CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

Thu Mar 12 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched...

The Hacker News

Wie CISOs schlechte Angebote enttarnen

Thu Mar 12 2026

Drum prüfe…Ground Picture | shutterstock.

CSO Online

Resumés with malicious ISO attachments are circulating, says Aryaka

Wed Mar 11 2026

Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails.

CSO Online

CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws

Wed Mar 11 2026

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the

CSO Online

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Wed Mar 11 2026

Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio...

The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Wed Mar 11 2026

Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated...

The Hacker News

Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown

Wed Mar 11 2026

Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The effort also led to 21 arrests made by the Royal Thai Police, the company said. The action builds upon...

The Hacker News

AWS expands Security Hub for multicloud security operations

Wed Mar 11 2026

Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations platform capable of aggregating risk signals across multicloud environments.

CSO Online

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

Wed Mar 11 2026

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization...

The Hacker News

Meta Ramps Up Efforts to Disrupt Industrialized Scamming

Wed Mar 11 2026

Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday.

Wired

Overly permissive ‘guest’ settings put Salesforce customers at risk

Wed Mar 11 2026

Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Sal

CSO Online

What Boards Must Demand in the Age of AI-Automated Exploitation

Wed Mar 11 2026

“You knew, and you could have acted. Why didn’t you?”  This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident. For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing...

The Hacker News

Did cybersecurity recently have its Gatling gun moment?

Wed Mar 11 2026

On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of ki

CSO Online

Why zero trust breaks down in IoT and OT environments

Wed Mar 11 2026

Zero trust solves the wrong problem in OT Zero trust has become the dominant security narrative of the past decade, and rightly so.

CSO Online

Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

Wed Mar 11 2026

HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network

CSO Online

A 5-step approach to taming shadow AI

Wed Mar 11 2026

AI is being leveraged across organizations to boost productivity, accelerate innovation and optimize business processes.

CSO Online

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Wed Mar 11 2026

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four...

The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

Wed Mar 11 2026

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used this...

The Hacker News

12 ways attackers abuse cloud services to hack your enterprise

Wed Mar 11 2026

Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic.

CSO Online

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Wed Mar 11 2026

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March...

The Hacker News

6 Mittel gegen Security-Tool-Wildwuchs

Wed Mar 11 2026

loading="lazy" width="400px">Viel hilft nicht immer viel.

CSO Online

Jack & Jill went up the hill — and an AI tried to hack them

Wed Mar 11 2026

What happens when an autonomous AI agent is turned loose on another autonomous AI agent? It chains together bugs that humans would consider benign, easily bypasses authentication controls, and even un

CSO Online

March Patch Tuesday: Three high severity holes in Microsoft Office

Tue Mar 10 2026

Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities.

CSO Online

DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders

Tue Mar 10 2026

Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned.

Wired

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Tue Mar 10 2026

Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has...

The Hacker News

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Tue Mar 10 2026

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology...

The Hacker News

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Tue Mar 10 2026

Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus Labs team at Lumen. A lesser number of...

The Hacker News

GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps

Tue Mar 10 2026

Delivery apps are glitching and navigation routes are changing abruptly thanks to electronic warfare disrupting the satellite signals that power everything from missiles to your ride home.

Wired

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Tue Mar 10 2026

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in...

The Hacker News

Devs looking for OpenClaw get served a GhostClaw RAT

Tue Mar 10 2026

A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research.

CSO Online

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Tue Mar 10 2026

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,...

The Hacker News

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

Tue Mar 10 2026

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,...

The Hacker News

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

Tue Mar 10 2026

When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing

CSO Online

OpenAI to acquire Promptfoo to strengthen AI agent security testing

Tue Mar 10 2026

OpenAI said it plans to acquire AI testing startup Promptfoo, a move aimed at strengthening security checks for AI agents as enterprises move toward deploying autonomous systems in business workflows.

CSO Online

Why access decisions are becoming the weakest link in identity security

Tue Mar 10 2026

In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in.

CSO Online

I replaced manual pen tests with automation. Here’s what I learned.

Tue Mar 10 2026

More accreditation and compliance requirements have been added in response to cyber incidents.

CSO Online

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Tue Mar 10 2026

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive...

The Hacker News

When AI safety constrains defenders more than attackers

Tue Mar 10 2026

Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows.

CSO Online

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

Tue Mar 10 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that...

