Cybersecurity
Breaking security alerts, vulnerability reports, and threat intelligence — verified from multiple independent sources.
Latest Alerts
INC Ransomware Targets Healthcare Systems Across Oceania
INC ransomware group attacked healthcare facilities and government agencies across Australia, New Zealand, and Tonga in recent coordinated strikes.
Xygeni GitHub Action Compromised in Supply Chain Attack
Attackers compromised AppSec vendor Xygeni's GitHub Action through tag poisoning, operating a command-and-control implant for up to one week.
Elementor Ally Plugin SQL Injection Hits 400K+ Sites
Critical SQL injection flaw in Elementor's Ally WordPress plugin exposes sensitive data on 400,000+ sites without authentication required.
CISA Orders Federal Agencies to Patch n8n RCE Flaw
CISA added an actively exploited n8n remote code execution vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by March 25.
Stryker Hit by Iranian Wiper Malware Attack
Medical device giant Stryker suffered a destructive wiper malware attack on March 11, 2026, claimed by Iranian-linked hacktivist group Handala.
PhantomRaven Campaign Hits npm with 88 Malicious Packages
New PhantomRaven supply-chain attack targets JavaScript developers through 88 malicious npm packages designed to steal sensitive development data.
Microsoft March 2026 Patch Tuesday Fixes Critical Flaws
Microsoft released March 2026 Patch Tuesday updates addressing multiple critical vulnerabilities across Windows and other products.
BlackSanta EDR Killer: Russian Hackers Use HR Departments to Disable Enterprise Security Tools
Russian-speaking threat actors have been deploying BlackSanta malware for over a year to evade EDR/XDR detection, specifically targeting HR departments as entry points. The campaign exploits HR email workflows to bypass security controls and gain persistent access to corporate systems.
BeatBanker Android Banking Malware 2026: Fake Starlink App Steals Banking Credentials
Discovered March 10, 2026 by BleepingComputer, BeatBanker is a new Android banking trojan disguised as a fake Starlink app on fake Google Play Store sites. It uses advanced evasion techniques and device control to steal banking credentials from victims.
Salesforce Mass-Scanning Attack: Hackers Exploit Misconfigured Guest User Settings on Experience Cloud
Since March 10, 2026, threat actors are mass-scanning Salesforce Experience Cloud instances looking for misconfigured guest user settings to gain unauthorized access to sensitive customer data. Salesforce confirmed the attacks and warned customers to review their organization security settings immediately.
Zombie ZIP: How Malformed Archives Let Malware Slip Past Antivirus and EDR Tools
Security researchers disclosed the Zombie ZIP technique on March 10, 2026 — a method exploiting malformed ZIP archive structures to hide malicious payloads from antivirus engines and EDR platforms, with no patch available and active use in the wild already documented via the Gootloader malware family.
Sednit APT28 Returns with Two Advanced Malware Tools Targeting European Defense & Government
Russia's APT28/Sednit group — the GRU's cyber arm active since 2004 — has been detected in March 2026 with two new sophisticated malware tools targeting government and defense organizations across Europe, marking a major tactical upgrade from years of basic implant usage.
Microsoft Patch Tuesday March 2026: 79 Flaws Fixed Including 2 Zero-Days and Critical Office RCEs
Microsoft's March 2026 Patch Tuesday (March 10) patches 79 vulnerabilities including 2 publicly disclosed zero-days (CVE-2026-21262 SQL Server EoP), 3 Critical flaws, and two Office RCEs (CVE-2026-26110, CVE-2026-26113) exploitable via the preview pane — plus a dangerous Excel/Copilot data exfiltration flaw (CVE-2026-26144).
HPE Patches Five Critical AOS-CX Flaws: RCE, Privilege Escalation and Session Hijacking
HPE released emergency patches on March 10, 2026 for five critical and high-severity vulnerabilities in Aruba Networking AOS-CX, including two command injection flaws enabling remote code execution, an SSH privilege escalation, a web session hijacking bug, and a port ACL bypass on CX 9300 switches. Immediate patching is required for all enterprise Aruba CX deployments.
KadNap Botnet Hijacks Thousands of ASUS Routers to Build Proxy Network
A new botnet campaign tracked as KadNap is actively hijacking thousands of ASUS routers, turning compromised devices into persistent proxy nodes used to route cybercriminal traffic — with backdoor access surviving reboots and firmware updates.
CISA adds Ivanti EPM flaw to exploited vulnerabilities list
CISA ordered federal agencies to patch a high-severity Ivanti Endpoint Manager vulnerability within three weeks after confirming active exploitation.
APT28 Deploys Custom Covenant Framework for Espionage
Russian APT28 hackers modified the open-source Covenant tool for persistent espionage campaigns targeting government and defense sectors.
Teams Phishing Campaign Deploys A0Backdoor Malware
Hackers targeted financial and healthcare employees via Microsoft Teams to deploy A0Backdoor malware through Quick Assist remote access.