🚨 CISA KEV 1[−]
28 Mar KEVCISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is…THEHACKERNEWS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
28 MarCVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checksInformation published.MSRC.MICROSOFT.COM
28 MarCVE-2026-33413 etcd: Authorization bypasses in multiple APIsInformation published.MSRC.MICROSOFT.COM
28 MarCitrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread BugA recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input vali…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
28 MarOpen VSX Scanner Vulnerability Lets Malicious Extensions Go LiveOpen VSX, the extension marketplace used by VS Code forks such as Cursor and Windsurf, recently fixed a critical vulnerability in its newly introduced pre-publish scanning pipeline that could allow malicious extensions to bypass security checks and go live undetected. The issue, …GBHACKERS.COM
28 MarTA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing CampaignProofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat …THEHACKERNEWS.COM
28 MarNew Infinity Stealer malware grabs macOS data via ClickFix luresA new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 7[−]
28 MarHundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wildsubmitted by Innerworld to cybersecurity 1 points | 0 comments https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/INFOSEC.PUB
28 MarHundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wildsubmitted by Innerworld to security 2 points | 0 comments https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/PROGRAMMING.DEV
28 MarHundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wildsubmitted by Innerworld to cybersecurity 1 points | 0 comments https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/SH.ITJUST.WORKS
28 MarEuropean Commission Confirms Cyberattack After AWS Account BreachThe European Commission has confirmed a cybersecurity incident affecting its cloud-based infrastructure after attackers gained access to an Amazon Web Services (AWS) account hosting parts of the Europa.eu platform. According to an official statement, the compromised infrastructur…GBHACKERS.COM
28 MarFake Certificate Loader Hides BlankGrabber Malware ChainBlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi‑stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built‑in tools such as certutil.exe, heavily ob…GBHACKERS.COM
28 MarTeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)This is the third update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 002 covered developments through March 27, including the Telnyx PyPI compromise and Vect ransomware partnership. …ISC.SANS.EDU
28 MarIran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper AttackThreat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, sai…THEHACKERNEWS.COM
🕵️ THREAT INTELLIGENCE 3[−]
28 MarCloudflare-Themed ClickFix Attack Drops Infiniti Stealer on MacsThe infection chain includes a fake CAPTCHA page, a Bash script, a Nuitka loader, and the Python-based infostealer. The post Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarMalicious Browser Extensions Hijack Users’ AI Chats in New “Prompt Poaching” AttackA new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools, in a growing threat now dubbed “prompt poaching.” The rise of AI assistants in everyday browsing has created a usability gap. Most users interact with AI tools in isolated …GBHACKERS.COM
28 MarWhat Are You Giving Up?A simple mental check—“what am I giving up?”—can help identify risky interactions, especially when information or downloads are involved. Scams rely on quick decisions and unnoticed tradeoffs. By pausing and evaluating the cost—whether it’s money, personal data, or access—you can…YOUTUBE.COM
🎙️ PODCASTS 1[−]
28 MarRSAC Recap: Agentic AI and Interview With Commvault CISO Bill O'ConnellRSAC Recap: Agentic AI Takes Over, Security Funding Shifts, and Why CISOs Must Focus on Resilience Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integra…CYBERSECURITYTODAY.LIBSYN.COM