⚡NATO has cleared #iPhone and iPad to handle classified information.

The approval relies on built-in iOS and iPadOS security—no custom hardening or special software required.

Germany’s BSI had already cleared the devices for classified government use.

🔗 Details on NATO approval → https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html#nato-clears-consumer-iphones-and-ipads

🔥 Anthropic says its #Claude model found 22 Firefox vulnerabilities while scanning ~6,000 C++ files with Mozilla.

14 were high-severity. Turning bugs into exploits proved harder: after hundreds of attempts, the AI succeeded only twice.

🔗 Read → https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html

🔥 OpenAI launched "Codex Security," an AI agent that finds and fixes code vulnerabilities.

In testing it scanned 1.2M commits across open-source repos, uncovering 792 critical and 10,561 high-severity flaws in projects including OpenSSH, GnuTLS, PHP, and Chromium.

🔗 Details → https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html

⚠️ A newly tracked threat cluster is quietly breaching critical infrastructure across Asia.

Unit 42 says attackers exploit web servers, plant web shells, and dump credentials with tools like Mimikatz to move across networks in aviation, energy, and government sectors.

🔗 Read → https://thehackernews.com/2026/03/web-server-exploits-and-mimikatz-used.html

🛑 Two Chrome extensions turned malicious after an ownership transfer.

Researchers say QuickLens (7,000 users) now strips security headers and pulls remote code every 5 minutes. The payload executes via hidden elements, leaving no malicious code in the extension source.

🔗 Read → https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html

Latest edition of Cybersecurity recap worth reading:

🌐 PhaaS network dismantled
📱 Qualcomm 0-day exploited
🔗 iOS hit with 23-exploit chain
📡 Wi-Fi isolation bypassed
🤖 AI writes malware
🕵️ Iran targets US banks
🏴‍☠️ Phobos operator pleads guilty
🔓 WP plugin drops rogue admins
🦊 AI finds 22 Firefox vulns
☁️ AzCopy abused for exfiltration
🔑 1M+ private keys leaked
🧠 MuddyWater upgrades toolkit
📋 ClickFix drops ransomware
💀 LeakBase taken down
🪤 MCP server backdoored
📲 Fake Google page drops RAT
💸 Ransomware payments drop 8%
🌍 90 zero-days tracked in 2025

🔗 Full RECAP → https://thehackernews.com/2026/03/weekly-recap-qualcomm-0-day-ios-exploit.html

Supply-chain pressure is pushing mid-market firms to meet enterprise security standards. Partners now expect proof of resilience.

A Bitdefender webinar explains how security platform consolidation helps lean IT teams cut complexity and show stronger security posture.

🔗 GravityZone platform approach → https://thehackernews.com/2026/03/can-security-platform-finally-deliver.html

🚨 North Korea’s UNC4899 breached a crypto firm via AirDrop from a develop’s device.

A poisoned archive ran a fake Kubernetes CLI, opened a backdoor, pivoted into Google Cloud, exposed CI/CD tokens & reset accounts to steal millions.

🔗 Read → https://thehackernews.com/2026/03/unc4899-used-airdrop-file-transfer-and.html

⚠️ A malicious npm package is spreading a full RAT malware disguised as an OpenClaw installer.

It pulls a hidden second-stage payload and steals browser data, macOS Keychain entries, crypto wallets, and developer cloud credentials.

🔗 Read → https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html

⚠️ CISA added 3 actively exploited flaws to KEV.

Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution.

Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch.

🔗 Details → https://thehackernews.com/2026/03/cisa-flags-solarwinds-ivanti-and.html

Security teams often prioritize fixes by CVSS. But CVSS measures technical severity, not actual risk.

A 9.8 CVSS flaw in an isolated test system may be patched first, while a lower-scored bug in a public login API waits.

Real risk depends on exposure, exploit paths, and business impact.

🔗 Why context changes vulnerability priorities → https://thehackernews.com/expert-insights/2026/03/why-cvss-scores-dont-tell-real-story-of.html

🛑Threat actors are mass-scanning #Salesforce Experience Cloud sites using AuraInspector.

The tool probes the /s/sfsites/aura API and can extract CRM data if guest user permissions are too broad. Salesforce says the platform isn’t vulnerable—misconfiguration is the risk.

🔗 Read → https://thehackernews.com/2026/03/threat-actors-mass-scan-salesforce.html

🛑 Russian state-linked hackers APT28 are spying on Ukrainian military targets using BEARDSHELL and a modified COVENANT framework.

Active since April 2024, the operation hides command-and-control in cloud services like Icedrive and Filen.

🔗 Read → https://thehackernews.com/2026/03/apt28-uses-beardshell-and-covenant.html

Serious vulnerabilities now get exploited within 24–48 hours of disclosure. Some forecasts say minutes by 2028.

During the SharePoint ToolShell zero-day, thousands of servers were still exposed to the internet — many unnecessarily.

🔗 Why attack surface exposure gets missed → https://thehackernews.com/2026/03/the-zero-day-scramble-is-avoidable.html

⚡ WEBINAR — AI agents now send emails, move data, and run tasks across company systems.

Many operate as “invisible employees” with access security teams rarely track. Attackers exploit this by planting instructions that make agents leak sensitive data.

🔗 Learn how to secure AI agent workflows → https://thehackernews.com/2026/03/how-to-stop-ai-data-leaks-webinar-guide.html

🚨 Researchers found 9 cross-tenant flaws in #Google Looker Studio that could let attackers run arbitrary SQL queries on connected databases and access cloud data.

BigQuery, Sheets, #PostgreSQL, and other connectors were exposed.

🔗 Attack paths and affected services → https://thehackernews.com/2026/03/new-leakylooker-flaws-in-google-looker.html

🛑 KadNap malware has infected 14,000+ devices since Aug 2025, mostly in the U.S.

Targets Asus routers and hides C2 using a peer-to-peer DHT network. Infected devices are sold as residential proxies through the Doppelgänger service.

🔗 Details → https://thehackernews.com/2026/03/kadnap-malware-infects-14000-edge.html

⚠️ Attackers are abusing FortiGate firewalls as entry points.

A SentinelOne report says exploits and weak credentials let intruders extract configs holding Active Directory service account credentials, then enroll rogue machines and scan internal networks.

🔗 FortiGate breach chain and AD access details → https://thehackernews.com/2026/03/fortigate-devices-exploited-to-breach.html

⚠️ Five Rust crates on crates-io posed as time tools but secretly stole dev secrets.

They targeted .env files, siphoning API keys and tokens from developer machines and CI pipelines.

Removed now, but stolen credentials may still be active.

🔗 Read → https://thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html

🛑 Attackers turned the nx npm supply-chain compromise into full AWS admin access in under 72 hours.

Google says UNC6426 stole a developer’s GitHub token via QUIETVAULT, abused GitHub-to-AWS OIDC trust, created a new admin role, then accessed S3 data and destroyed production systems.

🔗 Read → https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html

⚡ Microsoft patched 84 vulnerabilities in March Patch Tuesday, including 8 critical flaws and two publicly known zero-days in .NET and SQL Server.

Researchers say 55% are privilege-escalation bugs. Fixes also address Azure MCP token-theft risk and an Excel flaw that could enable data exfiltration.

🔗 Key CVEs and risks explained → https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html