Latest Cybersecurity News and Articles
24 March 2026
A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bring your own vulnerable driver (BYOVD) technique.
"The campaign abuses Google Ads to serve rogue ScreenConnect (
24 March 2026
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers.
"The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails," Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared
24 March 2026
A summary of the announcements made by vendors on the first day of the RSAC 2026 Conference.
The post RSAC 2026 Conference Announcements Summary (Day 1) appeared first on SecurityWeek.
24 March 2026
The Lapsus$ hackers allegedly compromised internal code repositories, credentials, and employee data.
The post Extortion Group Claims It Hacked AstraZeneca appeared first on SecurityWeek.
24 March 2026
The software refresh fixes eight memory safety bugs affecting seven Chrome components.
The post Chrome 146 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
24 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 24, 2026 – Read the full story from Sophos The 2026 CISO Report, published by Cybersecurity Ventures in partnership with Sophos, highlights a critical imbalance in global cybersecurity leadership. Despite decades of
The post The Global CISO Landscape: A Leadership Gap Too Large To Ignore appeared first on Cybercrime Magazine.
24 March 2026
Learn how the CIS Critical Security Controls and the CIS Benchmarks can be used together to support secure configuration at scale.
The post Webinar Today: Putting CIS Controls and Benchmarks into Practice appeared first on SecurityWeek.
24 March 2026
Hackers stole personal, medical, and health insurance information from the company’s internal systems.
The post 3.1 Million Impacted by QualDerm Data Breach appeared first on SecurityWeek.
24 March 2026
The role of Israel’s hijacking of Iran’s street cameras in the killing of the country’s supreme leader underscores how surveillance systems are increasingly being targeted by adversaries in wartime.
The post Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool appeared first on SecurityWeek.
24 March 2026
Dr Richard Horne delivered a keynote about cyber risks and opportunities at the RSA Conference in San Francisco
24 March 2026
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data.
The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below -
react-performance-suite
react-state-optimizer-core
react-fast-utilsa
ai-fast-auto-trader
24 March 2026
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position
24 March 2026
An out-of-bounds read vulnerability can be exploited remotely without authentication to read sensitive information from memory.
The post Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn appeared first on SecurityWeek.
24 March 2026
The hackers stole internal IDs, names, email addresses, and business partner IDs from an internal management system.
The post Mazda Says Employee, Partner Information Stolen in Cyberattack appeared first on SecurityWeek.
24 March 2026
Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling decisions, and difficulty explaining security issues in terms the business understands.
These challenges do not
24 March 2026
The FBI has published an alert describing the malware used by Iranian government hackers.
The post Stryker Says Malicious File Found During Probe Into Iran-Linked Attack appeared first on SecurityWeek.
24 March 2026
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack.
The workflows, both maintained by the supply chain security company Checkmarx, are listed below -
checkmarx/ast-github-action
checkmarx/kics-github-action
Cloud security
24 March 2026
A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations.
According to the U.S. Department of Justice (DoJ), Aleksei Olegovich Volkov facilitated dozens of ransomware attacks across the
24 March 2026
Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.
The vulnerabilities are listed below -
CVE-2026-3055 (CVSS score: 9.3) - Insufficient input validation leading to memory overread
CVE-2026-4368 (CVSS score: 7.7) - Race condition leading to user
23 March 2026
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects.
The use of VS Code "tasks.json" to distribute malware is a relatively new tactic adopted by the threat actor since December 2025, with the attacks