Latest Cybersecurity News and Articles
14 March 2026
China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source and self-hosted autonomous artificial intelligence (AI) agent.
In a post shared on WeChat, CNCERT noted that the platform's "inherently weak default security configurations," coupled with its
14 March 2026
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry.
"Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive
14 March 2026
The vulnerability can be exploited remotely, without authentication, to circumvent existing authentication controls.
The post Critical HPE AOS-CX Vulnerability Allows Admin Password Resets appeared first on SecurityWeek.
13 March 2026
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020.
Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation.
"The activity demonstrated strategic operational patience and
13 March 2026
Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026.
"If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said in a help document. "If you're on an older version of Instagram, you may also need to update the
13 March 2026
Why is Salesforce — and other platforms like it — such an attractive target to cybercriminals?
13 March 2026
Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds.
The post Starbucks Data Breach Impacts Employees appeared first on SecurityWeek.
13 March 2026
INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams.
The effort is part of an international law enforcement operation that involved 72 countries and territories.
13 March 2026
Other noteworthy stories that might have slipped under the radar: Telus Digital data breach, vulnerabilities in Linux AppArmor allow root privileges, US defense contractor behind Coruna exploits.
The post In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown appeared first on SecurityWeek.
13 March 2026
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques.
"The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients
13 March 2026
Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is intended for informational and preparedness purposes only.
Read more blogs around threat
13 March 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 13, 2026 – Read the full story in Forbes Cloud security has become the backbone of enterprise resilience, but the threat landscape has evolved faster than traditional security models can respond.
The post How AI And LLMs Are Redefining Cloud Security and Cyber Defense appeared first on Cybercrime Magazine.
13 March 2026
Pro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war, raising the risk of American defense contractors, power stations and water plants.
The post Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War appeared first on SecurityWeek.
13 March 2026
The startup relies on AI to turn devices into active agents that understand users’ actions and provide protection in real time.
The post Bold Security Emerges From Stealth With $40 Million in Funding appeared first on SecurityWeek.
13 March 2026
Google paid over $3.7 million for Chrome vulnerabilities, and more than $3.5 million for cloud security defects.
The post Google Paid Out $17 Million in Bug Bounty Rewards in 2025 appeared first on SecurityWeek.
13 March 2026
Evidence indicates that the attackers leveraged existing endpoint management software rather than malware to wipe devices.
The post Iran-Linked Hacker Attack on Stryker Disrupted Manufacturing and Shipping appeared first on SecurityWeek.
13 March 2026
The startup is building a control pane to help organizations oversee autonomous AI agents and rapidly adopt them.
The post Onyx Security Launches With $40 Million in Funding appeared first on SecurityWeek.
13 March 2026
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.
The list of vulnerabilities is as follows -
CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML
13 March 2026
Law enforcement agencies in the US and Europe targeted the cybercrime service that has impacted 360,000 devices since 2020.
The post Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet appeared first on SecurityWeek.
13 March 2026
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees.
The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The