🚨 CISA KEV 2[−]
26 Mar KEVTeamPCP Supply Chain Campaign: Update 001 ? Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon†(v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through …ISC.SANS.EDU
26 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33634 Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cybe…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 81[−]
26 MarCisco Secure Firewall Vulnerability Exposes Systems to Remote Code Execution by AttackersCisco has released critical security updates to address a maximum-severity vulnerability affecting its Secure Firewall Management Center (FMC) Software. Tracked under the identifier CVE-2026-20131, this flaw carries a perfect CVSS base score of 10.0 and allows unauthenticated, re…GBHACKERS.COM
26 MarMicrosoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain AttackAqua Security’s vulnerability scanner, Trivy, suffered a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, leveraged prior incomplete remediation to inject credential-stealing malware into official releases. This incident, tracked as CVE-2026-3…GBHACKERS.COM
26 MarCVE-2026-2297 SourcelessFileLoader does not use io.open_code()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled serverInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-29111 systemd: Local unprivileged user can trigger an assertInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing themInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removalInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_szInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmapInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23313 i40e: Fix preempt count leak in napi poll tracepointInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23306 scsi: pm8001: Fix use-after-free in pm8001_queue_command()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearingInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a messageInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objectsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23378 net/sched: act_ife: Fix metalist update behaviorInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23352 x86/efi: defer freeing of boot services memoryInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23298 can: ucan: Fix infinite loop from zero-length messagesInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boostingInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phaseInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23319 bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shimInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23300 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthopInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23293 net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabledInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23343 xdp: produce a warning when calculated tailroom is negativeInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callbackInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23365 net: usb: kalmia: validate USB endpointsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23284 net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :pathInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-33412 Vim affected by Command injection via newline in glob()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password dataInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlapInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardownInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23312 net: usb: kaweth: validate USB endpointsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23330 nfc: nci: complete pending data exchange on device closeInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entryInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23285 drbd: fix null-pointer dereference on local read errorInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23296 scsi: core: Fix refcount leak for tagset_refcntInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on errorInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validationInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23388 Squashfs: check metadata block offset is within rangeInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23286 atm: lec: fix null-ptr-deref in lec_arp_clear_vccsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlockInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23390 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflowInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23334 can: usb: f81604: handle short interrupt urb messages properlyInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscredsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23304 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23320 usb: gadget: f_ncm: align net_device lifecycle with bind/unbindInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23290 net: usb: pegasus: validate USB endpointsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23339 nfc: nci: free skb on nci_transceive early error pathsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23302 net: annotate data-races around sk->sk_{data_ready,write_space}Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPLInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23308 pinctrl: equilibrium: fix warning trace on loadInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23291 nfc: pn533: properly drop the usb interface reference on disconnectInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_openInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity settingInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23281 wifi: libertas: fix use-after-free in lbs_free_adapter()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabledInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible contextInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functionsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23347 can: usb: f81604: correctly anchor the urb in the read bulk callbackInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23310 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loadedInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23367 wifi: radiotap: reject radiotap with unknown bitsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23279 wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23379 net/sched: ets: fix divide by zero in the offload pathInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletionInformation published.MSRC.MICROSOFT.COM
