AI Payloads to Steal DataA recent campaign has targeted improperly secured Open WebUI systems, allowing threat actors to deploy malicious artificial intelligence payloads. Open WebUI is a highly popular self-hosted interface designed to enhance large language models. Shodan scans reveal over 17,000 activ…GBHACKERS.COM
19 MarFake Tools and CDNs Power New “Vibe-Coded” Malware Campaign‘Vibe coding’ has moved from buzzword to battleground, and a new malware campaign shows how attackers are abusing AI-assisted development to scale their operations with minimal effort. Vibe coding, a term popularized in early 2025 to describe programming by prompting large langua…GBHACKERS.COM
19 MarConnectWise patches new flaw allowing ScreenConnect hijackingsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/connectwise-patches-new-flaw-allowing-screenconnect-hijacking/SH.ITJUST.WORKS
19 MarAverage Number of Daily API Attacks Up 113% Annually - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/average-number-daily-api-attacks/SH.ITJUST.WORKS
19 MarHacker Conversations: Ben Harris, from Unintentional Young Hacker to Intentional Adult CEOHarris is a hacker with a rebellious spirit and a willingness to break rules in the pursuit of his purpose – but without causing harm or damage. The post Hacker Conversations: Ben Harris, from Unintentional Young Hacker to Intentional Adult CEO appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarCISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026Austin, United States, March 19th, 2026, CyberNewswire Cybersecurity has entered a new phase, one defined less by reactive controls and more by continuous, intelligence-driven operations. As attack surfaces expand and adversaries increasingly leverage AI, the modern CISO is taske…GBHACKERS.COM
19 MarOasis Security Raises $120 Million for Agentic Access ManagementThe company will invest in R&D, product expansion across AI frameworks, and in scaling go-to-market and sales efforts. The post Oasis Security Raises $120 Million for Agentic Access Management appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarOur KnowBe4 Community Is One of Our Greatest StrengthsI am very proud of our customer community here at KnowBe4. It is a place where customers can discuss our products amongst each other and interface with KnowBe4’s developers and product managers.KNOWBE4.COM
19 MarNew tools and guidance: Announcing Zero Trust for AIMicrosoft introduces Zero Trust for AI, adding a new AI pillar to its workshop, enhanced reference architecture, updated guidance, and a new assessment tool. The post New tools and guidance: Announcing Zero Trust for AI appeared first on Microsoft Security Blog .MICROSOFT.COM
19 MarSecuring the Enterprise AI Ecosystem with ServiceNow and Prisma AIRSPrisma AIRS integrates with ServiceNow AI Control Tower for unified AI governance and real-time security. Accelerate your enterprise AI adoption securely. The post Securing the Enterprise AI Ecosystem with ServiceNow and Prisma AIRS appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
19 MarApp Stores Aren’t Actually SafeApplications distributed through official app stores can still contain vulnerabilities due to third-party libraries, excessive permissions, or insecure device environments. Relying solely on app store vetting creates a false sense of security. Weaknesses in dependencies or outdat…YOUTUBE.COM
19 MarPC MLA says hackers accessed and shared intimate images on his devicessubmitted by cm0002 to cybersecurity 4 points | 1 comments https://www.cbc.ca/news/canada/nova-scotia/pc-mla-rick-burns-hackers-blackmail-intimate-images-9.7134004INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 2[−]
19 MarNew ‘Perseus’ Android malware checks user notes for secretsA new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. [...]BLEEPINGCOMPUTER.COM
19 Mar2025 Year in Review: Malicious, InfrastructureExplore Insikt Group’s 2025 Malicious Infrastructure Report. Gain insights into Cobalt Strike, Vidar infostealers, and AI-driven threats to secure your 2026 strategy.RECORDEDFUTURE.COM
🎙️ PODCASTS 1[−]
19 MarSmashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple IDIn episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie cou…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 7[−]
19 MarIndonesianFoods Spam Campaign: 89 000 junk packages in npmThe IndonesianFoods campaign saw attackers flood the npm registry with junk packages. We explore how it works, and how to safeguard enterprise development.KASPERSKY.COM
19 MarHow Ceros Gives Security Teams Visibility and Control in Claude CodeSecurity teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is …THEHACKERNEWS.COM
19 MarMax severity Ubiquiti UniFi flaw may allow account takeoverUbiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts. [...]BLEEPINGCOMPUTER.COM
19 MarConsumer-focused privacy company Cloaked raises $375M as it expands to enterpriseCloaked's latest round is a mix of equity and growth funding.TECHCRUNCH.COM
19 MarCopyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key IndustriesWe look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques.TRENDMICRO.COM
19 MarEDR killers explained: Beyond the driversESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable driversWELIVESECURITY.COM
19 MarFrom Invitation to Infection: How SILENTCONNECT Delivers ScreenConnectSILENTCONNECT is a multi-stage loader that leverages VBScript, in-memory PowerShell execution, and PEB masquerading to silently deploy the ScreenConnect RMM tool.ELASTIC.CO