🛑 Open VSX flaw let attackers publish malicious VS Code extensions by bypassing scans.

Single boolean bug treated scan failures as “nothing to scan,” so extensions passed under load and went live.

🔗 How scan failures were misread and checks skipped → https://thehackernews.com/2026/03/open-vsx-bug-let-malicious-vs-code.html

Cybersecurity is now tied to geopolitics.

State-backed cyber operations target telecoms, infrastructure, and governments, while hacktivist groups increasingly align with national interests.

🔗 How cyber conflict is reshaping global security → https://thehackernews.com/2026/03/we-are-at-war.html

🚨 A supply chain attack hit the telnyx Python package—versions 4.87.1 and 4.87.2 were backdoored to steal credentials.

Malware hidden in .WAV files runs on import, exfiltrates data, persists on Windows, and runs fileless on Linux/macOS before deleting traces.

🔗 Read → https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html

🛑 Apple is sending #iPhone Lock Screen alerts warning users about active web-based attacks targeting outdated iOS.

Coruna and DarkSword exploit kits target older iOS via compromised sites, expanding risk beyond targeted attacks.

🔗 Read → https://thehackernews.com/2026/03/apple-sends-lock-screen-alerts-to.html

🛑 Russian-linked TA446 is using DarkSword iOS exploit kit in targeted phishing emails.

Spoofed “discussion invites” trigger exploits only on iPhones and deliver GHOSTBLADE malware, expanding from credential theft to device compromise across government, academia, and policy targets.

🔗 How DarkSword is used in these attacks → https://thehackernews.com/2026/03/ta446-deploys-leaked-darksword-ios.html

⚠️ CISA flagged active exploitation of an F5 BIG-IP APM flaw.CVE-2025-53521 (CVSS 9.3) enables RCE, reclassified from DoS after new findings.

Exploitation is confirmed in the wild, with a federal patch deadline set.

🔗 Read → https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html

🚨 Attackers are probing Citrix NetScaler for CVE-2026-3055 (CVSS 9.3).

Honeypots show requests to /cgi/GetAuthMethods to identify SAML IdP setups, which are required for exploitation.

🔗 How attackers are mapping vulnerable NetScaler targets → https://thehackernews.com/2026/03/citrix-netscaler-under-active-recon-for.html

⚡ Iran-linked hackers breached FBI Director Kash Patel’s personal email and leaked years-old data.

No government data was exposed, but the breach is part of a wider campaign using phishing, VPN access, and wiper attacks to disrupt targets and send geopolitical signals.

🔗 Read about tactics, Stryker attack, and MOIS links → https://thehackernews.com/2026/03/iran-linked-hackers-breach-fbi.html

⚠️ Three China-linked clusters targeted a Southeast Asian government in a coordinated operation.

Overlapping malware and tactics show a sustained push for long-term access, not disruption, across several months in 2025.

🔗 Read → https://thehackernews.com/2026/03/three-china-linked-clusters-target.html

AI isn’t making code safer. It’s expanding the attack surface.

As Eric Fourrier, GitGuardian CEO, notes, 28.65M secrets were exposed in 2025 as AI workflows expanded tokens, APIs, and machine identities.

Risk has shifted from code to credentials. Remediation is now the bottleneck.

🔗 Why AI security is shifting beyond code → https://thehackernews.com/expert-insights/2026/03/the-real-problem-isnt-that-ai-cant.html

🛑 A Russian-linked toolkit is spreading through fake Windows shortcut files disguised as private key folders.

CTRL hides activity through RDP tunnels and local pipes, avoiding standard C2 traffic and reducing network detection signals.

🔗 Read → https://thehackernews.com/2026/03/russian-ctrl-toolkit-delivered-via.html

GitGuardian found 29M leaked secrets in 2025, up 34%—the largest jump on record.

AI services and internal systems drive exposure, while 64% of 2022 leaks remain valid; detection isn’t the issue, remediation & ownership are.

🔗 Where secrets leak & why they stay exploitable → https://thehackernews.com/2026/03/the-state-of-secrets-sprawl-2026-9.html

This week in cybersecurity...

📡 Telecom backbone backdoored
📬 FBI director's inbox owned
⛓️ Botnet hiding in blockchain
🦠 Chrome extension = infostealer
🖱️ ClickFix hits macOS
🚫 Foreign routers banned
👮 RedLine operator extradited
💸 BEC fraudster gets 7 years
📷 Deepfake-proof sensor developed
📋 30+ CVEs, some live in the wild

Full recap is live 👇 https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html

📣 Nudge Security has added AI Agent Discovery to help teams manage shadow AI risks.

Employees are rapidly creating AI agents that connect to critical systems with broad permissions—often without visibility. These agents can persist even after creators leave.

Nudge Security helps by:
👉 Discovering agents across platforms like Copilot Studio, Salesforce, and more
👉 Mapping ownership, permissions, and integrations
👉 Identifying risks like exposed access, hardcoded credentials, and orphaned agents
👉 Enforcing guardrails to validate and secure usage

AI Agent Discovery is in research preview. Start a free trial to access it: https://thn.news/ai-discovery-tool

⚠️ A new malware loader is using fake “fix” prompts to trick users into running PowerShell commands.

DeepLoad runs inside legitimate Windows processes and begins stealing browser credentials and sessions early in the attack.

🔗 Read → https://thehackernews.com/2026/03/deepload-malware-uses-clickfix-and-wmi.html

Most Tier 1 delays start before the threat is even understood.

Tool switching and static triage slow investigations and hide real behavior. Unified workflows and behavior-first analysis reduce friction, speed validation, and cut unnecessary escalations.

🔗 How SOC teams cut delays at Tier 1 → https://thehackernews.com/2026/03/3-soc-process-fixes-that-unlock-tier-1.html

🛑 Two OpenAI flaws showed how AI systems can expose sensitive data.

🔸 One allowed silent leaks via a DNS side channel in ChatGPT
🔸 Another enabled GitHub token theft via Codex injection

🔗 What these vulnerabilities exposed about AI security → https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html

⚡ WARNING - Axios npm (83M weekly downloads) was compromised, turning installs into a malware delivery path.

Versions 1.14.1 and 0.30.4 pulled a fake dependency that dropped a cross-platform RAT, then erased evidence. Published using stolen maintainer credentials.

🔗 What happened and how the attack worked → https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html

Most AppSec teams say they fix critical bugs. Data shows otherwise.

In Semgrep's report, Braden Riggs finds top teams fix 63% of critical issues, while most fix just 13%. Same tools and alerts—the gap is execution, not detection.

🔗 What 50k repos reveal about real vulnerability fixes → https://thehackernews.com/expert-insights/2026/03/which-code-vulnerabilities-actually-get.html

Silver Fox is spreading AtlasCross RAT via fake Zoom, Signal, and Teams sites.

Signed installers from typo domains bypass checks, disable security tools, and run the RAT in memory for remote access and data theft across Asia.

🔗 Full details → https://thehackernews.com/2026/03/silver-fox-expands-asia-cyber-campaign.html

⚠️ A flaw in Google Cloud Vertex AI could expose sensitive data across projects.

Default service agent permissions allow attackers to steal credentials from AI agents, access storage buckets, and move inside cloud environments.

🔗 Details here → https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html