26 MarIDrive for Windows Vulnerability Allows Attackers to Escalate Privileges and Gain Unauthorized AccessA critical security flaw has been identified in the IDrive Cloud Backup Client for Windows, exposing users to local privilege escalation attacks. Tracked as CVE-2026-1995, this vulnerability allows authenticated, low-privilege attackers to execute arbitrary code with the highest …GBHACKERS.COM
26 Mar KEVCISA Issues Urgent Warning on Langflow Code Injection Vulnerability Actively Exploited in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical code-injection vulnerability in Langflow. Tracked as CVE-2026-33017, this severe security flaw has been officially added to CISA’s Known Exploited Vulnerabilities (KEV)…GBHACKERS.COM
26 Mar KEVCISA: New Langflow flaw actively exploited to hijack AI workflowsThe Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]BLEEPINGCOMPUTER.COM
26 MarCoruna: the framework used in Operation TriangulationKaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.SECURELIST.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
26 MarDelve did the security compliance on LiteLLM, an AI project hit by malwareLiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.TECHCRUNCH.COM
26 MarSound Radix - 292,993 breached accountsIn March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP . Attributed to unauthorised access to a customer support platform, the incident impacted 293k unique email addresses and names of users who had int…HAVEIBEENPWNED.COM
26 MarNode.js Releases Urgent Patches for Multiple Vulnerabilities Exposing Systems to DoS and CrashesThe Node.js project issued a critical security update for its Long-Term Support (LTS) branch, marking version 20.20.2 ‘Iron’ as a security release. This urgent patch addresses seven distinct vulnerabilities impacting TLS error handling, HTTP/2 flow control, cryptographic timing, …GBHACKERS.COM
26 MarFake VS Code Security Alerts on GitHub Spread Malware in Massive Phishing AttackA large-scale phishing campaign is actively targeting developers on GitHub by abusing the platform’s Discussions feature to distribute fake Visual Studio Code (VS Code) security alerts. The campaign appears highly coordinated, with thousands of near-identical posts discovered acr…GBHACKERS.COM
26 MarLeakBase Forum Admin Arrested by Russian Authorities in Global Cybercrime OperationRussian law enforcement agencies have successfully apprehended the suspected administrator of LeakBase, a prominent international cybercrime forum. The arrest, executed by officers from the Russian Ministry of Internal Affairs (MVD) alongside regional security services in Rostov,…GBHACKERS.COM
26 MarFake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain AttackFake npm install messages are the latest social engineering trick in the open source supply chain, with attackers abusing npm post‑install scripts to silently deploy a crypto‑stealing remote access trojan (RAT) in what ReversingLabs is calling the “Ghost campaign.” By wrapping th…GBHACKERS.COM
26 MarPreventing Account Takeovers: A Practical Guide to Detection and ResponseYesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driven by bots that replay stolen credentials and infostealer malware that sidesteps multi-factor prompts. The fallout, billion…GBHACKERS.COM
26 MarSynology DiskStation Manager Vulnerability Puts Users at Risk of Remote Command Execution AttacksSynology has issued an urgent security update for its DiskStation Manager (DSM) software to address a critical vulnerability. If left unpatched, this flaw could allow unauthenticated remote attackers to execute arbitrary commands on affected network-attached storage (NAS) devices…GBHACKERS.COM
26 MarWebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce SitesCybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels…THEHACKERNEWS.COM
26 MarCoruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass AttacksThe kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When C…THEHACKERNEWS.COM
26 MarCritical NVIDIA Vulnerabilities Risk Remote Code Execution and Denial-of-Service AttacksNVIDIA has recently published its March 2026 security bulletins, addressing a wave of newly discovered vulnerabilities across its hardware and software ecosystems. The technology giant has urged organizations to immediately evaluate their environments and apply the necessary corr…GBHACKERS.COM
26 MarSilver Fox Tax Audit Phishing Campaign Shifts from RATs to Python StealersThreat intelligence teams have tracked Silver Fox (also known as Void Arachne), a China-based intrusion set that sits at the intersection of financially motivated cybercrime and APT-style espionage. Originally associated with large-scale, profit-driven campaigns, the group has st…GBHACKERS.COM
26 MarGitHub phishers use fake OpenClaw tokens to drain crypto walletsThreat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens. According to a disclosure by OX Security, the campaign involves fake “CLAW” token airdrops that promise thousands of do…CSOONLINE.COM
