124Articles
8Categories
2026-03-25Date
🚨 CISA KEV 1[−]
25 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33017 Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses s…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 35[−]
25 MarCVE-2026-3549 ECH parsing heap buffer overflowInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds readInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH ConfigInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3229 Integer Overflow in Certificate Chain AllocationInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARMInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSLInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2025-69720Information published.MSRC.MICROSOFT.COM
25 MarCVE-2026-33228 flatted: Prototype Pollution via parse()Information published.MSRC.MICROSOFT.COM
25 MarCVE-2026-4519 webbrowser.open() allows leading dashes in URLsInformation published.MSRC.MICROSOFT.COM
25 MarF5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 FileF5 has disclosed a high-severity vulnerability (CVE-2026-32647) in the NGINX ngx_http_mp4_module that allows attackers execute arbitrary code or cause a denial-of-service (DoS) using crafted MP4 files. This flaw impacts NGINX Plus and NGINX Open Source deployments where the MP4 s…GBHACKERS.COM
25 MarGoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry CompromiseA critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnerability stems from hardcoded default credentials that remain active unless manually altered by an administrator. Harbo…GBHACKERS.COM
25 MarChained vulnerabilities in Cisco Catalyst switches could induce denial-of-serviceCisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be chained to cause a denial-of-service outage, infrastructure security company Opswat has revealed. The two most operationally significant are CVE-2026-20114 a…CSOONLINE.COM
25 MarNew critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expertA new critical vulnerability that is similar to the widely-exploited CitrixBleed and CitrixBleed2 holes should be patched in NetScaler devices immediately, say experts. The hole, CVE-2026-3055 , is an out-of-bounds read vulnerability in customer-managed NetScaler ADC and NetScale…CSOONLINE.COM
25 MarSecurity for AI: A guide to managing the risks of vibe coding and AI in software developmentGet a template for an AI coding acceptable use policy with security controls and a list of 25 security questions to ask software developers and “citizen developers” about their AI use. Mitigate the security risks of vibe coding and using AI in software development with Tenable On…TENABLE.COM
⚠️ VULNERABILITY DISCLOSURE 25[−]
25 MarAqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software IntegrityA sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive crede…GBHACKERS.COM
25 MarHackerOne Confirms Employee Data Stolen Following Linked Navia HackHackerOne, a leading vulnerability coordination and bug bounty platform, has officially confirmed a data breach impacting its employees. The security incident did not occur directly on HackerOne’s internal network or infrastructure. Instead, the sensitive data was exposed t…GBHACKERS.COM
25 MarCompromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS HacksSecurity researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPC…GBHACKERS.COM
25 MarAI is breaking traditional security models — Here’s where they fail firstTraditionally, enterprise security operating models operated a fixed and regular cycle: Findings surfaced through periodic scans, security teams triaged results and remediation followed through ticket-based workflows. It was almost an SOP of sorts; the accountability existed, but…CSOONLINE.COM
25 MarSay Easy, Do Hard - Crypto-Agility - BSW #440With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum security migration today. Easier said than done. In this Sa…YOUTUBE.COM
25 Mar6 key trends reshaping the IAM marketThe identity and access management (IAM) market has shifted its focus from traditional “login and MFA” mechanisms toward treating identity as a security control plane. Buyers are prioritizing phishing-resistant authentication, including passkeys, and the management of non-human i…CSOONLINE.COM
25 MarClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top SkillSilverfort researchers recently uncovered a critical security flaw in ClawHub, the main public registry for the OpenClaw agent ecosystem. This vulnerability allowed attackers to artificially boost download numbers, pushing malicious code to the top of the search results. This cre…GBHACKERS.COM
25 MarHackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account AccessA critical vulnerability dubbed “PolyShell” is actively being exploited across Magento and Adobe Commerce platforms. Discovered by the Sansec Forensics Team and published on March 17, 2026, this flaw allows unauthenticated attackers to upload executable files via the …GBHACKERS.COM
25 MarPyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentialsPyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware for large language models, LiteLLM, were briefly published. “Anyone who has installed and run the project should assume any …CSOONLINE.COM
25 MarPTC warns of imminent threat from critical Windchill, FlexPLM RCE bugsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/ptc-warns-of-imminent-threat-from-critical-windchill-flexplm-rce-bug/SH.ITJUST.WORKS
25 MarTrivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion waveWhat started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised. Charles Carmakal, CTO of Mandiant Consulting, made the assessment at a Google-hos…CSOONLINE.COM
