CSO Online

Dark Reading

Dark Web Informer

Europol

Krebs on Security

NSA

Reuters

Security Affairs

The Hacker News

Wired

ZDNET

Bell Ambulance data breach impacted over 238,000 people

Thu Mar 12 2026

Bell Ambulance confirms a February 2025 breach affecting 238,000 people, exposing personal, financial, and health information. Nearly 238,000 individuals are impacted by a February 2025 Bell Ambulance data breach. Bell Ambulance is a U.S.-based emergency medical services provider offering ambulance transport, paramedic care, and patient support. It serves communities with urgent medical response, interfacility transfers, […]

Security Affairs

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

Thu Mar 12 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched...

The Hacker News

Wie CISOs schlechte Angebote enttarnen

Thu Mar 12 2026

Drum prüfe…Ground Picture | shutterstock.

CSO Online

Resumés with malicious ISO attachments are circulating, says Aryaka

Wed Mar 11 2026

Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails.

CSO Online

Pro-Palestinian hacktivist group Handala targets Stryker in global disruption

Wed Mar 11 2026

Pro-Palestinian hacktivist group Handala claims a cyberattack on Stryker, alleging it wiped 200,000 systems and disrupted global operations. Pro-Palestinian hacktivist group Handala claims responsibility for a disruptive cyberattack against medical technology firm Stryker. “Medical technology giant Stryker is experiencing a global outage across its systems after a cyberattack early Wednesday. Staff and contractors report that […]

Security Affairs

BeatBanker malware targets Android users with banking Trojan and crypto miner

Wed Mar 11 2026

BeatBanker Android malware spreads through fake Starlink apps on websites imitating Google Play Store, hijacking devices, stealing credentials, and mining crypto. A new Android malware called BeatBanker spreads through fake Starlink apps distributed on websites posing as the Google Play Store. Once installed, it hijacks devices, steals login credentials, tampers with cryptocurrency transactions, and secretly […]

Security Affairs

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

Wed Mar 11 2026

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency.

Krebs on Security

CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws

Wed Mar 11 2026

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the

CSO Online

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Wed Mar 11 2026

Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio...

The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Wed Mar 11 2026

Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated...

The Hacker News

Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown

Wed Mar 11 2026

Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The effort also led to 21 arrests made by the Royal Thai Police, the company said. The action builds upon...

The Hacker News

AWS expands Security Hub for multicloud security operations

Wed Mar 11 2026

Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations platform capable of aggregating risk signals across multicloud environments.

CSO Online

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

Wed Mar 11 2026

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization...

The Hacker News

Meta Ramps Up Efforts to Disrupt Industrialized Scamming

Wed Mar 11 2026

Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday.

Wired

Overly permissive ‘guest’ settings put Salesforce customers at risk

Wed Mar 11 2026

Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Sal

CSO Online

What Boards Must Demand in the Age of AI-Automated Exploitation

Wed Mar 11 2026

“You knew, and you could have acted. Why didn’t you?”  This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident. For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing...

The Hacker News

Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX

Wed Mar 11 2026

Hewlett Packard Enterprise (HPE) fixed several flaws in Aruba AOS-CX, including a critical bug that lets attackers reset admin passwords. Hewlett Packard Enterprise (HPE) patched multiple vulnerabilities in Aruba AOS-CX, the operating system used in Aruba CX switches. The most severe issue, tracked as CVE-2026-23813 (CVSS score of 9.8), allows unprivileged attackers to bypass authentication […]

Security Affairs

Did cybersecurity recently have its Gatling gun moment?

Wed Mar 11 2026

On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of ki

CSO Online

Why zero trust breaks down in IoT and OT environments

Wed Mar 11 2026

Zero trust solves the wrong problem in OT Zero trust has become the dominant security narrative of the past decade, and rightly so.

CSO Online

Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

Wed Mar 11 2026

HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network

CSO Online

CSO Awards 2026 celebrates world-class security strategies

Wed Mar 11 2026

For more than a decade, the CSO Awards have recognized security projects that demonstrate outstanding thought leadership and business value.

CSO Online

Announcing the 2026 CSO Hall of Fame honorees

Wed Mar 11 2026

Now entering its eighth year, the CSO Hall of Fame spotlights outstanding leaders who have significantly contributed to the practice of information risk management and security.