26 Mar KEVCritical Ivanti EPMM Vulnerabilities Expose Systems to Arbitrary Code Execution AttacksIn February 2026, threat actors actively exploited two critical remote code execution (RCE) vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). A recent incident response investigation by WithSecure’s STINGR Group revealed that attackers used highly automated methods …GBHACKERS.COM
26 MarCisco Patches Multiple Vulnerabilities in IOS SoftwareThe high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarDatabricks pitches Lakewatch as a cheaper SIEM — but is it really?Databricks has previewed a new open agentic Security Information and Event Management software (SIEM) named Lakewatch that signals its first deliberate step beyond data warehousing into security analytics. The data warehouse-provider is pitching Lakewatch as a lower-cost alternat…CSOONLINE.COM
26 MarCoruna iOS exploit framework linked to Triangulation attacksThe Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. [...]BLEEPINGCOMPUTER.COM
26 MarClaude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any WebsiteCybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the…THEHACKERNEWS.COM
26 MarUniversity Donor Data Under AttackUniversities are increasingly seeing attacks that target donor data, with several high-profile institutions already appearing in public reports. While this data may not directly impact students day-to-day, it plays a critical role in funding scholarships, grants, and institutiona…YOUTUBE.COM
26 MarNew ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy MalwareThreat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at leas…GBHACKERS.COM
26 MarGreat Patching Lessons To Learn From The Zero Day ClockI just came across the Zero Day Clock, and I love it. Everyone should go there, see the stats, see the trends, and figure out what that means for your ongoing and future patch management plans.KNOWBE4.COM
26 MarIn WAF we (should not) trustDeep dive into Web Application Firewall (WAF) bypasses, from misconfiguration exploitation to crafting obfuscated payloads. We show the impact of the parsing discrepancy between how a WAF reads a request and how a backend executes it. It is not a bug, it is a feature.QUARKSLAB.COM
26 MarAI is the Top Cyber Priority for Defenders as Criminals Exploit it - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ai-top-cyber-priority-defenders-pwc/SH.ITJUST.WORKS
26 MarThe CISO’s guide to responding to shadow AIMove over shadow IT; shadow AI is the new risk on the scene. The explosion of available AI tools, leadership’s enthusiasm for the new technology, the push for employees to do more with less, nascent governance and the sheer speed at which AI is evolving has created the perfect en…CSOONLINE.COM
26 MarReport: Attackers Can Trick AI Assistants Into Displaying Phishing MessagesResearchers at Permiso warn that threat actors can plant phishing messages within Copilot AI summaries. Notably, the researchers found that attackers can trick Copilot into including internal information to craft a more targeted message.KNOWBE4.COM
26 MarAjax football club hack exposed fan data, enabled ticket hijackDutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. [...]BLEEPINGCOMPUTER.COM
26 MarScanning The Internet with Linux Tools - PSW #919In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include: Shodan | Passive recon — query existing scan data for exposed d…YOUTUBE.COM
26 MarUncover prompt injection, insider threats with the Tenable One Model Refusal DetectionTenable One's new Model Refusal Detection turns an LLM's refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky user behaviors before they escalate into a …TENABLE.COM
26 MarA year of open source vulnerability trends: CVEs, advisories, and malwareReviewed advisories hit a four-year low, malware advisories surged, and CNA publishing grew—here’s what changed and what it means for your triage and response. The post A year of open source vulnerability trends: CVEs, advisories, and malware appeared first on The GitHub Blog .GITHUB.BLOG
26 MarActive Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank FraudA large-scale magecart operation remained active for over 24 months, leveraging an infrastructure of 100+ domains. While the targeted victims are e-commerce websites, the actual pressure falls on banks and payment systems. As ANY.RUN’s analysis shows, threat actors…ANY.RUN
📢 SECURITY ADVISORIES 10[−]
26 MarAlleged RedLine Malware Administrator Extradited to USHambardzum Minasyan of Armenia has been accused of being involved in the development and administration of the infostealer malware. The post Alleged RedLine Malware Administrator Extradited to US appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarTeamPCP deploys CanisterWorm on NPM following Trivy compromisesubmitted by codeinabox to security 1 points | 0 comments https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromisePROGRAMMING.DEV
26 MarAs the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning VotersIn December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any con…SCHNEIER.COM
🔥 INCIDENT REPORTING 9[−]
26 MarScuf Gaming - 128,683 breached accountsIn June 2015, custom gaming controller maker Scuf Gaming suffered a data breach . The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.HAVEIBEENPWNED.COM
26 MarTorg Grabber Malware Shifts from Telegram Exfiltration to Encrypted REST API for C2A fast-evolving information‑stealing malware dubbed “Torg Grabber” that has shifted from simple Telegram‑based exfiltration to a hardened, encrypted REST API command‑and‑control (C2) channel fronted by Cloudflare. The operation surfaced when a 747 KB 64‑bit sample initially tagge…GBHACKERS.COM
