TECHZONE™

ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine & More https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of what is happening

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware https://thehackernews.com/2026/03/dust-specter-targets-iraqi-officials.html A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the form of two different

Where Multi-Factor Authentication Stops and Credential Abuse Starts https://thehackernews.com/2026/03/where-multi-factor-authentication-stops.html Organizations typically roll out multi-factor authentication (MFA) and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but coverage.  Enforced through an identity provider (IdP) such as Microsoft Entra ID, Okta, or

APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine https://thehackernews.com/2026/03/apt28-linked-campaign-deploys-badpaw.html Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. "The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning border crossing appeals

Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks https://thehackernews.com/2026/03/europol-led-operation-takes-down-tycoon.html Tycoon 2FA, one of the prominent phishing-as-a-service (PhaaS) toolkits that allowed cybercriminals to stage adversary-in-the-middle (AitM) credential harvesting attacks at scale, was dismantled by a coalition of law enforcement agencies and security companies. The subscription-based phishing kit, which first emerged in August 2023, was described by Europol as one of the largest phishing

FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials https://thehackernews.com/2026/03/fbi-and-europol-seize-leakbase-forum.html A joint law enforcement operation has dismantled LeakBase, one of the world's largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools. The LeakBase forum, per the U.S. Department of Justice (DoJ), had over 142,000 members and more than 215,000 messages between members as of December 2025. Those attempting to access the forum's website ("leakbase[.]la") are now

Protecting education: How MDR can tip the balance in favor of schools https://www.welivesecurity.com/en/business-security/protecting-education-how-mdr-can-tip-balance-favor-schools/ The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative?

149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict https://thehackernews.com/2026/03/149-hacktivist-ddos-attacks-hit-110.html Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2," Radware said in a Tuesday

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit featured five full iOS exploit chains and a total of 23 exploits, Google Threat Intelligence Group (GTIG) said. It's not effective against the latest version of iOS. The findings were first reported by WIRED. "The

New RFP Template for AI Usage Control and AI Governance  https://thehackernews.com/2026/03/new-rfp-template-for-ai-usage-control.html As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actually looking for. The CISO’s Dilemma: You Have the AI Budget, but Do You Have the Requirements? As AI

Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux https://thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems. The names of the packages are listed below - nhattuanbl/lara-helper (37 Downloads) nhattuanbl/simple-queue (29 Downloads) nhattuanbl/lara-swagger (49 Downloads)

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2 https://thehackernews.com/2026/03/apt41-linked-silver-dragon-targets.html Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog https://thehackernews.com/2026/03/cisa-adds-actively-exploited-vmware.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations https://thehackernews.com/2026/03/fake-tech-support-spam-deploys.html Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component. "Memory corruption when adding user-supplied data without checking available buffer space," Qualcomm said in an advisory,

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains https://thehackernews.com/2026/03/sloppylemming-targets-pakistan-and.html The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome https://thehackernews.com/2026/03/google-develops-merkle-tree.html Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said. "

⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More https://thehackernews.com/2026/03/weekly-recap-sd-wan-0-day-critical-cves.html This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points. The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady

How to Protect Your SaaS from Bot Attacks with SafeLine WAF https://thehackernews.com/2026/03/how-to-protect-your-saas-from-bot.html Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated requests from strange user agents. If