25 MarThe Kill Chain Is Obsolete When Your AI Agent Is the ThreatIn September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code…THEHACKERNEWS.COM
25 MarVulnMCP 1.0.0 releasedsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2026/03/25/vulnmcp-1-0-0/INFOSEC.PUB
25 MarSecurity for the Quantum Era: Implementing Post-Quantum Cryptography in AndroidPosted by Eric Lynch, Product Manager, Android and Dom Elliot, Group Product Manager, Google Play Modern digital security is at a turning point. We are on the threshold of using quantum computers to solve "impossible" problems in drug discovery, materials science, and energy—task…SECURITY.GOOGLEBLOG.COM
25 MarCitrix urges admins to patch NetScaler flaws as soon as possibleCitrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. [...]BLEEPINGCOMPUTER.COM
25 MarTrojanization of Trivy, Checkmarx, and LiteLLM solutions | Kaspersky official blogHow Trivy and CheckMarx open-source solutions became the starting point for a massive TeamPCP attack on other applications, and what organizations using them should do.KASPERSKY.COM
25 MarLeakBase Admin Arrested in Russia Over Massive Stolen Credential MarketplaceThe alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Ta…THEHACKERNEWS.COM
25 MarMatrix forensic toolset for tracing membership eventssubmitted by nemesis3856 to cybersecurity 1 points | 0 comments Source code and details: github.com/umutatalar/Sherlocked Overview Sherlocked is a two-tool forensic suite for Matrix investigators. Given a target MXID, it locates m.room.member invite events across rooms and spaces…SH.ITJUST.WORKS
25 MarWhy Your Human Risk Management Strategy Can’t Ignore AIAI isn’t just another technology wave—it’s a force multiplier for both innovation and risk. In a recent webinar featuring insights from Bryan Palma and guest speaker Jinan Budge, Vice President and Research Director at Forrester, one message came through clearly: the rise of AI a…KNOWBE4.COM
25 MarApple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)Apple released the next version of its operating system, patching 85 different vulnerabilities across all of them. None of the vulnerabilities are currently being exploited. The last three macOS "generations" are covered, as are the last two versions of iOS/iPadOS. For tvOS, watc…ISC.SANS.EDU
25 MarPolyShell attacks target 56% of all vulnerable Magento storesAttacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. [...]BLEEPINGCOMPUTER.COM
25 MarGitHub adds AI-powered bug detection to expand security coverageGitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. [...]BLEEPINGCOMPUTER.COM
25 MarClickFix Campaigns Targeting Windows and macOSInsikt Group reveals five ClickFix social engineering clusters (QuickBooks, Booking.com, Birdeye) targeting Windows and macOS. Learn how threat actors exploit native system tools with malicious, obfuscated commands to gain initial access, and get key mitigations for defenseRECORDEDFUTURE.COM
25 MarTry our new dimensional analysis Claude pluginWe’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post . Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a…TRAILOFBITS.COM
25 MarRisky Business #830 -- LiteLLM and security scanner supply chains compromisedOn this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through: TeamPCP’s supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?! Anthropic hooks up its models to just… use your whole comput…RISKY.BIZ
📢 SECURITY ADVISORIES 10[−]
25 MarSen. Wyden Warns of Another Section 702 AbuseSen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the co…SCHNEIER.COM
25 MarDutch Finance Ministry probing cyber breach affecting internal systems | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/netherlands-finance-ministry-cyberattack-breachSH.ITJUST.WORKS
25 MarRussia arrests alleged owner of cybercrime forum LeakBase, report saysRussian state-owned media reported that police in Russia arrested the administrator of LeakBase, a large hacking forum.TECHCRUNCH.COM
25 MarConvicted spyware chief hints that Greece’s government was behind dozens of phone hacksThe spyware founder's comments are the most direct suggestion yet from anyone inside Intellexa that the Mitsotakis government authorized the hacking of dozens of phones belonging to senior Greek government ministers, opposition leaders, military officials, and journalists.TECHCRUNCH.COM
🔥 INCIDENT REPORTING 14[−]
25 MarFive Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via TelegramFive malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directly to a hardcoded Telegram bot. Each package typosquats or wraps a legitimate crypto library and funnels stolen private keys…GBHACKERS.COM
25 MarHackerOne Employee Data Exposed in Massive Navia BreachThe cybersecurity firm said the personal information of hundreds of employees was stolen in the hacker attack targeting Navia. The post HackerOne Employee Data Exposed in Massive Navia Breach appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarManager of botnet used in ransomware attacks gets 2 years in prisonA Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. [...]BLEEPINGCOMPUTER.COM
25 MarNew Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 HoursNew research is shedding light on how infostealer malware turns a single careless click into full-blown credential exposure on dark web marketplaces in less than 48 hours far faster than traditional breach detection timelines. Unlike database breaches that take weeks or months to…GBHACKERS.COM
