Google warns of two actively exploited Chrome zero days

Fri Mar 13 2026

Threat actors are exploiting two high severity zero day vulnerabilities in the Chrome browser that experts say IT teams must patch immediately.

CSO Online

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

Fri Mar 13 2026

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation. "The activity demonstrated strategic operational patience and...

The Hacker News

Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026

Fri Mar 13 2026

Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said in a help document. "If you're on an older version of Instagram, you may also need to update the...

The Hacker News

Cyber criminals too are working from home… your home

Fri Mar 13 2026

The FBI is so concerned about the threat of residential proxy attacks and the dangers posed by cyber criminals using the technique that it has posted guidance on its website.

CSO Online

INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime

Fri Mar 13 2026

INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effort is part of an international law enforcement operation that involved 72 countries and territories....

The Hacker News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Fri Mar 13 2026

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients...

The Hacker News

Investigating a New Click-Fix Variant

Fri Mar 13 2026

Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is intended for informational and preparedness purposes only. Read more blogs around threat...

The Hacker News

Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication

Fri Mar 13 2026

Backup vendor Veeam has released security updates to patch multiple vulnerabilities in its widely used Backup and Replication platform, including three critical flaws that could allow authenticated us

CSO Online

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

Fri Mar 13 2026

Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML...

The Hacker News

Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind

Fri Mar 13 2026

I used to think hybrid incidents would get easier once we standardized on “one tool”: one monitoring platform, one ticketing system, one on-call process.

CSO Online

Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Fri Mar 13 2026

Microsoft has warned enterprises that cybercriminal group Storm-2561 is hijacking search engine results to serve trojanized VPN clients, stealing corporate credentials, and then covering its tracks be

CSO Online

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

Fri Mar 13 2026

Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees. The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The...

The Hacker News

The cyber perimeter was never dead. We just abandoned it.

Fri Mar 13 2026

Industry has comforted itself with the idea that the perimeter is dead.

CSO Online

Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries

Fri Mar 13 2026

A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud. "SocksEscort infected home and small business internet routers with malware," the U.S. Department of Justice (DoJ) said. "The malware allowed SocksEscort to direct internet...

The Hacker News

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Fri Mar 13 2026

Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows - CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21667 (...

The Hacker News

10 Kennzahlen, die CISOs weiterbringen

Fri Mar 13 2026

Geht es um Security-Kennzahlen, sollten CISOs sich auf das Wesentliche fokussieren.

CSO Online

Telus Digital hit with massive data breach

Fri Mar 13 2026

Telus Digital, which provides business process outsourcing (BPO) services to a range of organizations worldwide, has been hit with a massive cyberattack conducted by extortion group ShinyHunters The g

CSO Online

Medical giant Stryker crippled after Iranian hackers remotely wipe computers

Thu Mar 12 2026

A major cyberattack on US medical supplies giant Stryker has resulted in thousands of devices being remotely wiped, after a pro-Iranian hacking group may have compromised the company’s Microsoft Intun

CSO Online

US Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access

Thu Mar 12 2026

A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline.

Wired

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Thu Mar 12 2026

Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian...

The Hacker News

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Thu Mar 12 2026

Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to take...

The Hacker News

How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks

Thu Mar 12 2026

Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks.

Wired

How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs

Thu Mar 12 2026

Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helps...

The Hacker News

ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

Thu Mar 12 2026

Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how...

The Hacker News

PhantomRaven returns to npm with 88 bad packages

Thu Mar 12 2026

Last year’s “PhantomRaven” supply-chain campaign is back, with security researchers uncovering 88 new malicious packages in what they describe as the second, third, and fourth waves of the operation.

CSO Online

Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

Thu Mar 12 2026

The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity industry has focused on the front door of phishing defense: employee training, email gateways that...

The Hacker News

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Thu Mar 12 2026

Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit. The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was...

The Hacker News

North Korean fake IT worker tradecraft exposed

Thu Mar 12 2026

Research from GitLab has exposed the latest tradecraft behind North Korean fake IT worker scams.

CSO Online

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Thu Mar 12 2026

Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT. PixRevolution, according to...

The Hacker News

AI use is changing how much companies pay for cyber insurance

Thu Mar 12 2026

In July 2025, McDonald’s had an unexpected problem on the menu, one involving McHire, its AI-powered platform used to recruit and screen job applicants.

CSO Online

“Zombie ZIP”: Neue Angriffstechnik täuscht Virenscanner

Thu Mar 12 2026

Mithilfe sogenannter Zombie-ZIPs lassen sich fast alle Virenscanner austricksen.