26 MarRussia arrests suspected owner of LeakBase cybercrime forumRussian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. [...]BLEEPINGCOMPUTER.COM
26 MarRansomware attack disrupts operation at major Spanish fishing port | The Record from Recorded Future Newssubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/port-of-vigo-ransomwareSH.ITJUST.WORKS
26 MarHightower Holding Data Breach Impacts 130,000The holdings company says hackers stole names, Social Security numbers, and driver’s license numbers from its environment. The post Hightower Holding Data Breach Impacts 130,000 appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarUK sanctions Xinbi marketplace linked to Asian scam centersThe United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. [...]BLEEPINGCOMPUTER.COM
26 MarIran-Linked Pay2Key Ransomware Group Re-Emerges - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/iranlinked-pay2key-ransomware/SH.ITJUST.WORKS
26 MarWhy Financial Firms are Outgrowing Traditional Email SecurityIn the financial services industry, a "security incident" is rarely just an IT ticket. It is a regulatory event. Whether you are a bank, a global investment firm, or a fintech startup, your email environment is the most targeted entry point for attackers and the most common exit …KNOWBE4.COM
26 MarYour AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain CompromiseTeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly documented to date that cascaded through developer tooling and compromised LiteLLM, exposing how AI proxy services that concentrate API keys and cloud credentials become high-value …TRENDMICRO.COM
🕵️ THREAT INTELLIGENCE 27[−]
26 MarHackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Minersubmitted by monica_b1998 to securitynews 2 points | 0 comments https://thehackernews.com/2026/03/hackers-use-fake-resumes-to-steal.htmlINFOSEC.PUB
26 MarISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866, (Thu, Mar 26th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
26 MarThousands of websites are accidentally broadcasting sensitive datasubmitted by Innerworld to cybersecurity 1 points | 0 comments https://techxplore.com/news/2026-03-thousands-websites-accidentally-sensitive.htmlINFOSEC.PUB
26 MarThousands of websites are accidentally broadcasting sensitive datasubmitted by Innerworld to security 1 points | 0 comments https://techxplore.com/news/2026-03-thousands-websites-accidentally-sensitive.htmlPROGRAMMING.DEV
26 MarThousands of websites are accidentally broadcasting sensitive datasubmitted by Innerworld to cybersecurity 2 points | 0 comments https://techxplore.com/news/2026-03-thousands-websites-accidentally-sensitive.htmlSH.ITJUST.WORKS
26 MarKiss Loader Malware Targets with Early Bird APC Injection in New Attack CampaignA newly identified malware loader dubbed “Kiss Loader” is emerging as a potential threat, leveraging advanced process injection techniques and dynamic delivery infrastructure. The loader, still under active development at the time of discovery, demonstrates a blend of stealth, mo…GBHACKERS.COM
26 MarDell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber ResilienceThe computer giants have announced new security capabilities for PCs and printers. The post Dell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber Resilience appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarFake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware AttackFake screenshot links are being used to quietly deploy a multi‑stage backdoor against Web3 customer support teams, in a campaign assessed to be linked to the Chinese financially motivated group APT‑Q‑27 (GoldenEyeDog). The operation abuses live chat workflows, signed .NET loaders…GBHACKERS.COM
26 Mar[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real AttacksMost teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky…THEHACKERNEWS.COM
26 MarHackers claim to have accessed data tied to millions of crime tipsterssubmitted by kid to cybersecurity 2 points | 0 comments https://securityboulevard.com/2026/03/hackers-claim-to-have-accessed-data-tied-to-millions-of-crime-tipstersSH.ITJUST.WORKS
26 MarPyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials | CSO Onlinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/4149905/pypi-warns-developers-after-litellm-malware-found-stealing-cloud-and-ci-cd-credentials.htmlSH.ITJUST.WORKS
26 MarGlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Datasubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.htmlSH.ITJUST.WORKS
26 MarEnterprise Cybersecurity Software Fails 20% of the Time, Warns Report - Infosecurity Magazinesubmitted by kid to cybersecurity 4 points | 0 comments https://www.infosecurity-magazine.com/news/cybersecurity-software-failure-20/SH.ITJUST.WORKS
26 MarTP-Link warns users to patch critical router auth bypass flawsubmitted by kid to cybersecurity 3 points | 1 comments https://www.bleepingcomputer.com/news/security/tp-link-warns-users-to-patch-critical-router-auth-bypass-flaw/SH.ITJUST.WORKS
26 MarChinese Hackers Caught Deep Within Telecom Backbone InfrastructureThe state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarGhostClaw AI Malware Targets macOS Users with Credential-Stealing PayloadsGhostClaw is a multi-stage macOS infostealer that now abuses both GitHub and AI-assisted development workflows to harvest credentials and deploy secondary payloads, significantly widening its potential victim base. Jamf Threat Labs has since expanded on this work, uncovering at l…GBHACKERS.COM
26 MarNew Torg Grabber infostealer malware targets 728 crypto walletssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-torg-grabber-infostealer-malware-targets-728-crypto-wallets/SH.ITJUST.WORKS
