⚠️ A new phishing wave uses malicious OAuth apps to bypass email and browser defenses, #Microsoft warns.

Victims click links tied to fake app scopes, get redirected through legitimate identity providers, and end up downloading ZIP files that trigger PowerShell, MSI installs, and DLL sideloading.

🔗 Read → https://thehackernews.com/2026/03/microsoft-warns-oauth-redirect-abuse.html

🚨 A new phishing suite called "Starkiller" proxies real login pages to bypass MFA.

It runs headless Chrome in Docker, loads the legitimate site, and relays everything live. Keystrokes and session tokens pass through attacker infrastructure, enabling account takeover.

🔗 How the AitM setup works → https://thehackernews.com/2026/03/starkiller-phishing-suite-uses-aitm.html

Nearly 70% of enterprises already run AI agents in production, but governance isn’t keeping pace.

MCP-based agents can access apps, reuse tokens, and execute workflows without fitting into normal IAM lifecycles. That leaves stale credentials, over-scoped access, and weak audit trails.

Gartner calls for supervisory guardrails.

🔗 Where AI becomes identity risk → https://thehackernews.com/2026/03/ai-agents-next-wave-identity-dark.html

⚠️ 600+ FortiGate devices breached in an AI-assisted campaign.

Team Cymru traced it to #CyberStrikeAI, an open-source Go tool bundling 100+ security utilities, run from 21 IPs across Asia and beyond.

The maintainer shows ties to #China’s vulnerability ecosystem.

🔗 Details → https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html

Threat actors deployed modified Havoc C2 after posing as IT support.

They spam-bombed targets, called them directly to gain remote access, sent victims to a fake Outlook “anti-spam” page to steal credentials, then used DLL sideloading and legit RMM tools to move to nine endpoints in 11 hours.

🔗 Read → https://thehackernews.com/2026/03/fake-tech-support-spam-deploys.html

🛑 A command-injection bug in VMware Aria Operations is now in CISA’s KEV catalog.

The flaw — CVE-2026-22719 (CVSS 8.1) — could let unauthenticated attackers run arbitrary commands during migration workflows.

🔗 Details → https://thehackernews.com/2026/03/cisa-adds-actively-exploited-vmware.html

🐉 Silver Dragon APT is breaching government networks in Europe and Southeast Asia via server exploits and phishing.

Researchers link the activity to the APT41 ecosystem, using BamboLoader and DNS tunneling to maintain covert access.

🔗 Read → https://thehackernews.com/2026/03/apt41-linked-silver-dragon-targets.html

AI in the SOC is shifting from alert triage to full investigations, writes Jon Hencinski of Prophet Security.

In one case, an AI system ran 265 queries across 6 data sources to confirm a compromised AWS credential used for cloud reconnaissance—work normally done by senior analysts.

🔗 How the investigation reconstructed the attack → https://thehackernews.com/expert-insights/2026/03/ai-soc-investigation-has-moved-beyond.html

🖥️ Malicious Packagist packages posing as Laravel helpers install a remote access trojan.

The malware connects to a C2 server, runs shell commands, uploads files, captures screenshots, and retries every 15 seconds to stay persistent.

🔗 Malware behavior and package names → https://thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html

⚠️ Many SOCs’ weakest link isn’t tools—it’s Tier-1 analysts.

Most alerts + least experience → alert fatigue & false positives → slower detection & delayed escalation.

Better threat intel turns alerts into fast decisions.

🔗 How intel feeds + sandbox analysis strengthen Tier-1 triage → https://thehackernews.com/2026/03/building-high-impact-tier-1-3-steps.html

✅ 5-Step Readiness Checklist for Security Automation.

Security questionnaires are a critical part of security reviews, but manual processes slow teams down and increase risk.

📋 This 5-step automated security readiness checklist outlines the foundational steps GRC and information security teams need to prepare for automation that is accurate, defensible, and scalable.