25 MarUS Prisons Russian Access Broker for Aiding Ransomware AttacksAleksei Volkov has been sentenced to 81 months in prison for his role in Yanluowang ransomware attacks. The post US Prisons Russian Access Broker for Aiding Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarSmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RATA recent SmartApeSG campaign observed on March 24, 2026, highlights the growing sophistication of ClickFix-based attack chains, which deliver multiple remote access trojans (RATs) and information stealers through a staged infection process. The infection begins with the ClickFix …GBHACKERS.COM
25 MarLinux Ransomware Pay2Key Targets Servers, Virtualization Hosts, and Cloud WorkloadsLinux-focused ransomware Pay2Key is actively targeting enterprise servers, VMware ESXi virtualization hosts, and cloud workloads, underscoring how far Linux ransomware has evolved beyond simple file lockers. Originally known for fast, human-operated Windows intrusions against Isr…GBHACKERS.COM
25 MarFrom Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPIThe hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared first on SecurityWeek .SECURITYWEEK.COM
25 Mar3.1 Million Impacted by QualDerm Data Breach - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/3-1-million-impacted-by-qualderm-data-breach/SH.ITJUST.WORKS
25 MarRussian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware AttacksThe U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the…THEHACKERNEWS.COM
25 MarWhen Encryption Suddenly FailsCryptographic algorithms can become vulnerable over time, requiring organizations to replace them quickly. Without a clear inventory of where encryption is used, organizations may struggle to respond when an algorithm is compromised. Crypto agility ensures that teams can locate a…YOUTUBE.COM
25 MarIdentity security is the new pressure point for modern cyberattacksRead the latest Microsoft Secure Access report for insights into why a unified identity and access strategy offers strong modern protection. The post Identity security is the new pressure point for modern cyberattacks appeared first on Microsoft Security Blog .MICROSOFT.COM
25 MarYour AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI BreachLitellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps.TRENDMICRO.COM
25 MarAnatomy of a Cyber World Global Report 2026The Kaspersky Security Services report describes cyberattack trends and statistics revealed by the Managed Detection and Response service. The report also includes Incident Response findings based on real-world cases identified and mitigated in 2025.SECURELIST.COM
🕵️ THREAT INTELLIGENCE 26[−]
25 MarGuidance for detecting, investigating, and defending against the Trivy supply chain compromiseThreat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker techniques, and concrete steps security teams can take to detect and defend again…MICROSOFT.COM
25 MarISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
25 MarRSAC Presenter Says "Time to Kill One of Cybersecurity's Most Overworked Terms"RSAC: Retiring "APT," FCC's US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky's argument to retire the overused "advanced persistent threat" label and instead d…CYBERSECURITYTODAY.LIBSYN.COM
25 MarGoogle Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack VectorsGoogle’s passkey ecosystem quietly depends on a powerful cloud-side component that changes where “passwordless trust” actually lives and that shift could open new avenues for account takeover in the real world. Most passkey discussions focus on WebAuthn and FIDO specs, but attack…GBHACKERS.COM
25 MarFCC Blocks New Foreign Consumer Router Models Citing Serious Security RisksOn March 23, 2026, the Federal Communications Commission (FCC) officially updated its Covered List to ban all new consumer-grade routers produced in foreign countries from receiving equipment authorisation. This regulatory action, driven by a White House-convened Executive Branch…GBHACKERS.COM
25 MarKali Linux 2026.1 Launches With 8 New Hacking Tools for Penetration TestersOffensive Security has officially released Kali Linux 2026.1, marking the first major update of the year for the popular penetration testing distribution. Building on the foundation of the 2025.4 release, this new version introduces a comprehensive visual refresh, a nostalgic ann…GBHACKERS.COM
25 MarAI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub ReposA large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 delivery packages and uses AI-as…GBHACKERS.COM
25 MarCheckmarx KICS Code Scanner Targeted in Widening Supply Chain Hitsubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/application-security/checkmarx-kics-code-scanner-widening-supply-chainSH.ITJUST.WORKS
25 MarCitrix Urges Immediate Patching for Critical NetScaler Vulnerabilities - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/citrix-patch-netscaler/SH.ITJUST.WORKS
25 MarMozilla Releases Firefox 149.0 With Free Built‑In VPN Offering 50 GB Monthly DataMozilla released Firefox 149.0 to the Release channel, bringing a significant set of privacy and security enhancements to the browser. The standout feature of this update is the integration of a free, built-in VPN designed to protect users on public networks and secure sensitive …GBHACKERS.COM
25 MarRSAC 2026 Conference Announcements Summary (Day 2)A summary of the announcements made by vendors on the second day of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Day 2) appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarMirai Botnets Evolve Into Major DDoS and Proxy Abuse ThreatsMirai-based botnets have evolved from simple IoT malware into large-scale DDoS and proxy abuse platforms that now underpin record-breaking attacks and stealthy cybercrime operations. In total, over 21,000 C2 servers were observed between July and December 2025, with a notable shi…GBHACKERS.COM