CSO Online

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

Thu Mar 12 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched...

The Hacker News

Wie CISOs schlechte Angebote enttarnen

Thu Mar 12 2026

Drum prüfe…Ground Picture | shutterstock.

CSO Online

Resumés with malicious ISO attachments are circulating, says Aryaka

Wed Mar 11 2026

Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails.

CSO Online

CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws

Wed Mar 11 2026

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the

CSO Online

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Wed Mar 11 2026

Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio...

The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Wed Mar 11 2026

Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated...

The Hacker News

Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown

Wed Mar 11 2026

Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The effort also led to 21 arrests made by the Royal Thai Police, the company said. The action builds upon...

The Hacker News

AWS expands Security Hub for multicloud security operations

Wed Mar 11 2026

Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations solution capable of aggregating risk signals across multicloud environments.

CSO Online

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

Wed Mar 11 2026

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization...

The Hacker News

Meta Ramps Up Efforts to Disrupt Industrialized Scamming

Wed Mar 11 2026

Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday.

Wired

Overly permissive ‘guest’ settings put Salesforce customers at risk

Wed Mar 11 2026

Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Sal

CSO Online

What Boards Must Demand in the Age of AI-Automated Exploitation

Wed Mar 11 2026

“You knew, and you could have acted. Why didn’t you?”  This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident. For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing...

The Hacker News

Did cybersecurity recently have its Gatling gun moment?

Wed Mar 11 2026

On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of ki

CSO Online

Why zero trust breaks down in IoT and OT environments

Wed Mar 11 2026

Zero trust solves the wrong problem in OT Zero trust has become the dominant security narrative of the past decade, and rightly so.

CSO Online

Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

Wed Mar 11 2026

HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network

CSO Online

A 5-step approach to taming shadow AI

Wed Mar 11 2026

AI is being leveraged across organizations to boost productivity, accelerate innovation and optimize business processes.

CSO Online

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Wed Mar 11 2026

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four...

The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

Wed Mar 11 2026

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used this...

The Hacker News

12 ways attackers abuse cloud services to hack your enterprise

Wed Mar 11 2026

Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic.

CSO Online

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Wed Mar 11 2026

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March...

The Hacker News

6 Mittel gegen Security-Tool-Wildwuchs

Wed Mar 11 2026

loading="lazy" width="400px">Viel hilft nicht immer viel.

CSO Online

Jack & Jill went up the hill — and an AI tried to hack them

Wed Mar 11 2026

What happens when an autonomous AI agent is turned loose on another autonomous AI agent? It chains together bugs that humans would consider benign, easily bypasses authentication controls, and even un

CSO Online

March Patch Tuesday: Three high severity holes in Microsoft Office

Tue Mar 10 2026

Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities.

CSO Online

DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders

Tue Mar 10 2026

Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned.

Wired

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Tue Mar 10 2026

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology...

The Hacker News

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Tue Mar 10 2026

Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has...

The Hacker News

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Tue Mar 10 2026

Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus Labs team at Lumen. A lesser number of...

The Hacker News

GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps

Tue Mar 10 2026

Delivery apps are glitching and navigation routes are changing abruptly thanks to electronic warfare disrupting the satellite signals that power everything from missiles to your ride home.

Wired

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Tue Mar 10 2026

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in...

The Hacker News

Devs looking for OpenClaw get served a GhostClaw RAT

Tue Mar 10 2026

A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research.

CSO Online

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Tue Mar 10 2026

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,...

The Hacker News

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

Tue Mar 10 2026

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,...

The Hacker News

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

Tue Mar 10 2026

When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing

CSO Online

OpenAI to acquire Promptfoo to strengthen AI agent security testing

Tue Mar 10 2026

OpenAI said it plans to acquire AI testing startup Promptfoo, a move aimed at strengthening security checks for AI agents as enterprises move toward deploying autonomous systems in business workflows.

CSO Online

Why access decisions are becoming the weakest link in identity security

Tue Mar 10 2026

In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in.

CSO Online

I replaced manual pen tests with automation. Here’s what I learned.

Tue Mar 10 2026

More accreditation and compliance requirements have been added in response to cyber incidents.

CSO Online

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Tue Mar 10 2026

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive...

The Hacker News

When AI safety constrains defenders more than attackers

Tue Mar 10 2026

Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows.

CSO Online

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

Tue Mar 10 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that...

The Hacker News

Hacker abusing .arpa domain to evade phishing detection, says Infoblox

Tue Mar 10 2026

A threat actor has found a new way to evade phishing detection defenses: Manipulate the .

CSO Online