🛑 Hacktivists launched 149 DDoS attacks targeting 110 organizations in 16 countries after the U.S.–Israel strikes on Iran, security researchers report.

Most attacks hit government systems in the Middle East, with Kuwait, Israel, and Jordan seeing the highest activity.

🔗 Read → https://thehackernews.com/2026/03/149-hacktivist-ddos-attacks-hit-110.html

Authorities have seized #LeakBase, a cybercrime forum used to trade stolen databases and infostealer logs.

Site had 142k+ members and hosted hundreds of millions of stolen credentials & financial records used for account takeovers and fraud.

🔗 Read → https://thehackernews.com/2026/03/fbi-and-europol-seize-leakbase-forum.html

⚡ Authorities dismantled Tycoon 2FA, a major phishing-as-a-service toolkit used to bypass MFA.

The platform sent tens of millions of phishing emails monthly and enabled access to nearly 100,000 organizations by stealing credentials, MFA codes, and session cookies.

🔗 Read → https://thehackernews.com/2026/03/europol-led-operation-takes-down-tycoon.html

⚠️ Most encrypted web traffic relies on ECDHE, the TLS key exchange that lets browsers and servers derive a shared secret.

Quantum computers could break the elliptic-curve math behind it. The industry is moving to hybrid exchanges combining ECDHE with post-quantum ML-KEM.

🔗 Learn how hybrid key exchange protects data from future quantum attacks → https://thehackernews.com/expert-insights/2026/03/demystifying-key-exchange-from.html

🚨 Russian-linked hackers are using BadPaw and MeowMeow malware to target Ukrainian entities.

Phishing emails deliver a ZIP with an HTA lure. Code hidden in a PNG loads a .NET dropper that installs a backdoor capable of running PowerShell commands and manipulating files.

🔗 Details → https://thehackernews.com/2026/03/apt28-linked-campaign-deploys-badpaw.html

🛑 Suspected Iran-linked hackers targeted Iraqi officials by impersonating the foreign ministry and delivering malware.

Tracked as Dust Specter, the campaign deploys SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM via password-protected archives and DLL sideloading.

🔗 Read → https://thehackernews.com/2026/03/dust-specter-targets-iraqi-officials.html

🔥 ActiveState Launches World's Largest Secure OSS Catalog With 79M Components.

ActiveState has launched the world’s largest secure open-source catalog, uniting 79M components across 12+ languages (Java, Python, Rust, etc.). It cuts CVE exposure by 99% via SLSA-3 builds and reclaims 30% of engineering time by automating manual maintenance and governance.

🔗 Read the release: https://thn.news/open-source-catalog

🚨 DDR5 bot scalping, Telegram cybercrime hubs, and new malware campaigns.

This week’s #ThreatsDay Bulletin breaks down the biggest security threats and tactics shaping the threat landscape right now.

🔗 Read → https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html

⚠️ Cisco confirms active exploitation of two Catalyst SD-WAN Manager flaws.

▶ CVE-2026-20122 enables arbitrary file overwrite via API credentials.
▶CVE-2026-20128 can expose data and grant DCA privileges after login.

🔗 Read → https://thehackernews.com/2026/03/cisco-confirms-active-exploitation-of.html

Patches are out across multiple releases.

⚠️ CISA added two CVSS 9.8 flaws to its KEV list after active exploitation.

One hits Hikvision devices and can expose sensitive data. The other targets Rockwell Logix controllers and could let attackers alter system configs.

🔗 Details → https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html

Federal agencies must patch by March 26.

🛑 ClickFix has moved to Windows Terminal.

Microsoft says victims are told to open wt.exe and paste a command from fake CAPTCHA pages.

That launches PowerShell, pulls payloads, and injects Lumma Stealer into Chrome and Edge to steal saved credentials.

🔗 Read → https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html

🚨 China-linked APT UAT-9244 has been targeting telecom networks in South America since 2024.

Cisco Talos uncovered 3 new implants across Windows, #Linux, and edge devices—used for persistence, command control, and large-scale brute-force scanning.

🔗 Inside TernDoor, PeerTime, and BruteEntry → https://thehackernews.com/2026/03/china-linked-hackers-use-terndoor.html

🛑 Iran-linked hackers quietly embedded inside multiple U.S. organizations, Broadcom researchers report.

The campaign is tied to MuddyWater, an #Iranian state group. Attackers deployed a Deno-based backdoor and tried exfiltrating data using Rclone to cloud storage.

🔗 Read → https://thehackernews.com/2026/03/iran-linked-muddywater-hackers-target.html

MSPs trying to scale cybersecurity hit the same wall: manual risk assessments that don’t scale.

AI-powered risk management automates assessments, maps compliance, and turns findings into remediation—enabling continuous security services instead of one-off fixes.

🔗 Inside: framework for scalable risk-first cybersecurity services → https://thehackernews.com/2026/03/the-msp-guide-to-using-ai-powered-risk.html

Your shiny new AI agent can now:

🔗 Browse
🛠️ Execute code
☢️ Touch production systems

Agency Gap = tools + APIs + permissions = new attack surface.

Secure your agents BEFORE they get owned.

🔗 Join the webinar → https://thehacker.news/ai-agents-attack-surface

⚠️ VOID#GEIST malware delivers 3 RATs: XWorm, AsyncRAT, and Xeno RAT through a layered script chain.

Phishing emails pull a batch file from TryCloudflare, open a fake invoice PDF, then use Python to decrypt shellcode and inject it into explorer.exe via Early Bird APC.

🔗 Inside the full fileless attack chain → https://thehackernews.com/2026/03/multi-stage-voidgeist-malware.html

⚡ Bitdefender says Pakistan-aligned Transparent Tribe (APT36) is targeting Indian government entities with AI-generated malware.

The campaign spreads polyglot implants in Nim, Zig, and Crystal and hides C2 inside Slack, Supabase, and Google Sheets.

🔗 Inside: phishing chain, malware tools, and infrastructure → https://thehackernews.com/2026/03/transparent-tribe-uses-ai-to-mass.html