🛑Threat actors are mass-scanning #Salesforce Experience Cloud sites using AuraInspector.

The tool probes the /s/sfsites/aura API and can extract CRM data if guest user permissions are too broad. Salesforce says the platform isn’t vulnerable—misconfiguration is the risk.

🔗 Read → https://thehackernews.com/2026/03/threat-actors-mass-scan-salesforce.html

🛑 Russian state-linked hackers APT28 are spying on Ukrainian military targets using BEARDSHELL and a modified COVENANT framework.

Active since April 2024, the operation hides command-and-control in cloud services like Icedrive and Filen.

🔗 Read → https://thehackernews.com/2026/03/apt28-uses-beardshell-and-covenant.html

Serious vulnerabilities now get exploited within 24–48 hours of disclosure. Some forecasts say minutes by 2028.

During the SharePoint ToolShell zero-day, thousands of servers were still exposed to the internet — many unnecessarily.

🔗 Why attack surface exposure gets missed → https://thehackernews.com/2026/03/the-zero-day-scramble-is-avoidable.html

⚡ WEBINAR — AI agents now send emails, move data, and run tasks across company systems.

Many operate as “invisible employees” with access security teams rarely track. Attackers exploit this by planting instructions that make agents leak sensitive data.

🔗 Learn how to secure AI agent workflows → https://thehackernews.com/2026/03/how-to-stop-ai-data-leaks-webinar-guide.html

🚨 Researchers found 9 cross-tenant flaws in #Google Looker Studio that could let attackers run arbitrary SQL queries on connected databases and access cloud data.

BigQuery, Sheets, #PostgreSQL, and other connectors were exposed.

🔗 Attack paths and affected services → https://thehackernews.com/2026/03/new-leakylooker-flaws-in-google-looker.html

🛑 KadNap malware has infected 14,000+ devices since Aug 2025, mostly in the U.S.

Targets Asus routers and hides C2 using a peer-to-peer DHT network. Infected devices are sold as residential proxies through the Doppelgänger service.

🔗 Details → https://thehackernews.com/2026/03/kadnap-malware-infects-14000-edge.html

⚠️ Attackers are abusing FortiGate firewalls as entry points.

A SentinelOne report says exploits and weak credentials let intruders extract configs holding Active Directory service account credentials, then enroll rogue machines and scan internal networks.

🔗 FortiGate breach chain and AD access details → https://thehackernews.com/2026/03/fortigate-devices-exploited-to-breach.html

⚠️ Five Rust crates on crates-io posed as time tools but secretly stole dev secrets.

They targeted .env files, siphoning API keys and tokens from developer machines and CI pipelines.

Removed now, but stolen credentials may still be active.

🔗 Read → https://thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html

🛑 Attackers turned the nx npm supply-chain compromise into full AWS admin access in under 72 hours.

Google says UNC6426 stole a developer’s GitHub token via QUIETVAULT, abused GitHub-to-AWS OIDC trust, created a new admin role, then accessed S3 data and destroyed production systems.

🔗 Read → https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html

⚡ Microsoft patched 84 vulnerabilities in March Patch Tuesday, including 8 critical flaws and two publicly known zero-days in .NET and SQL Server.

Researchers say 55% are privilege-escalation bugs. Fixes also address Azure MCP token-theft risk and an Excel flaw that could enable data exfiltration.

🔗 Key CVEs and risks explained → https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html

⚠️ Most companies still carry thousands of open CVEs.

AI now automates recon, vuln discovery, and exploit development. What once looked like technical debt is quickly becoming an attack surface.

Backlogs aren’t passive risk anymore.
They’re weapons.

🔗 Why AI is changing vulnerability risk → https://thehackernews.com/2026/03/what-boards-must-demand-in-age-of-ai.html

⚠️ Security patches rolled out across 50+ vendors this cycle.

SAP fixed critical Log4j and NetWeaver flaws. Microsoft patched 84 bugs. Adobe resolved 80. HPE closed a CVSS 9.8 Aruba authentication bypass.

Cisco, GitLab, Linux distros, and many others also issued fixes.

🔗 Read → https://thehackernews.com/2026/03/dozens-of-vendors-patch-security-flaws.html

Transform risk into opportunity!

Big news from AuditBoard - they're now Optro. A name change that signals something real — a connected view across audit, risk, and compliance that helps organizations get ahead of risk, not just respond to it. Learn why over 50% of the Fortune 500 trust Optro to transform risk into opportunity.

We are looking forward to watching the next chapter → https://thn.news/compliance-ai

Meta disabled 150,000+ scam accounts tied to fraud compounds across Southeast Asia.

The coordinated action with authorities in 11 countries led to 21 arrests by Thai police. Meta also added scam warnings on Facebook and AI chat-review tools on Messenger and WhatsApp.

🔗 Read → https://thehackernews.com/2026/03/meta-disables-150k-accounts-linked-to.html

🛑 Two critical flaws in #n8n enable remote code execution.

One bug lets attackers inject shell commands via public form inputs. Another escapes the expression sandbox.

Chained together, attackers could decrypt stored credentials including API keys, tokens, and passwords.

🔗 Details → https://thehackernews.com/2026/03/critical-n8n-flaws-allow-remote-code.html

🤖🎣 Researchers show AI web agents can be trained to fall for phishing.

Exploiting Agentic Blabbering, attackers observe the browser’s reasoning and refine scam pages until the AI stops flagging them.

🔗 Read → https://thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html

A new Wi-Fi attack called AirSnitch shows client isolation may not protect users on shared networks.

Researchers found every tested router vulnerable to at least one technique that lets attackers intercept traffic from nearby devices connected to the same Wi-Fi.

🔗 Read → https://thehackernews.com/2026/03/weekly-recap-qualcomm-0-day-ios-exploit.html#:~:text=New%20AirSnitch%20Attack%20Shows%20Wi%2DFi%20Client%20Isolation%20May%20Not%20Be%20Enough

⚠️ CISA confirms active exploitation of CVE-2025-68613 in the #n8n automation platform.

The expression-injection flaw allows authenticated attackers to run code with n8n process privileges—exposing data, altering workflows, or taking full control of the instance.

🔗 Read → https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html

⚡ Apple backports CVE-2023-43010 fix after the WebKit flaw was used in the Coruna #iPhone exploit kit.

It allows memory corruption via malicious web content. Fix now covers iOS 15.8.7 & 16.7.15 devices, including iPhone 6s, 7, 8 & X.

🔗 Read → https://thehackernews.com/2026/03/apple-issues-security-updates-for-older.html

Attackers now weaponize phishing volume.

Research shows 66% of SOC teams can’t keep up with alerts, letting attackers hide targeted spear-phish inside thousands of decoys. The flood isn’t random. It’s meant to exhaust analysts and slow investigation.

🔗 How phishing campaigns exploit SOC workload → https://thehackernews.com/2026/03/attackers-dont-just-send-phishing.html

New week. Same internet chaos.

⚠️ OAuth token theft
📱 Signal/WhatsApp hijacks
☁️ Cloud flaw breaches
🧟 Zombie ZIP evasion
💼 HR malware kills EDR
🤖 AI agent platform hack
💬 Teams impersonation attacks
🌐 174-exploit botnet scans

🔗 ThreatsDay is out — quick hits from this week’s cyber chaos → https://thehackernews.com/2026/03/threatsday-bulletin-oauth-trap-edr.html