Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Wed Mar 11 2026

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March...

The Hacker News

6 Mittel gegen Security-Tool-Wildwuchs

Wed Mar 11 2026

loading="lazy" width="400px">Viel hilft nicht immer viel.

CSO Online

Jack & Jill went up the hill — and an AI tried to hack them

Wed Mar 11 2026

What happens when an autonomous AI agent is turned loose on another autonomous AI agent? It chains together bugs that humans would consider benign, easily bypasses authentication controls, and even un

CSO Online

March Patch Tuesday: Three high severity holes in Microsoft Office

Tue Mar 10 2026

Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities.

CSO Online

DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders

Tue Mar 10 2026

Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned.

Wired

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Tue Mar 10 2026

Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has...

The Hacker News

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Tue Mar 10 2026

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology...

The Hacker News

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Tue Mar 10 2026

Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus Labs team at Lumen. A lesser number of...

The Hacker News

GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps

Tue Mar 10 2026

Delivery apps are glitching and navigation routes are changing abruptly thanks to electronic warfare disrupting the satellite signals that power everything from missiles to your ride home.

Wired

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Tue Mar 10 2026

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in...

The Hacker News

Devs looking for OpenClaw get served a GhostClaw RAT

Tue Mar 10 2026

A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research.

CSO Online

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Tue Mar 10 2026

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,...

The Hacker News

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

Tue Mar 10 2026

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,...

The Hacker News

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

Tue Mar 10 2026

When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing

CSO Online

OpenAI to acquire Promptfoo to strengthen AI agent security testing

Tue Mar 10 2026

OpenAI said it plans to acquire AI testing startup Promptfoo, a move aimed at strengthening security checks for AI agents as enterprises move toward deploying autonomous systems in business workflows.

CSO Online

Why access decisions are becoming the weakest link in identity security

Tue Mar 10 2026

In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in.

CSO Online

I replaced manual pen tests with automation. Here’s what I learned.

Tue Mar 10 2026

More accreditation and compliance requirements have been added in response to cyber incidents.

CSO Online

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Tue Mar 10 2026

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive...

The Hacker News

When AI safety constrains defenders more than attackers

Tue Mar 10 2026

Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows.

CSO Online

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

Tue Mar 10 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that...

The Hacker News

Hacker abusing .arpa domain to evade phishing detection, says Infoblox

Tue Mar 10 2026

A threat actor has found a new way to evade phishing detection defenses: Manipulate the .

CSO Online

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Mon Mar 09 2026

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for...

The Hacker News

CVE program funding secured, easing fears of repeat crisis

Mon Mar 09 2026

The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and Exposures Program in a way that elim

CSO Online

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

Mon Mar 09 2026

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and...

The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Mon Mar 09 2026

Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real ones. The kind where the good guys showed up, did the work, and made a dent. It doesn't always...

The Hacker News

OpenAI says Codex Security found 11,000 high-impact bugs in a month

Mon Mar 09 2026

OpenAI’s new AppSec agent, Codex Security, has already flagged over 11,000 high-severity and critical flaws in real-world codebases during its first 30 days of research testing.

CSO Online

Can the Security Platform Finally Deliver for the Mid-Market?

Mon Mar 09 2026

Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your organization to remain competitive — and help win business — by easily demonstrating that you meet these...

The Hacker News

NIS-2: Tausende reißen BSI-Frist und riskieren Strafen

Mon Mar 09 2026

Das deutsche Gesetz zur Umsetzung der NIS-2-Richtlinie ist am 6.

CSO Online

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Mon Mar 09 2026

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below - QuickLens - Search Screen with...

The Hacker News

Rogues gallery: 15 worst ransomware groups active today

Mon Mar 09 2026

Ransomware-as-a-service (RaaS) models, double extortion tactics, and increasing adoption of AI characterize the evolving ransomware threat landscape.

CSO Online

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

Mon Mar 09 2026

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed...

The Hacker News

4 ways to prepare your SOC for agentic AI

Mon Mar 09 2026

a way to automate alert triage, threat investigation and eventually higher-level functions.

CSO Online

PQC roadmap remains hazy as vendors race for early advantage

Mon Mar 09 2026

Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent.

CSO Online

Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden

Mon Mar 09 2026

Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen.

CSO Online

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

Sat Mar 07 2026

OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identify...

The Hacker News

CBP Used Online Ad Data to Track Phone Locations

Sat Mar 07 2026

Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more.

Wired

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Sat Mar 07 2026

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in...

The Hacker News

How Each Gulf Country Is Intercepting Iranian Missiles and Drones

Sat Mar 07 2026

As missiles and drones cross the region’s skies, the Gulf’s layered air-defense networks—from THAAD to Patriot batteries—are being tested in real time.

