Cybersecurity News, Threats & Vulnerability Alerts

Veeam Patches 5 Security Flaws, 3 Critical RCE Bugs

Veeam released March 2026 security updates for Backup & Replication 13, fixing five vulnerabilities including three critical remote code execution flaws.

DOJ Charges Second DigitalMint Employee in BlackCat Scheme

The Department of Justice charged another former DigitalMint employee for secretly partnering with BlackCat ransomware negotiators in an insider extortion operation.

CISA Adds Critical n8n RCE Flaw to KEV Catalog

CISA added CVE-2025-68613, a critical n8n expression injection vulnerability with active exploitation, to its Known Exploited Vulnerabilities catalog.

Legacy Industrial Controllers Sold on eBay Expose Critical Infrastructure

Outdated industrial control systems are being sold on eBay, creating cybersecurity risks for critical infrastructure operators.

INC Ransomware Targets Healthcare Systems Across Oceania

INC ransomware group attacked healthcare facilities and government agencies across Australia, New Zealand, and Tonga in recent coordinated strikes.

Xygeni GitHub Action Compromised in Supply Chain Attack

Attackers compromised AppSec vendor Xygeni's GitHub Action through tag poisoning, operating a command-and-control implant for up to one week.

Elementor Ally Plugin SQL Injection Hits 400K+ Sites

Critical SQL injection flaw in Elementor's Ally WordPress plugin exposes sensitive data on 400,000+ sites without authentication required.

CISA Orders Federal Agencies to Patch n8n RCE Flaw

CISA added an actively exploited n8n remote code execution vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by March 25.

Stryker Hit by Iranian Wiper Malware Attack

Medical device giant Stryker suffered a destructive wiper malware attack on March 11, 2026, claimed by Iranian-linked hacktivist group Handala.

PhantomRaven Campaign Hits npm with 88 Malicious Packages

New PhantomRaven supply-chain attack targets JavaScript developers through 88 malicious npm packages designed to steal sensitive development data.

Microsoft March 2026 Patch Tuesday Fixes Critical Flaws

Microsoft released March 2026 Patch Tuesday updates addressing multiple critical vulnerabilities across Windows and other products.

BlackSanta EDR Killer: Russian Hackers Use HR Departments to Disable Enterprise Security Tools

Russian-speaking threat actors have been deploying BlackSanta malware for over a year to evade EDR/XDR detection, specifically targeting HR departments as entry points. The campaign exploits HR email workflows to bypass security controls and gain persistent access to corporate systems.

BeatBanker Android Banking Malware 2026: Fake Starlink App Steals Banking Credentials

Discovered March 10, 2026 by BleepingComputer, BeatBanker is a new Android banking trojan disguised as a fake Starlink app on fake Google Play Store sites. It uses advanced evasion techniques and device control to steal banking credentials from victims.

Salesforce Mass-Scanning Attack: Hackers Exploit Misconfigured Guest User Settings on Experience Cloud

Since March 10, 2026, threat actors are mass-scanning Salesforce Experience Cloud instances looking for misconfigured guest user settings to gain unauthorized access to sensitive customer data. Salesforce confirmed the attacks and warned customers to review their organization security settings immediately.

Zombie ZIP: How Malformed Archives Let Malware Slip Past Antivirus and EDR Tools

Security researchers disclosed the Zombie ZIP technique on March 10, 2026 — a method exploiting malformed ZIP archive structures to hide malicious payloads from antivirus engines and EDR platforms, with no patch available and active use in the wild already documented via the Gootloader malware family.

Sednit APT28 Returns with Two Advanced Malware Tools Targeting European Defense & Government

Russia's APT28/Sednit group — the GRU's cyber arm active since 2004 — has been detected in March 2026 with two new sophisticated malware tools targeting government and defense organizations across Europe, marking a major tactical upgrade from years of basic implant usage.

Microsoft Patch Tuesday March 2026: 79 Flaws Fixed Including 2 Zero-Days and Critical Office RCEs

Microsoft's March 2026 Patch Tuesday (March 10) patches 79 vulnerabilities including 2 publicly disclosed zero-days (CVE-2026-21262 SQL Server EoP), 3 Critical flaws, and two Office RCEs (CVE-2026-26110, CVE-2026-26113) exploitable via the preview pane — plus a dangerous Excel/Copilot data exfiltration flaw (CVE-2026-26144).

HPE Patches Five Critical AOS-CX Flaws: RCE, Privilege Escalation and Session Hijacking

HPE released emergency patches on March 10, 2026 for five critical and high-severity vulnerabilities in Aruba Networking AOS-CX, including two command injection flaws enabling remote code execution, an SSH privilege escalation, a web session hijacking bug, and a port ACL bypass on CX 9300 switches. Immediate patching is required for all enterprise Aruba CX deployments.

FortiGate Firewalls Exploited in Network Breach Campaign

Attackers exploit FortiGate NGFW vulnerabilities and weak credentials to steal configuration files and breach corporate networks.

KadNap Malware Hijacks 14,000 Asus Routers for Botnet

New KadNap malware has infected over 14,000 Asus routers since August 2025, creating a botnet for proxying malicious traffic.

KadNap Botnet Hijacks Thousands of ASUS Routers to Build Proxy Network

A new botnet campaign tracked as KadNap is actively hijacking thousands of ASUS routers, turning compromised devices into persistent proxy nodes used to route cybercriminal traffic — with backdoor access surviving reboots and firmware updates.