⚠️ CISA added two CVSS 9.8 flaws to its KEV list after active exploitation.

One hits Hikvision devices and can expose sensitive data. The other targets Rockwell Logix controllers and could let attackers alter system configs.

🔗 Details → https://thehackernews.com/2026/03/hikvision-and-rockwell-automation-cvss.html

Federal agencies must patch by March 26.

🛑 ClickFix has moved to Windows Terminal.

Microsoft says victims are told to open wt.exe and paste a command from fake CAPTCHA pages.

That launches PowerShell, pulls payloads, and injects Lumma Stealer into Chrome and Edge to steal saved credentials.

🔗 Read → https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html

🚨 China-linked APT UAT-9244 has been targeting telecom networks in South America since 2024.

Cisco Talos uncovered 3 new implants across Windows, #Linux, and edge devices—used for persistence, command control, and large-scale brute-force scanning.

🔗 Inside TernDoor, PeerTime, and BruteEntry → https://thehackernews.com/2026/03/china-linked-hackers-use-terndoor.html

🛑 Iran-linked hackers quietly embedded inside multiple U.S. organizations, Broadcom researchers report.

The campaign is tied to MuddyWater, an #Iranian state group. Attackers deployed a Deno-based backdoor and tried exfiltrating data using Rclone to cloud storage.

🔗 Read → https://thehackernews.com/2026/03/iran-linked-muddywater-hackers-target.html

MSPs trying to scale cybersecurity hit the same wall: manual risk assessments that don’t scale.

AI-powered risk management automates assessments, maps compliance, and turns findings into remediation—enabling continuous security services instead of one-off fixes.

🔗 Inside: framework for scalable risk-first cybersecurity services → https://thehackernews.com/2026/03/the-msp-guide-to-using-ai-powered-risk.html

Your shiny new AI agent can now:

🔗 Browse
🛠️ Execute code
☢️ Touch production systems

Agency Gap = tools + APIs + permissions = new attack surface.

Secure your agents BEFORE they get owned.

🔗 Join the webinar → https://thehacker.news/ai-agents-attack-surface

⚠️ VOID#GEIST malware delivers 3 RATs: XWorm, AsyncRAT, and Xeno RAT through a layered script chain.

Phishing emails pull a batch file from TryCloudflare, open a fake invoice PDF, then use Python to decrypt shellcode and inject it into explorer.exe via Early Bird APC.

🔗 Inside the full fileless attack chain → https://thehackernews.com/2026/03/multi-stage-voidgeist-malware.html

⚡ Bitdefender says Pakistan-aligned Transparent Tribe (APT36) is targeting Indian government entities with AI-generated malware.

The campaign spreads polyglot implants in Nim, Zig, and Crystal and hides C2 inside Slack, Supabase, and Google Sheets.

🔗 Inside: phishing chain, malware tools, and infrastructure → https://thehackernews.com/2026/03/transparent-tribe-uses-ai-to-mass.html

😮 Car tire pressure sensors may expose where you go.

Researchers found TPMS sensors broadcast unchanging IDs in unencrypted radio signals. Receivers up to 40 m away can capture them and recognize the same vehicle again.

That enables long-term tracking—no cameras, no line of sight.

🔗 How TPMS signals reveal vehicle movement → https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html#tpms-signals-allow-covert-vehicle-tracking

⚡NATO has cleared #iPhone and iPad to handle classified information.

The approval relies on built-in iOS and iPadOS security—no custom hardening or special software required.

Germany’s BSI had already cleared the devices for classified government use.

🔗 Details on NATO approval → https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html#nato-clears-consumer-iphones-and-ipads

🔥 Anthropic says its #Claude model found 22 Firefox vulnerabilities while scanning ~6,000 C++ files with Mozilla.

14 were high-severity. Turning bugs into exploits proved harder: after hundreds of attempts, the AI succeeded only twice.

🔗 Read → https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html

🔥 OpenAI launched "Codex Security," an AI agent that finds and fixes code vulnerabilities.

In testing it scanned 1.2M commits across open-source repos, uncovering 792 critical and 10,561 high-severity flaws in projects including OpenSSH, GnuTLS, PHP, and Chromium.

🔗 Details → https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html

⚠️ A newly tracked threat cluster is quietly breaching critical infrastructure across Asia.

Unit 42 says attackers exploit web servers, plant web shells, and dump credentials with tools like Mimikatz to move across networks in aviation, energy, and government sectors.

🔗 Read → https://thehackernews.com/2026/03/web-server-exploits-and-mimikatz-used.html

🛑 Two Chrome extensions turned malicious after an ownership transfer.

Researchers say QuickLens (7,000 users) now strips security headers and pulls remote code every 5 minutes. The payload executes via hidden elements, leaving no malicious code in the extension source.

🔗 Read → https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html

Latest edition of Cybersecurity recap worth reading:

🌐 PhaaS network dismantled
📱 Qualcomm 0-day exploited
🔗 iOS hit with 23-exploit chain
📡 Wi-Fi isolation bypassed
🤖 AI writes malware
🕵️ Iran targets US banks
🏴‍☠️ Phobos operator pleads guilty
🔓 WP plugin drops rogue admins
🦊 AI finds 22 Firefox vulns
☁️ AzCopy abused for exfiltration
🔑 1M+ private keys leaked
🧠 MuddyWater upgrades toolkit
📋 ClickFix drops ransomware
💀 LeakBase taken down
🪤 MCP server backdoored
📲 Fake Google page drops RAT
💸 Ransomware payments drop 8%
🌍 90 zero-days tracked in 2025

🔗 Full RECAP → https://thehackernews.com/2026/03/weekly-recap-qualcomm-0-day-ios-exploit.html

Supply-chain pressure is pushing mid-market firms to meet enterprise security standards. Partners now expect proof of resilience.

A Bitdefender webinar explains how security platform consolidation helps lean IT teams cut complexity and show stronger security posture.

🔗 GravityZone platform approach → https://thehackernews.com/2026/03/can-security-platform-finally-deliver.html

🚨 North Korea’s UNC4899 breached a crypto firm via AirDrop from a develop’s device.

A poisoned archive ran a fake Kubernetes CLI, opened a backdoor, pivoted into Google Cloud, exposed CI/CD tokens & reset accounts to steal millions.

🔗 Read → https://thehackernews.com/2026/03/unc4899-used-airdrop-file-transfer-and.html

⚠️ A malicious npm package is spreading a full RAT malware disguised as an OpenClaw installer.

It pulls a hidden second-stage payload and steals browser data, macOS Keychain entries, crypto wallets, and developer cloud credentials.

🔗 Read → https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html

⚠️ CISA added 3 actively exploited flaws to KEV.

Most critical: SolarWinds Web Help Desk CVE-2025-26399 (CVSS 9.8) allowing remote command execution.

Other KEV entries hit Omnissa Workspace One UEM and Ivanti Endpoint Manager. Federal agencies ordered to patch.

🔗 Details → https://thehackernews.com/2026/03/cisa-flags-solarwinds-ivanti-and.html

Security teams often prioritize fixes by CVSS. But CVSS measures technical severity, not actual risk.

A 9.8 CVSS flaw in an isolated test system may be patched first, while a lower-scored bug in a public login API waits.

Real risk depends on exposure, exploit paths, and business impact.

🔗 Why context changes vulnerability priorities → https://thehackernews.com/expert-insights/2026/03/why-cvss-scores-dont-tell-real-story-of.html