The Hacker News

Hacker abusing .arpa domain to evade phishing detection, says Infoblox

Tue Mar 10 2026

A threat actor has found a new way to evade phishing detection defenses: Manipulate the .

CSO Online

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Mon Mar 09 2026

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for...

The Hacker News

CVE program funding secured, easing fears of repeat crisis

Mon Mar 09 2026

The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and Exposures Program in a way that elim

CSO Online

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

Mon Mar 09 2026

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and...

The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Mon Mar 09 2026

Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real ones. The kind where the good guys showed up, did the work, and made a dent. It doesn't always...

The Hacker News

OpenAI says Codex Security found 11,000 high-impact bugs in a month

Mon Mar 09 2026

OpenAI’s new AppSec agent, Codex Security, has already flagged over 11,000 high-severity and critical flaws in real-world codebases during its first 30 days of research testing.

CSO Online

Can the Security Platform Finally Deliver for the Mid-Market?

Mon Mar 09 2026

Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your organization to remain competitive — and help win business — by easily demonstrating that you meet these...

The Hacker News

NIS-2: Tausende reißen BSI-Frist und riskieren Strafen

Mon Mar 09 2026

Das deutsche Gesetz zur Umsetzung der NIS-2-Richtlinie ist am 6.

CSO Online

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Mon Mar 09 2026

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below - QuickLens - Search Screen with...

The Hacker News

Rogues gallery: 15 worst ransomware groups active today

Mon Mar 09 2026

Ransomware-as-a-service (RaaS) models, double extortion tactics, and increasing adoption of AI characterize the evolving ransomware threat landscape.

CSO Online

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

Mon Mar 09 2026

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed...

The Hacker News

4 ways to prepare your SOC for agentic AI

Mon Mar 09 2026

a way to automate alert triage, threat investigation and eventually higher-level functions.

CSO Online

PQC roadmap remains hazy as vendors race for early advantage

Mon Mar 09 2026

Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent.

CSO Online

Tarnung als Taktik: Warum Ransomware-Angriffe raffinierter werden

Mon Mar 09 2026

Statt eines kurzen, aber sehr schmerzhaften Stiches setzen Cyberkrimelle zunehmend darauf, sich in ihren Opfern festzubeißen und beständig auszusaugen.

CSO Online

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

Sat Mar 07 2026

OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identify...

The Hacker News

CBP Used Online Ad Data to Track Phone Locations

Sat Mar 07 2026

Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more.

Wired

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Sat Mar 07 2026

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in...

The Hacker News

How Each Gulf Country Is Intercepting Iranian Missiles and Drones

Sat Mar 07 2026

As missiles and drones cross the region’s skies, the Gulf’s layered air-defense networks—from THAAD to Patriot batteries—are being tested in real time.

Wired

Trump’s cyber strategy emphasizes offensive operations, deregulation, AI

Fri Mar 06 2026

The White House released President Donald Trump’s long-awaited cybersecurity strategy, a lean seven-page blueprint that breaks from past approaches by placing offensive cyber operations at the center

CSO Online

ClickFix attackers using new tactic to evade detection, says Microsoft

Fri Mar 06 2026

Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft.

CSO Online

The Future of Iran’s Internet Is More Uncertain Than Ever

Fri Mar 06 2026

Iran’s internet shutdown has reduced connectivity by 99 percent, with air strikes likely causing additional outages, and few workarounds remaining.

Wired

Only 30 minutes per quarter on cyber risk: Why CISO-board conversations are falling short

Fri Mar 06 2026

Cybersecurity is, as it should be in this era of AI-driven cyberattacks, a regular item on enterprise board agendas.

CSO Online

FBI wiretap system tapped by hackers

Fri Mar 06 2026

The US Federal Bureau of Investigation (FBI) has identified a suspected incident on a network used to manage wiretaps and foreign intelligence surveillance warrants, CNN reported.

CSO Online

OAuth vulnerability in n8n automation platform could lead to system compromise

Fri Mar 06 2026

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, researchers at Imperva have discovered.

CSO Online

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

Fri Mar 06 2026

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like...

The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Fri Mar 06 2026

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second...

The Hacker News

Targeted advertising is also targeting malware

Fri Mar 06 2026

Online ads are increasingly being used a means of introducing malware into organizations, according to The Media Trust.

CSO Online