Cybersecurity Newsfeed - 26/03/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 26/03/26
🛡️ Vulnerabilities
CISA KEV Update (March 25, 2026): CISA added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. Federal agencies are required to remediate within a specific timeframe to reduce exposure. More info
Citrix NetScaler Urgent Patching: Citrix issued an advisory for multiple vulnerabilities in NetScaler ADC and Gateway. These flaws could allow for unauthenticated remote code execution or sensitive information disclosure. More info
TP-Link Router Authentication Bypass: A critical security warning was issued for several TP-Link router models. The flaw allows unauthenticated local attackers to gain administrative control and potentially recruit devices into botnets. More info
SANS Internet Storm Center Scanning Surge: Analysts observed a significant uptick in automated probes seeking misconfigured services and unpatched systems, potentially acting as reconnaissance for coordinated exploitation. More info
🎯 Adversaries
PolyShell Targets Magento Stores: Over 56% of vulnerable Magento e-commerce stores are being targeted in a campaign to inject scripts that steal customer payment info and admin credentials. More info
Russian Botnet Operator Convicted: A Russian national was convicted and sentenced in the U.S. for operating a sophisticated botnet that facilitated large-scale ransomware and DDoS attacks against U.S. corporations. More info
Mirai Malware Fueling IoT Botnet Growth: New variants of Mirai are targeting modern smart devices and industrial controllers to expand botnets used for massive DDoS attacks. More info
Palo Alto Networks Recruiter Phishing: Scammers are impersonating Palo Alto Networks recruiters on LinkedIn to lure cybersecurity professionals into downloading malware disguised as technical assessment tools. More info
Poland Hit by Surge in Cyberattacks: Polish officials reported a dramatic increase in state-sponsored cyber activity throughout 2025 and 2026, including a major assault on the national energy sector. More info
Torg Grabber Targets Crypto Wallets: This new infostealer targets 728 different cryptocurrency wallets, extracting private keys and mnemonic phrases via cracked software and malicious ads. More info
📈 Trends
AI Agent Supply Chain Attacks: Researchers identified a novel vector targeting AI agents via the “Context Hub,” using indirect prompt injection to exfiltrate sensitive data. More info
Virtual Smartphone Fraud: Fraudsters are increasingly using virtualized smartphone environments to bypass mobile security measures and banking 2FA. More info
Abuse of “No-Code” AI Tools: Threat actors are exploiting the Bubble AI app builder to deploy sophisticated Microsoft phishing pages that bypass email security filters. More info
Paid AI Accounts as Underground Commodity: Stolen ChatGPT Plus and Midjourney accounts are being sold on criminal forums to help attackers bypass safety filters and generate malicious content. More info
Marketing Tech Security Shift: Organizations are exploring Klaviyo alternatives to find platforms with more robust data protection and granular privacy controls. More info
💥 Breaches & Leaks
Crime Tipster Database Breach: Hackers claim to have breached a database containing sensitive info on millions of anonymous tipsters, potentially endangering public safety and witness trust. More info
📚 Others
Disney’s OpenAI Sora Challenges: Friction between generative AI and filmmaking persists as Disney faces technical and ethical hurdles with automated video production. More info
Njordium AI Fraud Detection: A new AI-driven module has launched to help financial institutions identify and mitigate sophisticated crimes and account takeovers in real-time. More info
GitHub “OpenClaw” Wallet Drainer: Developers are being targeted by a fake token scam on GitHub that drains cryptocurrency wallets through malicious smart contracts. More info
NSA “Red Line” Proposal: A former NSA director proposed a policy to define thresholds for offensive cyber retaliation to deter state-sponsored attacks on critical infrastructure. More info