25 MarFCC Bans New Routers Made Outside the US Over National Security RisksThe ban aligns with a White House determination that all routers produced abroad are a threat to national security. The post FCC Bans New Routers Made Outside the US Over National Security Risks appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarObfuscated VBS and PNG Loaders Power New Open Directory Malware Campaign with RAT PayloadsA sophisticated, multi-stage delivery framework leveraging obfuscated Visual Basic Script (VBS) files, fileless PowerShell loaders, and payloads hidden within PNG images. The activity was initially detected by LevelBlue’s Managed Detection and Response (MDR) SOC through a Sentine…GBHACKERS.COM
25 MariOS, macOS 26.4 Roll Out With Fresh Security PatchesApple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. The post iOS, macOS 26.4 Roll Out With Fresh Security Patches appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarChina-Backed Hackers Target Southeast Asian Military Systems in Ongoing Spy CampaignChina-linked threat actors have been identified targeting Southeast Asian military networks in a long-running cyber espionage campaign focused on intelligence collection and operational surveillance. The activity, tracked as CL-STA-1087, demonstrates a highly disciplined approach…GBHACKERS.COM
25 MarWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
25 MarAI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest LinkPwC finds AI is amplifying speed and scale of attacks, as identity theft evolves into a cybercriminal supply chain. The post AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarRussian Cybercriminal Gets 2-Year Prison Sentence in USIlya Angelov was a member of the cybercrime group tracked as TA-551, Shathak, Gold Cabin, Monster Libra, and ATK236. The post Russian Cybercriminal Gets 2-Year Prison Sentence in US appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarGlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto DataCybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an…THEHACKERNEWS.COM
25 Mar2026 Cybersecurity Excellence Awards Winners Announced during RSA Conference as AI Security DominatesSan Francisco, USA, March 25th, 2026, CyberNewswire Cybersecurity Insiders today announced the winners of the 2026 Cybersecurity Excellence Awards during RSA Conference, recognizing leading cybersecurity companies, products, and professionals. This year’s defining theme was…GBHACKERS.COM
25 MarMY YAKE: A decade of cyber collaboration, built under Obama, is now hostage to a political grudgeSAN FRANCISCO — I was in the room at Stanford in February 2015 when President Obama used the bully pulpit to launch what became a decade of hard-won public-private collaboration in cybersecurity. It didn’t take much to tear it asunder.… (more…) The post MY YAKE: A dec…LASTWATCHDOG.COM
25 MarOnit Security Raises $11 Million for Exposure Management PlatformThe startup will invest in product development and go-to-market efforts as it expands into new sectors. The post Onit Security Raises $11 Million for Exposure Management Platform appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarAI Expands the Scam Target PoolAI is improving the quality of scam messages, removing obvious signs like grammar mistakes that once made them easy to spot. Those flaws may have acted as a filter, attracting only the most vulnerable victims. With AI polishing scams, attackers can now target a broader and more c…YOUTUBE.COM
25 MarBubble AI app builder abused to steal Microsoft account credentialsThreat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]BLEEPINGCOMPUTER.COM
25 MarYou Don’t Know Your AssetsMany organizations lack a clear inventory of their assets and the current state of their cryptographic systems. Without visibility, security teams cannot effectively manage risk or respond to threats. Fixing this isn’t a quick win—it requires building a long-term architectural ca…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
25 MarFCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk ConcernsThe U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications netwo…THEHACKERNEWS.COM
25 MarPaid AI Accounts Are Now a Hot Underground CommodityAI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and resell premium AI access at scale. [...]BLEEPINGCOMPUTER.COM
25 MarNew Torg Grabber infostealer malware targets 728 crypto walletsA new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 10[−]
25 MarWeekly Threat Bulletin – March 25th, 2026These are the top threats you should know about this week.F5.COM
25 MarHow one man used 10,000 bots to steal $8,000,000 from music artistsA man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
25 MarTP-Link warns users to patch critical router auth bypass flawTP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. [...]BLEEPINGCOMPUTER.COM
25 MarDevice Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth AbuseCybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on Febru…THEHACKERNEWS.COM
25 MarKali Linux 2026.1 released with 8 new tools, new BackTrack modeKali Linux 2026.1, the first release of the year, is now available for download, featuring 8 new tools, a theme refresh, and a new BackTrack mode for Kali-Undercover. [...]BLEEPINGCOMPUTER.COM
25 MarJoint guidance on securing space and cyber security for low earth orbit satellite communicationsThis joint guidance is intended for users of LEO SATCOM services. It highlights the key cyber security risks and mitigation strategies to support informed decision-making.CYBER.GC.CA
25 MarVirtual machines, virtually everywhere – and with real security gapsCloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselvesWELIVESECURITY.COM