Latest Cybersecurity News and Articles
23 March 2026
A summary of the announcements made by vendors in the days leading up to the RSAC 2026 Conference.
The post RSAC 2026 Conference Announcements Summary (Pre-Event) appeared first on SecurityWeek.
23 March 2026
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.
23 March 2026
Six Predictions for the AI-Driven SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 23, 2026 SOC Key Takeaways: What is Autonomous SOC solving? It addresses critical challenges in security operations such as
The post Autonomous SOC: What It Is, Key Benefits and Core Challenges appeared first on Cybercrime Magazine.
23 March 2026
The latest M-Trends report is based on insights from over 500,000 hours of Mandiant incident response investigations in 2025.
The post M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds appeared first on SecurityWeek.
23 March 2026
The semiconductor company says hackers deployed file-encrypting ransomware on the network of a subsidiary in Singapore.
The post Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware appeared first on SecurityWeek.
23 March 2026
Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.
The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.
23 March 2026
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.
This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks. There are also new malware tricks
23 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 23, 2026 – Read the Full Report MSPs and MSSPs, the force multiplier in security leadership, are positioned to provide SMBs with CISO services. The world’s small to midsized businesses (SMBs)
The post 35,000 Chief Information Security Officers Employed Globally in 2026 appeared first on Cybercrime Magazine.
23 March 2026
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target.
When an AI agent can query your Salesforce instance, trigger a Lambda function, or pull from a SharePoint
23 March 2026
The flaws could allow attackers to access sensitive information, execute code, or cause unexpected behavior.
The post QNAP Patches Four Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek.
23 March 2026
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware.
The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients into opening
23 March 2026
Attack volumes are back to pre-disruption levels, and the adversary tactics have remained unchanged.
The post Tycoon 2FA Fully Operational Despite Law Enforcement Takedown appeared first on SecurityWeek.
23 March 2026
Three different databases were publicly exposed, amounting to 3.7 million records.
23 March 2026
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.
The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.
"New image tags 0.69.5 and
23 March 2026
Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf.
The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It's
23 March 2026
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild.
The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.
23 March 2026
Hackers claim that they breached Sony’s anime streaming service CrunchyRoll.
21 March 2026
Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) said Friday.
"The campaign
21 March 2026
The vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector.
The post Critical Quest KACE Vulnerability Potentially Exploited in Attacks appeared first on SecurityWeek.
21 March 2026
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution.
The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0.
"This vulnerability is remotely exploitable without authentication," Oracle said in an advisory. "If successfully