Wired

Trump’s cyber strategy emphasizes offensive operations, deregulation, AI

Fri Mar 06 2026

The White House released President Donald Trump’s long-awaited cybersecurity strategy, a lean seven-page blueprint that breaks from past approaches by placing offensive cyber operations at the center

CSO Online

ClickFix attackers using new tactic to evade detection, says Microsoft

Fri Mar 06 2026

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft.

CSO Online

The Future of Iran’s Internet Is More Uncertain Than Ever

Fri Mar 06 2026

Iran’s internet shutdown has reduced connectivity by 99 percent, with air strikes likely causing additional outages, and few workarounds remaining.

Wired

Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short

Fri Mar 06 2026

Cybersecurity is, as it should be in this era of AI-driven cyberattacks, a regular item on enterprise board agendas.

CSO Online

FBI wiretap system tapped by hackers

Fri Mar 06 2026

The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported.

CSO Online

OAuth vulnerability in n8n automation platform could lead to system compromise

Fri Mar 06 2026

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, researchers at Imperva have discovered.

CSO Online

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

Fri Mar 06 2026

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like...

The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Fri Mar 06 2026

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second...

The Hacker News

Targeted advertising is also targeting malware

Fri Mar 06 2026

Online ads are increasingly being used a means of introducing malware into organizations, according to The Media Trust.

CSO Online

From Ukraine to Iran, Hacking Security Cameras Is Now Part of War’s ‘Playbook’

Fri Mar 06 2026

New research shows hundreds of attempts by apparent Iranian state hackers to hijack consumer-grade cameras, timed to missile and drone strikes. Israel, Russia, and Ukraine have also adopted this trick.

Wired

The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity

Fri Mar 06 2026

Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and processes....

The Hacker News

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

Fri Mar 06 2026

New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It's affiliated with the Iranian...

The Hacker News

Teenage hacker myth primed for a middle-age criminal makeover

Fri Mar 06 2026

The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update.

CSO Online

China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks

Fri Mar 06 2026

A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow. It's worth...

The Hacker News

Challenges and projects for the CISO in 2026

Fri Mar 06 2026

Sophisticated attacks and the incorporation of AI tools, talent shortages, and tight budgets are some of the challenges commonly cited when it comes to managing cybersecurity in organizations.

CSO Online

Zero-day exploits hit enterprises faster and harder

Fri Mar 06 2026

Google tracked 90 vulnerabilities exploited as zero-days last year, with Chinese cyberespionage groups doubling their count from 2024 and commercial surveillance vendors overtaking state-sponsored hac

CSO Online

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Fri Mar 06 2026

Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the Windows Run dialog and paste a command...

The Hacker News

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog

Fri Mar 06 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below - CVE-2017-7921 (CVSS score: 9.8) - An improper authentication vulnerability affecting...

The Hacker News

7 Anzeichen für akuten MSSP-Bedarf

Fri Mar 06 2026

Managed Security Service Provider können das Sicherheitsniveau nachhaltig steigern.

CSO Online

Europa im Visier von Cyber-Identitätsdieben

Fri Mar 06 2026

Deutsche Unternehmen müssen sich warm anziehen: Sowohl staatliche als auch „private“ Akteure haben es auf sie abgesehen.

CSO Online

LeakBase marketplace unplugged by cops in 14 countries

Fri Mar 06 2026

The LeakBase cyberforum, considered one of the world’s largest online marketplaces for cybercriminals to buy and sell stolen data and cybercrime tools, has been seized by the US, and arrests have also

CSO Online

Here’s Every Country Directly Impacted by the War on Iran

Thu Mar 05 2026

As the conflict in the Middle East continues to escalate, more than a dozen countries in the region have reportedly been affected by air strikes.

Wired

The Controversies Finally Caught Up to Kristi Noem

Thu Mar 05 2026

Donald Trump said he would replace the secretary of the Department of Homeland Security. Noem’s tenure was marked by aggressive anti-immigration tactics and ICE and CBP’s killing of two US protesters.

Wired

Cisco issues emergency patches for critical firewall vulnerabilities

Thu Mar 05 2026

Cisco has handed security teams one of the largest ever patching workloads affecting its firewall products, including fixes for two ‘perfect 10’ vulnerabilities in the company’s Secure Firewall Manage

CSO Online

Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders

Thu Mar 05 2026

Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting encrypted data and storing it so it can be decrypted later using quantum computers. This tactic—known as “harvest now, decrypt later”—means sensitive data transmitted today could become...

The Hacker News

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

Thu Mar 05 2026

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2026-20122 (CVSS score: 7.1) - An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system....

The Hacker News

Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year

Thu Mar 05 2026

Google’s threat intelligence researchers have identified a sophisticated exploit kit targeting iPhones that was first used by a commercial surveillance vendor’s customer before being repurposed by a s

CSO Online

ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More

Thu Mar 05 2026

Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of what is happening...

The Hacker News