Transform risk into opportunity!

Big news from AuditBoard - they're now Optro. A name change that signals something real — a connected view across audit, risk, and compliance that helps organizations get ahead of risk, not just respond to it. Learn why over 50% of the Fortune 500 trust Optro to transform risk into opportunity.

We are looking forward to watching the next chapter → https://thn.news/compliance-ai

Meta disabled 150,000+ scam accounts tied to fraud compounds across Southeast Asia.

The coordinated action with authorities in 11 countries led to 21 arrests by Thai police. Meta also added scam warnings on Facebook and AI chat-review tools on Messenger and WhatsApp.

🔗 Read → https://thehackernews.com/2026/03/meta-disables-150k-accounts-linked-to.html

🛑 Two critical flaws in #n8n enable remote code execution.

One bug lets attackers inject shell commands via public form inputs. Another escapes the expression sandbox.

Chained together, attackers could decrypt stored credentials including API keys, tokens, and passwords.

🔗 Details → https://thehackernews.com/2026/03/critical-n8n-flaws-allow-remote-code.html

🤖🎣 Researchers show AI web agents can be trained to fall for phishing.

Exploiting Agentic Blabbering, attackers observe the browser’s reasoning and refine scam pages until the AI stops flagging them.

🔗 Read → https://thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html

A new Wi-Fi attack called AirSnitch shows client isolation may not protect users on shared networks.

Researchers found every tested router vulnerable to at least one technique that lets attackers intercept traffic from nearby devices connected to the same Wi-Fi.

🔗 Read → https://thehackernews.com/2026/03/weekly-recap-qualcomm-0-day-ios-exploit.html#:~:text=New%20AirSnitch%20Attack%20Shows%20Wi%2DFi%20Client%20Isolation%20May%20Not%20Be%20Enough

⚠️ CISA confirms active exploitation of CVE-2025-68613 in the #n8n automation platform.

The expression-injection flaw allows authenticated attackers to run code with n8n process privileges—exposing data, altering workflows, or taking full control of the instance.

🔗 Read → https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html

⚡ Apple backports CVE-2023-43010 fix after the WebKit flaw was used in the Coruna #iPhone exploit kit.

It allows memory corruption via malicious web content. Fix now covers iOS 15.8.7 & 16.7.15 devices, including iPhone 6s, 7, 8 & X.

🔗 Read → https://thehackernews.com/2026/03/apple-issues-security-updates-for-older.html

Attackers now weaponize phishing volume.

Research shows 66% of SOC teams can’t keep up with alerts, letting attackers hide targeted spear-phish inside thousands of decoys. The flood isn’t random. It’s meant to exhaust analysts and slow investigation.

🔗 How phishing campaigns exploit SOC workload → https://thehackernews.com/2026/03/attackers-dont-just-send-phishing.html

New week. Same internet chaos.

⚠️ OAuth token theft
📱 Signal/WhatsApp hijacks
☁️ Cloud flaw breaches
🧟 Zombie ZIP evasion
💼 HR malware kills EDR
🤖 AI agent platform hack
💬 Teams impersonation attacks
🌐 174-exploit botnet scans

🔗 ThreatsDay is out — quick hits from this week’s cyber chaos → https://thehackernews.com/2026/03/threatsday-bulletin-oauth-trap-edr.html

Want a Master’s or Graduate Certificate in Cybersecurity Risk Management from Georgetown University?

Join our virtual webinar on March 24. Sign up: https://thn.news/risk-mgmt-fb

Modern phishing now hides behind HTTPS and trusted services, so attacks look like normal logins.

Sandbox analysis executes suspicious links safely and exposes credential-stealing flows in under 60 seconds.

🔗 How SOC teams uncover phishing before account takeover → https://thehackernews.com/2026/03/how-to-scale-phishing-detection-in-your.html

🤖 IBM X-Force found AI-generated #malware Slopoly used by Hive0163.

The PowerShell backdoor persists for days, beacons every 30s, and runs commands from a remote C2. AI didn’t make it advanced — it made malware faster to build.

🔗 Read here → https://thehackernews.com/2026/03/hive0163-uses-ai-assisted-slopoly.html

⚠️ Rust-based banking trojan VENON is targeting 33 financial institutions in Brazil.

It monitors banking windows, triggers credential-stealing overlays, and hijacks Itaú app shortcuts to redirect victims to attacker-controlled pages.

🔗 Read → https://thehackernews.com/2026/03/rust-based-venon-malware-targets-33.html

⚠️ Veeam fixed multiple flaws in Backup & Replication, including 9.9-severity RCE bugs that let authenticated domain users run code on backup servers.

Affected: all v12 builds before 12.3.2.4465.

🔗 CVEs and patch details → https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html

🚔 Global police dismantled SocksEscort, a proxy botnet built from hacked home routers.

AVrecon malware turned SOHO devices into anonymous gateways for fraud, ransomware, and DDoS.

Operation Lightning seized 34 domains, 23 servers, froze $3.5M. 369K IPs across 163 countries.

🔗 Read → https://thehackernews.com/2026/03/authorities-disrupt-socksescort-proxy.html

🛑 Linux AppArmor hit by 9 “CrackArmor” flaws letting unprivileged users manipulate security profiles and escalate to root.

The bugs date back to 2017 and affect kernels 4.11+ across major distros including Ubuntu, Debian, and SUSE.

🔗 Read → https://thehackernews.com/2026/03/nine-crackarmor-flaws-in-linux-apparmor.html

⚠️ WARNING: Google fixed 2 exploited Chrome bugs (CVSS 8.8) in Skia and the V8 engine.

Crafted HTML pages can trigger memory corruption or sandbox code execution.Update to Chrome v146 now.

Edge, Brave, Opera, and Vivaldi patches will follow.

🔗 Read → https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html

Russian hackers are targeting #Signal and #WhatsApp accounts of officials, journalists, and military personnel using phishing — not breaking encryption.

Attackers pose as Signal support bots or abuse linked-device features to steal verification codes and take over accounts.

🔗Read → https://thehackernews.com/2026/03/threatsday-bulletin-oauth-trap-edr.html#messaging-account-takeover

Microsoft says attackers are poisoning search results to spread fake VPN clients that steal credentials.

The campaign redirects software searches to trojanized installers on GitHub that show fake VPN prompts while Hyrax steals credentials.

🔗 Read → https://thehackernews.com/2026/03/storm-2561-spreads-trojan-vpn-clients.html

INTERPOL dismantled 45,000 malicious IPs and servers tied to phishing, malware, and ransomware.

Operation Synergia III across 72 countries led to 94 arrests, 110 suspects under investigation, and seized devices and servers tied to global scam infrastructure.

🔗 Read → https://thehackernews.com/2026/03/interpol-dismantles-45000-malicious-ips.html

🛑 Meta will shut down Instagram’s end-to-end encrypted chats on May 8, 2026.

Users with affected conversations will get instructions to download messages or media before the change.

🔗 Read → https://thehackernews.com/2026/03/meta-to-shut-down-instagram-end-to-end.html