Cybersecurity Newsfeed - 18/03/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 18/03/26
🛡️ Vulnerabilities
Critical Snap Flaw (CVE-2026-3888): Qualys researchers identified a critical local privilege escalation flaw in the Snap packaging system. The vulnerability allows unprivileged users to manipulate environment variables during binary execution to gain root access. Organizations are urged to update the
snapdpackage immediately. More infoAI Infrastructure Risks in Bedrock & LangSmith: Researchers disclosed flaws in Amazon Bedrock and LangSmith that enable prompt injection and sensitive data exposure. In Bedrock, misconfigured permissions allowed cross-tenant data access, while LangSmith was found vulnerable to API key leakage. More info
🎯 Adversaries
Storm-2561 Impersonates VPN Portals: A sophisticated campaign is using fraudulent Fortinet and Ivanti VPN portals to distribute the Hyrax infostealer. Attackers leverage SEO poisoning and malicious ads to lure users into downloading fake, digitally signed installers that harvest credentials and session cookies. More info
Outpost24 Targeted in Phishing Campaign: Threat actors launched a sophisticated phishing attack against the security firm Outpost24, using a spoofed login portal to harvest internal credentials. The incident highlights the ongoing trend of attackers targeting security vendors to facilitate downstream supply chain compromises. More info
Warlock Ransomware Refines Post-Exploitation: Analysis shows Warlock operators are shifting focus toward extensive lateral movement and data exfiltration prior to encryption. The group utilizes legitimate admin tools and custom scripts to maintain long-term persistence and pressure victims with double-extortion. More info
China-Nexus Espionage in Southeast Asia: A state-aligned threat group is targeting military organizations across Southeast Asia. The campaign uses custom malware and “living off the land” tactics to gather strategic intelligence on regional security policies and maritime disputes. More info
LeakNet Adopts Deno Runtime for Stealth: The LeakNet ransomware group is now using the Deno runtime to execute payloads in-memory. By combining “ClickFix” social engineering with this modern development tool, they effectively bypass traditional antivirus and EDR solutions. More info
Vidar 2.0 Distributed via Fake Game Cheats: Hundreds of GitHub and Reddit repositories are distributing Vidar 2.0 infostealer disguised as “free game cheats.” The malware targets browser credentials and crypto wallets, utilizing advanced anti-analysis features to evade sandboxes. More info
“ClickFix” Targets Developers with Fake Claude Tools: A new social engineering campaign is promoting fraudulent AI productivity tools (like a fake version of Claude) to deliver MacSync malware to macOS developers, seeking to exfiltrate keychain data and source code secrets. More info
📈 Trends
EU Sanctions Chinese and Iranian Firms: The European Council has imposed sanctions on several entities, including i-Soon and Emennet Pasargad, for their involvement in state-sponsored cyberattacks targeting EU critical infrastructure and democratic processes. More info
Rise of Deepfake Voice Fraud: Pindrop launched “Protect Fraud Assist” to help call centers combat synthetic speech attacks. This technology addresses the growing threat of “vishing” where attackers use AI-generated voices to bypass traditional authentication. More info
Huntress Launches New Posture Tools: Huntress introduced Managed Endpoint and Identity Security Posture Management tools to address the surge in RMM tool abuse and rising identity-based threats in Microsoft 365 environments. More info
Rondodox Botnet Arsenal Expansion: The Rondodox botnet has expanded to target 174 distinct vulnerabilities across IoT and Linux systems, conducting approximately 15,000 daily exploit attempts to fuel DDoS and proxy operations. More info
AI Documentation Leaking Secrets: Security experts warn that AI agents are inadvertently including hardcoded credentials and internal IPs in “README” files and public repositories while automating documentation tasks. More info
Novel Font-Smuggling Attack: Researchers uncovered a technique using font ligatures and Unicode characters to hide malicious commands from AI-based scanners while keeping them executable by the system shell. More info
💥 Breaches & Leaks
Intuitive Surgical Discloses Cyberattack: The robotic surgery giant reported a disruption to internal systems following a cyberattack. While patient safety systems remained unaffected, the breach highlights the vulnerability of high-tech medical manufacturing. More info
Fake “Pudgy World” NFT Drainer: A phishing site masquerading as the Pudgy World NFT project is using “drainer” scripts to steal digital assets from users who connect their crypto wallets to the fraudulent platform. More info