TECHZONE™

A cunning predator: How Silver Fox preys on Japanese firms this tax season https://www.welivesecurity.com/en/business-security/cunning-predator-how-silver-fox-preys-japanese-firms-tax-season/ Silver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening them

TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign https://thehackernews.com/2026/03/ta446-deploys-leaked-darksword-ios.html Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446, which is also tracked by the broader cybersecurity community under the monikers Callisto,

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution. "When a

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits https://thehackernews.com/2026/03/apple-sends-lock-screen-alerts-to.html Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone," the

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks https://thehackernews.com/2026/03/langchain-langgraph-flaws-expose-files.html Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are used to build applications powered by Large Language Models (LLMs). LangGraph is built on the foundations of

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks https://thehackernews.com/2026/03/china-linked-red-menshen-uses-stealthy.html A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within critical environments, has been attributed to Red Menshen, a threat cluster that's also tracked as Earth Bluecrow,

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites https://thehackernews.com/2026/03/webrtc-skimmer-bypasses-csp-to-steal.html Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data," Sansec said in a report published this week. The attack,

Virtual machines, virtually everywhere – and with real security gaps https://www.welivesecurity.com/en/business-security/virtual-machines-virtually-everywhere-real-security-gaps/ Cloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselves

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace https://thehackernews.com/2026/03/leakbase-admin-arrested-in-russia-over.html The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspect is said to have been detained for creating and managing a criminal site that allowed stolen

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data https://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.html Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an offline version of Google Docs. "It logs keystrokes, dumps cookies and session tokens, captures screenshots, and

The Kill Chain Is Obsolete When Your AI Agent Is the Threat https://thehackernews.com/2026/03/the-kill-chain-is-obsolete-when-your-ai.html In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed. This incident is worrying, but there's a scenario that should

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks https://thehackernews.com/2026/03/russian-hacker-sentenced-to-2-years-for.html The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the online aliases "milan" and "okart," is said to have co-managed a Russia-based cybercriminal group known as TA551 (aka

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse https://thehackernews.com/2026/03/device-code-phishing-hits-340-microsoft.html Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on February 19, 2026, with subsequent cases appearing at an accelerated pace since then. Notably, the campaign leverages

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns https://thehackernews.com/2026/03/fcc-bans-new-foreign-made-routers-over.html The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications networks the country relies on, FCC Chairman Brendan Carr said in a post on X. The development means that new models of

Cloud workload security: Mind the gaps https://www.welivesecurity.com/en/business-security/cloud-workload-security-mind-gaps/ As IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoning

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise https://thehackernews.com/2026/03/teampcp-backdoors-litellm-versions.html TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on

Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR https://thehackernews.com/2026/03/tax-search-ads-deliver-screenconnect.html A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique. "The campaign abuses Google Ads to serve rogue ScreenConnect (

5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents https://thehackernews.com/2026/03/5-learnings-from-first-ever-gartner.html On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner https://thehackernews.com/2026/03/hackers-use-fake-resumes-to-steal.html An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills https://thehackernews.com/2026/03/the-hidden-cost-of-cybersecurity.html Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands. These challenges do not