Download the checklist to assess your readiness and take the first step toward more efficient security reviews

🔗 https://thn.news/automated-sec-checklist

🛑 ALERT: Google uncovered an #iPhone exploit kit called Coruna containing 23 iOS exploits targeting versions 13–17.2.1.

The framework fingerprints devices and automatically loads the matching WebKit exploit chain. Researchers say it moved from #surveillance vendors to nation-state operators and later cybercrime groups.

🔗 Exploit chains, campaigns, and malware payload details → https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html

⚠️ Multiple infostealers — Arkanix, NovaStealer, DarkCloud, MawaStealer and others — are active in the wild.

Researchers say Arkanix was likely built with LLM assistance, speeding malware development. Stolen logs are filtered and sold to brokers seeking corporate network access.

🔗 Read → https://thehackernews.com/2026/03/weekly-recap-sd-wan-0-day-critical-cves.html#:~:text=Multiple%20Stealer%20Malware%20Families%20Detected

Human-led. Rules-based. LLM-powered agentic systems. Each promises efficiency. Each has limits.

The real advantage? Knowing when, and how, to use them together.

The teams pulling ahead aren’t betting on a single model. They’re architecting a custom mix of all three.

On March 12th, join Tines for Workflow clarity: Where AI fits in modern automation. You'll learn how to harness AI with clarity and control, and determine the right combination of workflows for you.

🔗 Register and learn more here: https://thn.news/modern-automation-ai

🛑 Hacktivists launched 149 DDoS attacks targeting 110 organizations in 16 countries after the U.S.–Israel strikes on Iran, security researchers report.

Most attacks hit government systems in the Middle East, with Kuwait, Israel, and Jordan seeing the highest activity.

🔗 Read → https://thehackernews.com/2026/03/149-hacktivist-ddos-attacks-hit-110.html

Authorities have seized #LeakBase, a cybercrime forum used to trade stolen databases and infostealer logs.

Site had 142k+ members and hosted hundreds of millions of stolen credentials & financial records used for account takeovers and fraud.

🔗 Read → https://thehackernews.com/2026/03/fbi-and-europol-seize-leakbase-forum.html

⚡ Authorities dismantled Tycoon 2FA, a major phishing-as-a-service toolkit used to bypass MFA.

The platform sent tens of millions of phishing emails monthly and enabled access to nearly 100,000 organizations by stealing credentials, MFA codes, and session cookies.

🔗 Read → https://thehackernews.com/2026/03/europol-led-operation-takes-down-tycoon.html

⚠️ Most encrypted web traffic relies on ECDHE, the TLS key exchange that lets browsers and servers derive a shared secret.

Quantum computers could break the elliptic-curve math behind it. The industry is moving to hybrid exchanges combining ECDHE with post-quantum ML-KEM.

🔗 Learn how hybrid key exchange protects data from future quantum attacks → https://thehackernews.com/expert-insights/2026/03/demystifying-key-exchange-from.html

🚨 Russian-linked hackers are using BadPaw and MeowMeow malware to target Ukrainian entities.

Phishing emails deliver a ZIP with an HTA lure. Code hidden in a PNG loads a .NET dropper that installs a backdoor capable of running PowerShell commands and manipulating files.

🔗 Details → https://thehackernews.com/2026/03/apt28-linked-campaign-deploys-badpaw.html

🛑 Suspected Iran-linked hackers targeted Iraqi officials by impersonating the foreign ministry and delivering malware.

Tracked as Dust Specter, the campaign deploys SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM via password-protected archives and DLL sideloading.

🔗 Read → https://thehackernews.com/2026/03/dust-specter-targets-iraqi-officials.html

🔥 ActiveState Launches World's Largest Secure OSS Catalog With 79M Components.

ActiveState has launched the world’s largest secure open-source catalog, uniting 79M components across 12+ languages (Java, Python, Rust, etc.). It cuts CVE exposure by 99% via SLSA-3 builds and reclaims 30% of engineering time by automating manual maintenance and governance.

🔗 Read the release: https://thn.news/open-source-catalog