CSO Online

KadNap bot compromises 14,000+ devices to route malicious traffic

Wed Mar 11 2026

KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the […]

Security Affairs

A 5-step approach to taming shadow AI

Wed Mar 11 2026

AI is being leveraged across organizations to boost productivity, accelerate innovation and optimize business processes.

CSO Online

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Wed Mar 11 2026

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four...

The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

Wed Mar 11 2026

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used this...

The Hacker News

12 ways attackers abuse cloud services to hack your enterprise

Wed Mar 11 2026

Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic.

CSO Online

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Wed Mar 11 2026

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March...

The Hacker News

6 Mittel gegen Security-Tool-Wildwuchs

Wed Mar 11 2026

loading="lazy" width="400px">Viel hilft nicht immer viel.

CSO Online

Microsoft Patch Tuesday, March 2026 Edition

Wed Mar 11 2026

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday.

Krebs on Security

Microsoft Patch Tuesday security updates for March 2026 fixed 84 bugs

Tue Mar 10 2026

Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities in its products. None of the flaws are known to be exploited so far. Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities across its products. The IT giant addressed flaws across Windows, Office, Edge, Azure, SQL Server, Hyper-V, and ReFS. Including […]

Security Affairs

Threat intelligence by ESET is a game changer

Tue Mar 10 2026

Cyber threats have gained the upper hand on many global organizations, attacking through a relentless cycle of new phishing scams, malware attacks and deepfake incidents.

CSO Online

The CSO role is evolving fast with AI in Cyber Defense strategy

Tue Mar 10 2026

AI and cybersecurity are proving to be extremely challenging for organisations.

CSO Online

Attackers exploit FortiGate devices to access sensitive network information

Tue Mar 10 2026

Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about […]

Security Affairs

Jack & Jill went up the hill — and an AI tried to hack them

Wed Mar 11 2026

What happens when an autonomous AI agent is turned loose on another autonomous AI agent? It chains together bugs that humans would consider benign, easily bypasses authentication controls, and even un

CSO Online

March Patch Tuesday: Three high severity holes in Microsoft Office

Tue Mar 10 2026

Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities.

CSO Online

DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders

Tue Mar 10 2026

Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned.

Wired

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Tue Mar 10 2026

Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has...

The Hacker News

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Tue Mar 10 2026

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology...

The Hacker News

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Tue Mar 10 2026

Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus Labs team at Lumen. A lesser number of...

The Hacker News

APT28 conducts long-term espionage on Ukrainian forces using custom malware

Tue Mar 10 2026

APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since April 2024. The Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has used BEARDSHELL and COVENANT malware to conduct long-term surveillance of Ukrainian military personnel. According to ESET, the campaign began in April 2024 and relies on […]

Security Affairs

Threat actors use custom AuraInspector to harvest data from Salesforce systems

Tue Mar 10 2026

Attackers are mass-scanning Salesforce Experience Cloud sites using a modified AuraInspector tool to exploit misconfigurations and access sensitive data. Salesforce CSOC warns that threat actors are mass-scanning publicly accessible Experience Cloud sites using a modified version of the AuraInspector tool. AuraInspector is an open‑source command‑line tool released by Google/Mandiant to audit Salesforce Aura and Experience […]

Security Affairs

GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps

Tue Mar 10 2026

Delivery apps are glitching and navigation routes are changing abruptly thanks to electronic warfare disrupting the satellite signals that power everything from missiles to your ride home.

Wired

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Tue Mar 10 2026

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in...

The Hacker News

Devs looking for OpenClaw get served a GhostClaw RAT

Tue Mar 10 2026

A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research.

CSO Online

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Tue Mar 10 2026

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,...

The Hacker News

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

Tue Mar 10 2026

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,...

The Hacker News

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

Tue Mar 10 2026

When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing

CSO Online

U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog

Tue Mar 10 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is […]

Security Affairs

Ericsson US confirms breach after third-party provider attack

Tue Mar 10 2026

Ericsson US reports a data breach after attackers hacked a service provider, exposing employee and customer information. Ericsson Inc., the U.S. branch of the Swedish telecom giant, disclosed a data breach after a service provider was hacked. The attack compromised the personal information of an unspecified number of employees and customers. “On April 28, 2025, […]

Security Affairs

Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform

Tue Mar 10 2026

Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used to send millions of phishing emails to over 500,000 orgs worldwide. The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By […]

Security Affairs

OpenAI to acquire Promptfoo to strengthen AI agent security testing

Tue Mar 10 2026

OpenAI said it plans to acquire AI testing startup Promptfoo, a move aimed at strengthening security checks for AI agents as enterprises move toward deploying autonomous systems in business workflows.