26 MarBIND Updates Patch High-Severity VulnerabilitiesSpecially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarVoidLink Rootkit Leverages eBPF and Kernel Modules to Stealthily Infiltrate Linux SystemsVoidLink is a new Linux rootkit family that combines classic kernel modules with eBPF to hide processes and network activity deep inside modern cloud environments. It targets distributions from CentOS 7 up to Ubuntu 22.04, giving attackers a stealthy way to persist across a wide …GBHACKERS.COM
26 MarTikTok for Business accounts targeted in new phishing campaignThreat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [...]BLEEPINGCOMPUTER.COM
26 MarLeak Bazaar Converts Stolen Corporate Data Into Organized Criminal MarketplaceA new cybercriminal service called “Leak Bazaar” has surfaced on the Russian-speaking TierOne forum, advertised on March 25, 2026, by a user known as Snow of SnowTeam. Unlike traditional data leak sites, Leak Bazaar introduces a more structured approach to monetizing stolen corpo…GBHACKERS.COM
26 MarScammers Abuse Calendar Invites to Plant Phony Subscription NoticesMalwarebytes warns that a phishing campaign is using Google Calendar invites to send phony renewal notices for Malwarebytes subscriptions. The calendar invites contain a phone number that will connect the user with a scammer.KNOWBE4.COM
26 MarGoogle bumps up Q Day deadline to 2029, far sooner than previously thoughtsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2026/03/google-bumps-up-q-day-estimate-to-2029-far-sooner-than-previously-thought/INFOSEC.PUB
26 MarA nearly undetectable LLM attack needs only a handful of poisoned samples - Help Net Securitysubmitted by kid to cybersecurity 4 points | 0 comments https://www.helpnetsecurity.com/2026/03/26/llm-backdoor-attack-research/SH.ITJUST.WORKS
26 MarChina-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom NetworksA long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within crit…THEHACKERNEWS.COM
26 MarLLMs Solve Firmware Upgrade ChaosDetermining the correct firmware upgrade path for devices is complex and error-prone. LLMs can assist by analyzing device information, hardware models, and firmware versions to generate the proper update sequence. This reduces the risk of failed updates, increases efficiency, and…YOUTUBE.COM
26 MarANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026ANY.RUN has been recognized at Global InfoSec Awards 2026 by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The award ceremony took place during RSAC™ 2026 conference. We’re especially proud and grateful that our imp…ANY.RUN
🌐 CYBER THREAT LANDSCAPE 6[−]
26 MarPawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure EntitiesThis blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed.TRENDMICRO.COM
26 MarHow scammers use legitimate surveys to link to malicious sites | Kaspersky official blogSpammers are disguising fraudulent links within legitimate survey platforms — emails containing these links easily bypass standard spam filters. We analyze the scheme, highlight the red flags, and provide defensive strategies.KASPERSKY.COM
26 MarSuspected RedLine infostealer malware admin extradited to USAn Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. [...]BLEEPINGCOMPUTER.COM
26 MarApple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacksLeaked hacking tools threaten the security of millions of older iPhones. Cybersecurity experts weigh in.TECHCRUNCH.COM
26 MarIlluminating VoidLink: Technical analysis of the VoidLink rootkit frameworkElastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain persistence.ELASTIC.CO
26 MarAn AI gateway designed to steal your dataDissecting the supply chain attack on LiteLLM, a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.SECURELIST.COM
🎙️ PODCASTS 1[−]
26 MarSmashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfieA disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot." Meanwhile, two people drive up to the entrance of the U…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 8[−]
26 MarMasters of Imitation: How Hackers and Art Forgers Perfect the Art of DeceptionUnmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit master…THEHACKERNEWS.COM
26 MarThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More StoriesSome weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in t…THEHACKERNEWS.COM
26 MarConntour raises $7M from General Catalyst, YC to build an AI search engine for security video systemsConntour uses AI models to let security teams query camera feeds using natural language to find any object, person, or situation.TECHCRUNCH.COM
26 MarInside a Modern Fraud Attack: From Bot Signups to Account TakeoversMulti-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. [...]BLEEPINGCOMPUTER.COM
26 MarWhatsApp rolls out more AI features, iOS multi-account supportWhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts on iOS, and chat history transfer between iOS and Android devices. [...]BLEEPINGCOMPUTER.COM
26 MarA major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to knowHere’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by security researchers. DarkSword has now leaked online.TECHCRUNCH.COM
26 MarWorld Leaks data extortion: What you need to knowWorld Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog.FORTRA.COM
26 MarPreparing for agentic AI: A financial services approachDeploying agentic AI in financial services requires additional security controls that address AI-specific risks. This post walks you through comprehensive observability and fine-grained access controls—two critical capabilities for maintaining explainability and accountability in…AWS.AMAZON.COM