Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Fri Mar 13 2026

Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows - CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21667 (...

The Hacker News

10 Kennzahlen, die CISOs weiterbringen

Fri Mar 13 2026

Geht es um Security-Kennzahlen, sollten CISOs sich auf das Wesentliche fokussieren.

CSO Online

Telus Digital hit with massive data breach

Fri Mar 13 2026

Telus Digital, which provides business process outsourcing (BPO) services to a range of organizations worldwide, has been hit with a massive cyberattack conducted by extortion group ShinyHunters The g

CSO Online

Medical giant Stryker crippled after Iranian hackers remotely wipe computers

Thu Mar 12 2026

A major cyberattack on US medical supplies giant Stryker has resulted in thousands of devices being remotely wiped, after a pro-Iranian hacking group may have compromised the company’s Microsoft Intun

CSO Online

US Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access

Thu Mar 12 2026

A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline.

Wired

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Thu Mar 12 2026

Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian...

The Hacker News

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Thu Mar 12 2026

Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to take...

The Hacker News

How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks

Thu Mar 12 2026

Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks.

Wired

How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs

Thu Mar 12 2026

Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helps...

The Hacker News

ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

Thu Mar 12 2026

Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how...

The Hacker News

PhantomRaven returns to npm with 88 bad packages

Thu Mar 12 2026

Last year’s “PhantomRaven” supply-chain campaign is back, with security researchers uncovering 88 new malicious packages in what they describe as the second, third, and fourth waves of the operation.

CSO Online

Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload

Thu Mar 12 2026

The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity industry has focused on the front door of phishing defense: employee training, email gateways that...

The Hacker News

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Thu Mar 12 2026

Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit. The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was...

The Hacker News

North Korean fake IT worker tradecraft exposed

Thu Mar 12 2026

Research from GitLab has exposed the latest tradecraft behind North Korean fake IT worker scams.

CSO Online

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Thu Mar 12 2026

Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT. PixRevolution, according to...

The Hacker News

AI use is changing how much companies pay for cyber insurance

Thu Mar 12 2026

In July 2025, McDonald’s had an unexpected problem on the menu, one involving McHire, its AI-powered platform used to recruit and screen job applicants.

CSO Online

“Zombie ZIP”: Neue Angriffstechnik täuscht Virenscanner

Thu Mar 12 2026

Mithilfe sogenannter Zombie-ZIPs lassen sich fast alle Virenscanner austricksen.

CSO Online

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

Thu Mar 12 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched...

The Hacker News

Wie CISOs schlechte Angebote enttarnen

Thu Mar 12 2026

Drum prüfe…Ground Picture | shutterstock.

CSO Online

Resumés with malicious ISO attachments are circulating, says Aryaka

Wed Mar 11 2026

Threat actors are still having success tricking human resources staff into opening malware-infected phishing emails.

CSO Online

CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws

Wed Mar 11 2026

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the

CSO Online

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Wed Mar 11 2026

Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio...

The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Wed Mar 11 2026

Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated...

The Hacker News

Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown

Wed Mar 11 2026

Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The effort also led to 21 arrests made by the Royal Thai Police, the company said. The action builds upon...

The Hacker News

AWS expands Security Hub for multicloud security operations

Wed Mar 11 2026

Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations platform capable of aggregating risk signals across multicloud environments.

CSO Online

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

Wed Mar 11 2026

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO) CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization...

The Hacker News

Meta Ramps Up Efforts to Disrupt Industrialized Scamming

Wed Mar 11 2026

Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday.

Wired

Overly permissive ‘guest’ settings put Salesforce customers at risk

Wed Mar 11 2026

Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Sal

CSO Online

What Boards Must Demand in the Age of AI-Automated Exploitation

Wed Mar 11 2026

“You knew, and you could have acted. Why didn’t you?”  This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident. For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing...

The Hacker News

Why zero trust breaks down in IoT and OT environments

Wed Mar 11 2026

Zero trust solves the wrong problem in OT Zero trust has become the dominant security narrative of the past decade, and rightly so.

CSO Online

Did cybersecurity recently have its Gatling gun moment?

Wed Mar 11 2026

On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of ki

CSO Online

Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials

Wed Mar 11 2026

HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software, the most severe of which could let a remote attacker take administrative control of enterprise network

CSO Online

A 5-step approach to taming shadow AI

Wed Mar 11 2026

AI is being leveraged across organizations to boost productivity, accelerate innovation and optimize business processes.

CSO Online

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Wed Mar 11 2026

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four...

The Hacker News

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

Wed Mar 11 2026

A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used this...

The Hacker News

12 ways attackers abuse cloud services to hack your enterprise

Wed Mar 11 2026

Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic.

CSO Online

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Wed Mar 11 2026

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below - chrono_anchor dnp3times time_calibrator time_calibrators time-sync The crates, per Socket, impersonate timeapi.io and were published between late February and early March...

The Hacker News

6 Mittel gegen Security-Tool-Wildwuchs

Wed Mar 11 2026

loading="lazy" width="400px">Viel hilft nicht immer viel.

