Latest Cybersecurity News and Articles
18 March 2026
Americans are using VPNs for additional privacy.
18 March 2026
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins.
A detailed analysis of where Claude
18 March 2026
Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts.
The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow
18 March 2026
Meta does not plan on fixing the vulnerability because it involves the use of a modified client application.
The post Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch appeared first on SecurityWeek.
18 March 2026
Security teams today are not short on tools or data. They are overwhelmed by both.
Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context:
Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable attack paths to crown jewels?
Even the most mature security teams can’t answer that
18 March 2026
A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level.
Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system.
"This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access
18 March 2026
Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.
The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content.
The
18 March 2026
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges.
The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set
17 March 2026
Security chiefs watch short videos produced by Cybercrime Magazine – Steve Morgan, Founder of Cybersecurity Ventures Sausalito, Calif. – Mar. 17, 2026 Around a year ago, Cybersecurity Ventures asked AI “Why use YouTube for marketing?” and it replied “YouTube is a powerful marketing tool because
The post CISO DEMO: Cybersecurity Vendors Pitch Chief Information Security Officers On YouTube appeared first on Cybercrime Magazine.
17 March 2026
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.
In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells
17 March 2026
Anthropic, AWS, Google, Microsoft, and OpenAI fund the Linux Foundation’s long-term security initiatives focused on open source software.
The post Tech Giants Invest $12.5 Million in Open Source Security appeared first on SecurityWeek.
17 March 2026
The government agency confirmed the vulnerability could have been exploited to obtain company details and alter records.
The post UK Companies House Exposed Details of Millions of Firms appeared first on SecurityWeek.
17 March 2026
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method.
The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials
17 March 2026
The company has announced its launch, backed by funding from Accel, Cyberstarts, and Boldstart Ventures.
The post Surf AI Raises $57 Million for Agentic Security Operations Platform appeared first on SecurityWeek.
17 March 2026
The company says some of its internal business applications were accessed after an employee fell victim to a phishing attack.
The post Robotic Surgery Giant Intuitive Discloses Cyberattack appeared first on SecurityWeek.
17 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 17, 2026 – Read the full story in Eureka Street Mark Gaetani, National President of the St Vincent de Paul Society in Australia, recently read in Cybercrime Magazine that cybercrime is considered
The post Growing Threat Of Scams Hits Australia’s Not-For-Profit (NFP) Sector Hard appeared first on Cybercrime Magazine.
17 March 2026
The botnet has increased its activity, peaking at 15,000 exploitation attempts per day, and taking a more targeted approach.
The post 174 Vulnerabilities Targeted by RondoDox Botnet appeared first on SecurityWeek.
17 March 2026
Several major tech and retail companies have signed an industry accord against online scams and fraud.
The post Google, Meta, Microsoft Among Signatories of Pact to Combat Scams appeared first on SecurityWeek.
17 March 2026
The company plans to scale its products, expand to new markets, and grow its marketing and engineering teams.
The post Tracebit Raises $20M for Cloud-Native Deception Technology appeared first on SecurityWeek.
17 March 2026
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera.
The report, based on a survey of 300 US CISOs and senior security leaders, examines how organizations are securing AI infrastructure and highlights critical gaps tied to skills shortages and