Latest Cybersecurity News and Articles
21 March 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026.
The vulnerabilities that have come under exploitation are listed below -
CVE-2025-31277 (CVSS score: 8.8) - A vulnerability in Apple
21 March 2026
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.
The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on
20 March 2026
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.
The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy," which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow
20 March 2026
Other noteworthy stories that might have slipped under the radar: vulnerabilities found in KVM devices, Claudy Day Claude vulnerabilities, The Gentlemen ransomware group.
The post In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting appeared first on SecurityWeek.
20 March 2026
A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities.
The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a case of missing authentication combined with code injection that could result in remote code execution.
"The POST/api/v1
20 March 2026
The men violated U.S. export controls laws by scheming to divert massive quantities of the high-performance servers assembled in the United States to China.
The post 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China appeared first on SecurityWeek.
20 March 2026
The company will use the investment to expand its platform’s capabilities and grow channel partnerships.
The post Eclypsium Raises $25 Million for Device Supply Chain Security appeared first on SecurityWeek.
20 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 20, 2026 If you’re making the pilgrimage to RSAC 2026 in San Francisco next week, then we might see you there. For the past five years, Cybersecurity Ventures has been one of the RSAC
The post Cybersecurity Ventures Will See You At RSAC Conference 2026 appeared first on Cybercrime Magazine.
20 March 2026
The US has seized several domains used by Handala in cyber-enabled psychological operations.
The post US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites appeared first on SecurityWeek.
20 March 2026
Cape offers a privacy-focused mobile virtual network operator (MVNO) service for consumers, enterprises, and governments.
The post Cape Raises $100 Million for Protection Against Cellular Security Threats appeared first on SecurityWeek.
20 March 2026
Between late December 2025 and mid-January 2026, hackers stole personal and health plan information from Navia’s environment.
The post Navia Data Breach Impacts 2.7 Million appeared first on SecurityWeek.
20 March 2026
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety.
The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to
20 March 2026
The attacks started on February 27 and have targeted e-commerce platforms, global brands, and government services.
The post Thousands of Magento Sites Hit in Ongoing Defacement Campaign appeared first on SecurityWeek.
20 March 2026
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,
20 March 2026
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover.
The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in
20 March 2026
The company will invest in expanding its digital brand protection platform and in scaling its go-to-market efforts.
The post Allure Security Raises $17 Million for Online Brand Protection appeared first on SecurityWeek.
20 March 2026
Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.
The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure appeared first on SecurityWeek.
20 March 2026
Director Patel stated the FBI purchases data that can be leveraged to track a person’s movement and location history.
20 March 2026
The lesser-known JackSkid and Mossad botnets have also been targeted in the operation.
The post Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation appeared first on SecurityWeek.
20 March 2026
The U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation.
The effort also saw authorities from Canada and Germany targeting the operators behind these botnets, with a number of private