CSO Online

Jack & Jill went up the hill — and an AI tried to hack them

Wed Mar 11 2026

What happens when an autonomous AI agent is turned loose on another autonomous AI agent? It chains together bugs that humans would consider benign, easily bypasses authentication controls, and even un

CSO Online

March Patch Tuesday: Three high severity holes in Microsoft Office

Tue Mar 10 2026

Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities.

CSO Online

DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders

Tue Mar 10 2026

Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned.

Wired

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Tue Mar 10 2026

Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity involves the exploitation of recently disclosed security vulnerabilities or weak credentials to extract configuration files containing service account credentials and network topology...

The Hacker News

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Tue Mar 10 2026

Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" for hackers. The Problem: "The Invisible Employee" Think of an AI Agent like a new employee who has...

The Hacker News

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Tue Mar 10 2026

Cybersecurity researchers have discovered a new malware called KadNap that's primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus Labs team at Lumen. A lesser number of...

The Hacker News

GPS Attacks Near Iran Are Wreaking Havoc on Delivery and Mapping Apps

Tue Mar 10 2026

Delivery apps are glitching and navigation routes are changing abruptly thanks to electronic warfare disrupting the satellite signals that power everything from missiles to your ride home.

Wired

New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Tue Mar 10 2026

Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims' databases and exfiltrate sensitive data within organizations' Google Cloud environments. The shortcomings have been collectively named LeakyLooker by Tenable. There is no evidence that the vulnerabilities were exploited in...

The Hacker News

Devs looking for OpenClaw get served a GhostClaw RAT

Tue Mar 10 2026

A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research.

CSO Online

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Tue Mar 10 2026

You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when it does. The problem is that most teams have more internet-facing exposure than they realise. Intruder's Head of Security digs into why this happens and how teams can manage it deliberately. Time-to-exploit is shrinking The larger and less controlled your attack surface is,...

The Hacker News

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

Tue Mar 10 2026

The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa,...

The Hacker News

The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix

Tue Mar 10 2026

When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing

CSO Online

OpenAI to acquire Promptfoo to strengthen AI agent security testing

Tue Mar 10 2026

OpenAI said it plans to acquire AI testing startup Promptfoo, a move aimed at strengthening security checks for AI agents as enterprises move toward deploying autonomous systems in business workflows.

CSO Online

Why access decisions are becoming the weakest link in identity security

Tue Mar 10 2026

In my nearly two decades leading identity and risk programs, I’ve learned a sobering truth that every CISO eventually confronts: hackers don’t hack in — they log in.

CSO Online

I replaced manual pen tests with automation. Here’s what I learned.

Tue Mar 10 2026

More accreditation and compliance requirements have been added in response to cyber incidents.

CSO Online

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Tue Mar 10 2026

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of customers' overly permissive Experience Cloud guest user configurations to obtain access to sensitive...

The Hacker News

When AI safety constrains defenders more than attackers

Tue Mar 10 2026

Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows.

CSO Online

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

Tue Mar 10 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that...

The Hacker News

Hacker abusing .arpa domain to evade phishing detection, says Infoblox

Tue Mar 10 2026

A threat actor has found a new way to evade phishing detection defenses: Manipulate the .

CSO Online

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Mon Mar 09 2026

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai" on March 3, 2026. It has been downloaded 178 times to date. The library is still available for...

The Hacker News

CVE program funding secured, easing fears of repeat crisis

Mon Mar 09 2026

The Cybersecurity and Infrastructure Security Agency and the MITRE Corporation have renegotiated the contract supporting the 26-year-old Common Vulnerabilities and Exposures Program in a way that elim

CSO Online

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device

Mon Mar 09 2026

The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and...

The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Mon Mar 09 2026

Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real ones. The kind where the good guys showed up, did the work, and made a dent. It doesn't always...

The Hacker News

OpenAI says Codex Security found 11,000 high-impact bugs in a month

Mon Mar 09 2026

OpenAI’s new AppSec agent, Codex Security, has already flagged over 11,000 high-severity and critical flaws in real-world codebases during its first 30 days of research testing.

CSO Online

Can the Security Platform Finally Deliver for the Mid-Market?

Mon Mar 09 2026

Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your organization to remain competitive — and help win business — by easily demonstrating that you meet these...

The Hacker News

NIS-2: Tausende reißen BSI-Frist und riskieren Strafen

Mon Mar 09 2026

Das deutsche Gesetz zur Umsetzung der NIS-2-Richtlinie ist am 6.

CSO Online

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Mon Mar 09 2026

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below - QuickLens - Search Screen with...

The Hacker News

Rogues gallery: 15 worst ransomware groups active today

Mon Mar 09 2026

Ransomware-as-a-service (RaaS) models, double extortion tactics, and increasing adoption of AI characterize the evolving ransomware threat landscape.

CSO Online

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

Mon Mar 09 2026

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed...

The Hacker News

4 ways to prepare your SOC for agentic AI

Mon Mar 09 2026

a way to automate alert triage, threat investigation and eventually higher-level functions.

CSO Online

PQC roadmap remains hazy as vendors race for early advantage

Mon Mar 09 2026

Post-quantum cryptography (PQC) has long sat on the periphery of enterprise security, with experts calling it inevitable but not urgent.

CSO Online