CSO Online

Why access decisions are becoming the weakest link in identity security

Tue Mar 10 2026

In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in.

CSO Online

I replaced manual pen tests with automation. Here’s what I learned.

Tue Mar 10 2026

More accreditation and compliance requirements have been added in response to cyber incidents.

CSO Online

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Tue Mar 10 2026

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive...

The Hacker News

When AI safety constrains defenders more than attackers

Tue Mar 10 2026

Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows.

CSO Online

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

Tue Mar 10 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that...

The Hacker News

Security-Tools für KI-Infrastrukturen – ein Kaufratgeber

Tue Mar 10 2026

Tools, die die KI-Infrastruktur unter die Lupe nehmen, optimieren und absichern, liegen im Trend.

CSO Online

FBI alert: scammers target zoning permit applicants

Mon Mar 09 2026

The FBI warns of phishing attacks where crooks impersonate U.S. city and county officials to target people requesting planning and zoning permits. The FBI warns that scammers are impersonating U.S. city and county officials in phishing campaigns targeting businesses and individuals applying for planning or zoning permits. Using publicly available information, attackers craft messages that […]

Security Affairs

Hacker abusing .arpa domain to evade phishing detection, says Infoblox

Tue Mar 10 2026

A threat actor has found a new way to evade phishing detection defenses: Manipulate the .

CSO Online

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Mon Mar 09 2026

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for...

The Hacker News

CVE program funding secured, easing fears of repeat crisis

Mon Mar 09 2026

The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and Exposures Program in a way that elim

CSO Online

Russia-linked hackers target Signal, WhatsApp of officials globally

Mon Mar 09 2026

Russia-linked hackers are targeting Signal and WhatsApp accounts of government and military officials worldwide, warns Dutch intelligence. Dutch intelligence agencies (MIVD and AIVD) warn of a global campaign by Russia-linked threat actors aiming to compromise Signal and WhatsApp accounts. The operation targets government officials, civil servants, and military personnel, highlighting growing cyber risks to sensitive […]

Security Affairs

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

Mon Mar 09 2026

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and...

The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Mon Mar 09 2026

Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real ones. The kind where the good guys showed up, did the work, and made a dent. It doesn't always...

The Hacker News

OpenAI says Codex Security found 11,000 high-impact bugs in a month

Mon Mar 09 2026

OpenAI’s new AppSec agent, Codex Security, has already flagged over 11,000 high-severity and critical flaws in real-world codebases during its first 30 days of research testing.

CSO Online

Cognizant’s TriZetto Provider Solutions data breach impacted over 3.4 million patients

Mon Mar 09 2026

A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant’s TriZetto Provider Solutions exposed sensitive information belonging to more than 3.4 million patients. At this time, no ransomware group has claimed responsibility for the attack yet. TriZetto Provider Solutions is a healthcare […]

Security Affairs

Can the Security Platform Finally Deliver for the Mid-Market?

Mon Mar 09 2026

Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your organization to remain competitive — and help win business — by easily demonstrating that you meet these...

The Hacker News

NIS-2: Tausende reißen BSI-Frist und riskieren Strafen

Mon Mar 09 2026

Das deutsche Gesetz zur Umsetzung der NIS-2-Richtlinie ist am 6.

CSO Online

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Mon Mar 09 2026

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below - QuickLens - Search Screen with...

The Hacker News

Anthropic Claude Opus AI model discovers 22 Firefox bugs

Mon Mar 09 2026

Anthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, released in January 2026. Anthropic discovered 22 security vulnerabilities in Firefox using its Claude Opus 4.6 AI model in January 2026. Mozilla addressed these issues in Firefox 148. The researchers state […]

Security Affairs

Rogues gallery: 15 worst ransomware groups active today

Mon Mar 09 2026

Ransomware-as-a-service (RaaS) models, double extortion tactics, and increasing adoption of AI characterize the evolving ransomware threat landscape.

CSO Online

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

Mon Mar 09 2026

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed...

The Hacker News

4 ways to prepare your SOC for agentic AI

Mon Mar 09 2026

a way to automate alert triage, threat investigation and eventually higher-level functions.

