Latest IT News, Cybersecurity Alerts & Tech Innovations

Elementor Ally Plugin SQL Injection Hits 400K+ Sites

Critical SQL injection flaw in Elementor's Ally WordPress plugin exposes sensitive data on 400,000+ sites without authentication required.

CISA Orders Federal Agencies to Patch n8n RCE Flaw

CISA added an actively exploited n8n remote code execution vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by March 25.

Microsoft Unveils Xbox Mode for Windows 11 at GDC 2026

Microsoft announced Xbox Mode for Windows 11 PCs at GDC 2026, unifying gaming development through a shared Game Development Kit.

Stryker Hit by Iranian Wiper Malware Attack

Medical device giant Stryker suffered a destructive wiper malware attack on March 11, 2026, claimed by Iranian-linked hacktivist group Handala.

PhantomRaven Campaign Hits npm with 88 Malicious Packages

New PhantomRaven supply-chain attack targets JavaScript developers through 88 malicious npm packages designed to steal sensitive development data.

Microsoft March 2026 Patch Tuesday Fixes Critical Flaws

Microsoft released March 2026 Patch Tuesday updates addressing multiple critical vulnerabilities across Windows and other products.

Ubuntu 26.04 LTS Changes 40-Year sudo Password Display

Ubuntu 26.04 LTS will show asterisks when typing sudo passwords, ending four decades of hidden password input tradition.

Meta Deploys AI-Powered Anti-Scam Tools Across Platforms

Meta launched new AI-driven scam protection systems on March 11, 2026, targeting fraudulent accounts across WhatsApp, Facebook, and Messenger.

Meta Disables 150,000 Scam Accounts in Southeast Asia

Meta shut down over 150,000 accounts linked to Southeast Asian scam operations through international law enforcement coordination.

Outlook for Windows Adds Offline File Attachment Support

Microsoft Outlook for Windows now lets users attach files while offline and automatically sends them when connectivity returns.

Windows 11 Gets March 2026 Updates KB5079473 and KB5078883

Microsoft released two cumulative updates for Windows 11 on March 10, 2026, addressing security patches and system improvements across both 23H2 and 24H2 versions.

Windows 10 Gets March 2026 ESU Update KB5078885

Microsoft released the Extended Security Update KB5078885 for Windows 10 on March 10, 2026, continuing critical security patches for enterprise customers beyond end-of-support.

BlackSanta EDR Killer: Russian Hackers Use HR Departments to Disable Enterprise Security Tools

Russian-speaking threat actors have been deploying BlackSanta malware for over a year to evade EDR/XDR detection, specifically targeting HR departments as entry points. The campaign exploits HR email workflows to bypass security controls and gain persistent access to corporate systems.

BeatBanker Android Banking Malware 2026: Fake Starlink App Steals Banking Credentials

Discovered March 10, 2026 by BleepingComputer, BeatBanker is a new Android banking trojan disguised as a fake Starlink app on fake Google Play Store sites. It uses advanced evasion techniques and device control to steal banking credentials from victims.

Salesforce Mass-Scanning Attack: Hackers Exploit Misconfigured Guest User Settings on Experience Cloud

Since March 10, 2026, threat actors are mass-scanning Salesforce Experience Cloud instances looking for misconfigured guest user settings to gain unauthorized access to sensitive customer data. Salesforce confirmed the attacks and warned customers to review their organization security settings immediately.

Zombie ZIP: How Malformed Archives Let Malware Slip Past Antivirus and EDR Tools

Security researchers disclosed the Zombie ZIP technique on March 10, 2026 — a method exploiting malformed ZIP archive structures to hide malicious payloads from antivirus engines and EDR platforms, with no patch available and active use in the wild already documented via the Gootloader malware family.

Sednit APT28 Returns with Two Advanced Malware Tools Targeting European Defense & Government

Russia's APT28/Sednit group — the GRU's cyber arm active since 2004 — has been detected in March 2026 with two new sophisticated malware tools targeting government and defense organizations across Europe, marking a major tactical upgrade from years of basic implant usage.

Microsoft releases Windows 10 KB5078885 security update

Microsoft released Windows 10 KB5078885 extended security update on March 10, 2026, patching two zero-day vulnerabilities and a shutdown bug.

Microsoft Patch Tuesday March 2026: 79 Flaws Fixed Including 2 Zero-Days and Critical Office RCEs

Microsoft's March 2026 Patch Tuesday (March 10) patches 79 vulnerabilities including 2 publicly disclosed zero-days (CVE-2026-21262 SQL Server EoP), 3 Critical flaws, and two Office RCEs (CVE-2026-26110, CVE-2026-26113) exploitable via the preview pane — plus a dangerous Excel/Copilot data exfiltration flaw (CVE-2026-26144).

Microsoft makes Autopatch default for Windows security updates

Microsoft enabled Windows Autopatch by default for enterprise customers to automatically deploy security updates across managed devices.

HPE Patches Five Critical AOS-CX Flaws: RCE, Privilege Escalation and Session Hijacking

HPE released emergency patches on March 10, 2026 for five critical and high-severity vulnerabilities in Aruba Networking AOS-CX, including two command injection flaws enabling remote code execution, an SSH privilege escalation, a web session hijacking bug, and a port ACL bypass on CX 9300 switches. Immediate patching is required for all enterprise Aruba CX deployments.