🛑 ClickFix has moved to Windows Terminal.

Microsoft says victims are told to open wt.exe and paste a command from fake CAPTCHA pages.

That launches PowerShell, pulls payloads, and injects Lumma Stealer into Chrome and Edge to steal saved credentials.

🔗 Read → https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html

🚨 China-linked APT UAT-9244 has been targeting telecom networks in South America since 2024.

Cisco Talos uncovered 3 new implants across Windows, #Linux, and edge devices—used for persistence, command control, and large-scale brute-force scanning.

🔗 Inside TernDoor, PeerTime, and BruteEntry → https://thehackernews.com/2026/03/china-linked-hackers-use-terndoor.html

🛑 Iran-linked hackers quietly embedded inside multiple U.S. organizations, Broadcom researchers report.

The campaign is tied to MuddyWater, an #Iranian state group. Attackers deployed a Deno-based backdoor and tried exfiltrating data using Rclone to cloud storage.

🔗 Read → https://thehackernews.com/2026/03/iran-linked-muddywater-hackers-target.html

MSPs trying to scale cybersecurity hit the same wall: manual risk assessments that don’t scale.

AI-powered risk management automates assessments, maps compliance, and turns findings into remediation—enabling continuous security services instead of one-off fixes.

🔗 Inside: framework for scalable risk-first cybersecurity services → https://thehackernews.com/2026/03/the-msp-guide-to-using-ai-powered-risk.html

Your shiny new AI agent can now:

🔗 Browse
🛠️ Execute code
☢️ Touch production systems

Agency Gap = tools + APIs + permissions = new attack surface.

Secure your agents BEFORE they get owned.

🔗 Join the webinar → https://thehacker.news/ai-agents-attack-surface

⚠️ VOID#GEIST malware delivers 3 RATs: XWorm, AsyncRAT, and Xeno RAT through a layered script chain.

Phishing emails pull a batch file from TryCloudflare, open a fake invoice PDF, then use Python to decrypt shellcode and inject it into explorer.exe via Early Bird APC.

🔗 Inside the full fileless attack chain → https://thehackernews.com/2026/03/multi-stage-voidgeist-malware.html

⚡ Bitdefender says Pakistan-aligned Transparent Tribe (APT36) is targeting Indian government entities with AI-generated malware.

The campaign spreads polyglot implants in Nim, Zig, and Crystal and hides C2 inside Slack, Supabase, and Google Sheets.

🔗 Inside: phishing chain, malware tools, and infrastructure → https://thehackernews.com/2026/03/transparent-tribe-uses-ai-to-mass.html

😮 Car tire pressure sensors may expose where you go.

Researchers found TPMS sensors broadcast unchanging IDs in unencrypted radio signals. Receivers up to 40 m away can capture them and recognize the same vehicle again.

That enables long-term tracking—no cameras, no line of sight.

🔗 How TPMS signals reveal vehicle movement → https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html#tpms-signals-allow-covert-vehicle-tracking

⚡NATO has cleared #iPhone and iPad to handle classified information.

The approval relies on built-in iOS and iPadOS security—no custom hardening or special software required.

Germany’s BSI had already cleared the devices for classified government use.

🔗 Details on NATO approval → https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html#nato-clears-consumer-iphones-and-ipads

🔥 Anthropic says its #Claude model found 22 Firefox vulnerabilities while scanning ~6,000 C++ files with Mozilla.

14 were high-severity. Turning bugs into exploits proved harder: after hundreds of attempts, the AI succeeded only twice.

🔗 Read → https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html

🔥 OpenAI launched "Codex Security," an AI agent that finds and fixes code vulnerabilities.

In testing it scanned 1.2M commits across open-source repos, uncovering 792 critical and 10,561 high-severity flaws in projects including OpenSSH, GnuTLS, PHP, and Chromium.

🔗 Details → https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html