CSO Online

How AI Assistants are Moving the Security Goalposts

Sun Mar 08 2026

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

Krebs on Security

Critical Nginx UI flaw CVE-2026-27944 exposes server backups

Sun Mar 08 2026

Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-27944 (CVSS score of 9.8), allows attackers to download and decrypt full server backups without authentication. The flaw poses a serious risk to organizations exposing the management […]

Security Affairs

Massive GitHub malware operation spreads BoryptGrab stealer

Sun Mar 08 2026

Trend Micro found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system information, and user files. Trend Micro uncovered a campaign distributing the BoryptGrab information stealer through more than 100 GitHub repositories. BoryptGrab is designed to collect browser and cryptocurrency wallet data, system details, and common files. Some variants also deploy […]

Security Affairs

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87

Sun Mar 08 2026

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem!   StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer   Inside a fake Google security check that becomes a browser RAT   SloppyLemming […]

Security Affairs

Security Affairs newsletter Round 566 by Pierluigi Paganini – INTERNATIONAL EDITION

Sun Mar 08 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI probing intrusion into a system managing sensitive surveillance information Reading White House President Trump’s Cyber […]

Security Affairs

FBI probing intrusion into a system managing sensitive surveillance information

Sat Mar 07 2026

The Federal Bureau of Investigation (FBI) is probing suspicious activity on an internal system containing sensitive surveillance and investigation data. The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations, The Associated Press reports. According to a notification sent to members of the United […]

Security Affairs

Reading White House President Trump’s Cyber Strategy for America (March 2026)

Sat Mar 07 2026

White House released President Trump’s Cyber Strategy for America, framing cyberspace as a strategic domain to project power and counter growing cyber threats The White House has released “President Trump’s Cyber Strategy for America,” a document that outlines how the United States intends to maintain dominance in cyberspace and confront an increasingly hostile digital landscape. […]

Security Affairs

PQC roadmap remains hazy as vendors race for early advantage

Mon Mar 09 2026

Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent.

CSO Online

Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden

Mon Mar 09 2026

Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen.

CSO Online

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

Sat Mar 07 2026

OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identify...

The Hacker News

CBP Used Online Ad Data to Track Phone Locations

Sat Mar 07 2026

Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more.

Wired

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Sat Mar 07 2026

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in...

The Hacker News

How Each Gulf Country Is Intercepting Iranian Missiles and Drones

Sat Mar 07 2026

As missiles and drones cross the region’s skies, the Gulf’s layered air-defense networks—from THAAD to Patriot batteries—are being tested in real time.

Wired

Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence

Sat Mar 07 2026

Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support military activity and battle damage assessment (BDA). During the Israel-Iran tensions, researchers from Check Point Software Technologies observed […]

Security Affairs

Trump’s cyber strategy emphasizes offensive operations, deregulation, AI

Fri Mar 06 2026

The White House released President Donald Trump’s long-awaited cybersecurity strategy, a lean seven-page blueprint that breaks from past approaches by placing offensive cyber operations at the center

CSO Online

ClickFix attackers using new tactic to evade detection, says Microsoft

Fri Mar 06 2026

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft.

CSO Online

The Future of Iran’s Internet Is More Uncertain Than Ever

Fri Mar 06 2026

Iran’s internet shutdown has reduced connectivity by 99 percent, with air strikes likely causing additional outages, and few workarounds remaining.

Wired

Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations

Fri Mar 06 2026

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater  (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. “Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple […]

Security Affairs

Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short

Fri Mar 06 2026

Cybersecurity is, as it should be in this era of AI-driven cyberattacks, a regular item on enterprise board agendas.

CSO Online

FBI wiretap system tapped by hackers

Fri Mar 06 2026

The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported.

CSO Online

OAuth vulnerability in n8n automation platform could lead to system compromise

Fri Mar 06 2026

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, researchers at Imperva have discovered.

CSO Online

Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws

Fri Mar 06 2026

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise. […]

Security Affairs

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

Fri Mar 06 2026

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like...

The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Fri Mar 06 2026

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second...

The Hacker News

Targeted advertising is also targeting malware

Fri Mar 06 2026

Online ads are increasingly being used a means of introducing malware into organizations, according to The Media Trust.

CSO Online

Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer

Fri Mar 06 2026

Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex attack chain, ultimately deploying Lumma Stealer malware. The campaign uses social engineering to trick users into executing malicious commands, highlighting growing risks to Windows […]

Security Affairs