⚠️ CISA flags CVE-2025-47813 in Wing FTP as actively exploited.

It leaks server paths via cookie errors—low severity, high value. Attackers can pair it with a known RCE flaw already used to deploy malware.

🔗 How it enables real attack chains → https://thehackernews.com/2026/03/cisa-flags-actively-exploited-wing-ftp.html

Firewalls still see encrypted port 443 traffic, not what users actually do inside SaaS apps or AI tools.

As Dedi Shindler (Red Access) notes, that blinds teams to prompts, data leaks, and session activity. The fix isn’t replacing firewalls—it’s adding session-level visibility.

🔗 Firewall-native SSE explained → https://thehackernews.com/expert-insights/2026/03/the-firewall-isnt-blind-it-just-needs.html

⚠️ A fake job notice triggered full compromise in a Konni campaign.

The attack drops EndRAT, enabling remote control, persistence, and silent data theft, then spreads via KakaoTalk messages from the victim’s account.

Trusted contacts become the attack path.

🔗 Read → https://thehackernews.com/2026/03/konni-deploys-endrat-through-spear.html

Most CISOs don’t know where AI runs in their own orgs. 67% lack visibility—0% have full oversight.

AI is spread across cloud, apps, and identity, owned by no one. Risk can’t be measured, let alone controlled.

🔗 Data shows where AI security actually breaks → https://thehackernews.com/2026/03/ai-is-everywhere-but-cisos-are-still.html

⚠️ A full Roundcube exploit kit tied to APT28 was found on a live server, targeting Ukrainian government email.

It enables XSS takeover, mailbox exfiltration, hidden forwarding, and even 2FA secret theft. Includes a new CSS-based data exfiltration method.

🔗 Toolkit details → https://thehackernews.com/2026/03/weekly-recap-chrome-0-days-router.html#:~:text=Roundcube%20Exploitation%20Toolkit%20Discovered

AI agents don’t need prompts to turn rogue. They can coordinate attacks on their own.

Tests show agents collaborating to escalate privileges, disable defenses, and steal data—even persuading each other to act.

🔗 Report details how agent-to-agent collusion bypasses controls → https://thehackernews.com/2026/03/weekly-recap-chrome-0-days-router.html#:~:text=Rogue%20AI%20Agents%20Can%20Work%20Together%20to%20Engage%20in%20Offensive%20Behaviors

The best security teams aren't just reactive. They're informed.

Knowing what attackers are doing, how they operate, and where your gaps are isn't a nice-to-have, it's the foundation of a modern defense strategy. That's what Threat-Informed Defense delivers.

This guide lays out a six-stage Threat-Informed Defense pipeline to help your team:

⦿ Cut through alert noise and focus on threats that matter
⦿ Test your people, processes, and technology against realistic attack scenarios
⦿ Put CTI to work operationally with tools like OpenCTI + OpenAEV
⦿ Turn detection and response into a continuous, self-improving cycle

Download the guide today → https://thn.news/infosec-threat-guide

⚠️ LeakNet drops access brokers for ClickFix compromised sites trick users into running msiexec commands via fake CAPTCHA.

Lower cost, faster scale. Deno executes payloads in memory, then lateral movement and data theft follow.

🔗 Details here → https://thehackernews.com/2026/03/leaknet-ransomware-uses-clickfix-via.html

🛑 Amazon Bedrock, LangSmith, and SGLang flaws expose data leaks, token theft, and RCE risks across AI platforms.

Bedrock allows DNS-based exfiltration, LangSmith had account takeover, and SGLang remains vulnerable—showing weak isolation in real-world AI systems.

🔗 Exploits and fixes explained → https://thehackernews.com/2026/03/ai-flaws-in-amazon-bedrock-langsmith.html

⚠️ WARNING - An unpatched critical telnetd bug (CVE-2026-32746) lets attackers gain full system access with no credentials.

One connection to port 23 is enough to trigger memory corruption and execute code as root.

No patch yet. Prior telnet flaw is already exploited in the wild.

🔗Read → https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html

🚨 Apple patched a WebKit flaw that lets crafted pages bypass browser isolation.

CVE-2026-20643 impacts iOS, iPadOS, and macOS. Fixes now ship via background updates, outside full OS releases.

🔗 Details here → https://thehackernews.com/2026/03/apple-fixes-webkit-vulnerability.html

Valid credentials now drive 30% of attacks, per IBM.

As Ani Khachatryan explains, PAM controls access but can’t detect misuse after login. ITDR fills that gap with real-time monitoring and response, closing the identity attack loop.

🔗 Why identity defense now needs both layers → https://thehackernews.com/expert-insights/2026/03/a-unified-identity-defense-layer-why.html

🛑 ALERT - A new flaw in #Ubuntu 24.04+ lets attackers gain full root access from low privileges.

By timing system cleanup, they replace a snap directory and execute code as root—no user action required.

🔗 Exploit steps and patched versions → https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html

🛡️ Security teams see alerts. They don’t see how they connect.

Small gaps, weak settings, and cloud access can link into a path to sensitive data. This walkthrough shows how CSMA maps those paths and helps fix them fast.

🔗 How small issues form real attack paths → https://thehackernews.com/2026/03/product-walkthrough-how-mesh-csma.html

⚠️ Low-cost IP KVM devices expose a direct path to full system takeover.

Researchers found 9 flaws across 4 devices, including unauthenticated root access and remote code execution. Operating below the OS, they let attackers bypass security tools and maintain silent, persistent control.

🔗 Read → https://thehackernews.com/2026/03/9-critical-ip-kvm-flaws-enable.html

🛑 A Magecart skimmer hid its payload in a favicon’s EXIF metadata, never entering the codebase.

A fake CDN script fetched the image, decoded a hidden URL, and executed it in the browser.

No repo changes. No scan alerts. Payment data was exfiltrated at checkout.

🔗 Loader chain and why static tools missed it → https://thehackernews.com/2026/03/claude-code-security-and-magecart.html

⚠️ CERT/CC warns a ZIP flaw tracked as CVE-2026-0866 lets attackers hide malware using malformed archive headers.

Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method.

It breaks how AV and EDR validate files.

🔗 How Zombie ZIP bypasses detection and runs payloads → https://thehackernews.com/2026/03/threatsday-bulletin-oauth-trap-edr.html#zip-evasion-technique

AI comes with potential risks and vulnerabilities, but you can protect your workers and your organization. One of the best places to start is with a comprehensive AI usage policy.

This template provides:

✅ A definition of artificial intelligence
✅ A breakdown of acceptable and prohibited AI use
✅ Customizable guidelines for training, human oversight, accountability, and amendments

🔗 Get your AI employee usage policy template → https://thn.news/ai-policy-guide