Cybersecurity News, Threats & Vulnerability Alerts
BlackSanta EDR Killer: Russian Hackers Use HR Departments to Disable Enterprise Security Tools
Russian-speaking threat actors have been deploying BlackSanta malware for over a year to evade EDR/XDR detection, specifically targeting HR departments as entry points. The campaign exploits HR email workflows to bypass security controls and gain persistent access to corporate systems.
BeatBanker Android Banking Malware 2026: Fake Starlink App Steals Banking Credentials
Discovered March 10, 2026 by BleepingComputer, BeatBanker is a new Android banking trojan disguised as a fake Starlink app on fake Google Play Store sites. It uses advanced evasion techniques and device control to steal banking credentials from victims.
Salesforce Mass-Scanning Attack: Hackers Exploit Misconfigured Guest User Settings on Experience Cloud
Since March 10, 2026, threat actors are mass-scanning Salesforce Experience Cloud instances looking for misconfigured guest user settings to gain unauthorized access to sensitive customer data. Salesforce confirmed the attacks and warned customers to review their organization security settings immediately.
Zombie ZIP: How Malformed Archives Let Malware Slip Past Antivirus and EDR Tools
Security researchers disclosed the Zombie ZIP technique on March 10, 2026 — a method exploiting malformed ZIP archive structures to hide malicious payloads from antivirus engines and EDR platforms, with no patch available and active use in the wild already documented via the Gootloader malware family.
Sednit APT28 Returns with Two Advanced Malware Tools Targeting European Defense & Government
Russia's APT28/Sednit group — the GRU's cyber arm active since 2004 — has been detected in March 2026 with two new sophisticated malware tools targeting government and defense organizations across Europe, marking a major tactical upgrade from years of basic implant usage.
Microsoft Patch Tuesday March 2026: 79 Flaws Fixed Including 2 Zero-Days and Critical Office RCEs
Microsoft's March 2026 Patch Tuesday (March 10) patches 79 vulnerabilities including 2 publicly disclosed zero-days (CVE-2026-21262 SQL Server EoP), 3 Critical flaws, and two Office RCEs (CVE-2026-26110, CVE-2026-26113) exploitable via the preview pane — plus a dangerous Excel/Copilot data exfiltration flaw (CVE-2026-26144).
HPE Patches Five Critical AOS-CX Flaws: RCE, Privilege Escalation and Session Hijacking
HPE released emergency patches on March 10, 2026 for five critical and high-severity vulnerabilities in Aruba Networking AOS-CX, including two command injection flaws enabling remote code execution, an SSH privilege escalation, a web session hijacking bug, and a port ACL bypass on CX 9300 switches. Immediate patching is required for all enterprise Aruba CX deployments.
KadNap Botnet Hijacks Thousands of ASUS Routers to Build Proxy Network
A new botnet campaign tracked as KadNap is actively hijacking thousands of ASUS routers, turning compromised devices into persistent proxy nodes used to route cybercriminal traffic — with backdoor access surviving reboots and firmware updates.
CISA adds Ivanti EPM flaw to exploited vulnerabilities list
CISA ordered federal agencies to patch a high-severity Ivanti Endpoint Manager vulnerability within three weeks after confirming active exploitation.
APT28 Deploys Custom Covenant Framework for Espionage
Russian APT28 hackers modified the open-source Covenant tool for persistent espionage campaigns targeting government and defense sectors.
Teams Phishing Campaign Deploys A0Backdoor Malware
Hackers targeted financial and healthcare employees via Microsoft Teams to deploy A0Backdoor malware through Quick Assist remote access.
Cloud Attacks Exploit Fresh Bugs Within Days
Hackers now exploit newly disclosed third-party vulnerabilities to breach cloud environments within days instead of weeks.
Russian hackers target Signal, WhatsApp in govt phishing
Dutch intelligence warns Russian state hackers are targeting government officials through Signal and WhatsApp phishing attacks to steal sensitive communications.
ClickFix Malware Campaign Targets AI Coding Assistants
Cybercriminals launched a malvertising campaign using ClickFix techniques to exploit AI coding assistant users through fake command-line interfaces.
Ericsson US Hit by Data Breach Through Service Provider
Ericsson's U.S. subsidiary disclosed a data breach on March 9, 2026, after attackers compromised a third-party service provider and stole employee and customer data.
Salesforce warns of Experience Cloud data exposure attacks
Salesforce alerts customers about hackers exploiting misconfigured Experience Cloud platforms while ShinyHunters claims active data theft.
FBI Warns of Phishing Attacks Targeting Permit Applicants
FBI alerts businesses and individuals that criminals impersonate city officials in phishing campaigns targeting permit applications.
Claude Opus 4.6 discovers 22 vulnerabilities in Firefox 148
Anthropic's Claude Opus 4.6 AI identified 22 security vulnerabilities in Firefox 148, all now fixed by Mozilla.
Hackers Exploit .arpa DNS to Bypass Email Security
Threat actors abuse special-use .arpa domains and IPv6 reverse DNS to evade phishing detection systems and email gateways.
Cognizant TriZetto breach exposes 3.4M patient records
Healthcare IT provider TriZetto Provider Solutions disclosed a data breach affecting 3.4 million patients' sensitive medical information on March 6.
Wikipedia Hit by Self-Propagating JavaScript Worm
Wikimedia Foundation confirms JavaScript worm vandalized pages and modified user scripts across multiple wikis on March 5.