TECHZONE™

UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device https://thehackernews.com/2026/03/unc4899-used-airdrop-file-transfer-and.html The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the state-sponsored adversary, which is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware https://thehackernews.com/2026/03/weekly-recap-qualcomm-0-day-ios-exploit.html Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real ones. The kind where the good guys showed up, did the work, and made a dent. It doesn't always

Can the Security Platform Finally Deliver for the Mid-Market? https://thehackernews.com/2026/03/can-security-platform-finally-deliver.html Mid-market organizations are constantly striving to achieve security levels on a par with their enterprise peers. With heightened awareness of supply chain attacks, your customers and business partners are defining the security level you must meet. What if you could be the enabler for your organization to remain competitive — and help win business — by easily demonstrating that you meet these

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named "akshayanuonline@gmail.com" (BuildMelon), are listed below - QuickLens - Search Screen with

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure https://thehackernews.com/2026/03/web-server-exploits-and-mimikatz-used.html High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html OpenAI on Friday began rolling out Codex Security, an artificial intelligence (AI)-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex web with free usage for the next month. "It builds deep context about your project to identify

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in

What cybersecurity actually does for your business https://www.welivesecurity.com/en/business-security/what-cybersecurity-actually-does-for-your-business/ The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India https://thehackernews.com/2026/03/transparent-tribe-uses-ai-to-mass.html The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence (AI)-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed using lesser-known programming languages like Nim, Zig, and Crystal and rely on trusted services like

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT https://thehackernews.com/2026/03/multi-stage-voidgeist-malware.html Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is used to deploy a second

The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity https://thehackernews.com/2026/03/the-msp-guide-to-using-ai-powered-risk.html Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and processes.

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor https://thehackernews.com/2026/03/iran-linked-muddywater-hackers-target.html New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It's affiliated with the Iranian

China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks https://thehackernews.com/2026/03/china-linked-hackers-use-terndoor.html A China-linked advanced persistent threat (APT) actor has been targeting critical telecommunications infrastructure in South America since 2024, targeting Windows and Linux systems and edge devices with three different implants. The activity is being tracked by Cisco Talos under the moniker UAT-9244, describing it as closely associated with another cluster known as FamousSparrow. It's worth

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the Windows Run dialog and paste a command

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below - CVE-2017-7921 (CVSS score: 9.8) - An improper authentication vulnerability affecting

How SMBs use threat research and MDR to build a defensive edge https://www.welivesecurity.com/en/business-security/how-smbs-use-threat-research-mdr-build-defensive-edge/ We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities https://thehackernews.com/2026/03/cisco-confirms-active-exploitation-of.html Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2026-20122 (CVSS score: 7.1) - An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system.

Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders https://thehackernews.com/2026/03/preparing-for-quantum-era-post-quantum.html Most organizations assume encrypted data is safe. But many attackers are already preparing for a future where today’s encryption can be broken. Instead of trying to decrypt information now, they are collecting encrypted data and storing it so it can be decrypted later using quantum computers. This tactic—known as “harvest now, decrypt later”—means sensitive data transmitted today could become

ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of what is happening

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware https://thehackernews.com/2026/03/dust-specter-targets-iraqi-officials.html A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the form of two different