Cybersecurity Newsfeed - 27/03/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 27/03/26
🛡️ Vulnerabilities
Critical Oracle WebLogic RCE: A severe remote code execution flaw in Oracle WebLogic Server allows unauthenticated attackers to execute arbitrary code via specially crafted requests. Given its ubiquity in corporate environments, administrators are urged to apply emergency patches immediately to prevent full system takeover. More info
CISA Adds New Flaw to KEV Catalog: CISA has updated its Known Exploited Vulnerabilities catalog with a new entry showing evidence of active exploitation. Federal agencies are mandated to patch within the specified deadline, as these flaws are primary entry points for ransomware and state-sponsored actors. More info
Claude AI Extension Zero-Day: A flaw in a Claude AI browser extension due to improper input validation enabled zero-day attacks. Attackers could use malicious prompts to bypass security boundaries and exfiltrate user browser data. More info
🎯 Adversaries
Ghost Campaign Hits npm Ecosystem: Attackers are using “progress bar” packages to phish for sudo passwords and environment variables. By intercepting terminal input during installation, the malware captures administrative credentials and sends them to a C2 server. More info
Red Menshen Targets Critical Infrastructure: The China-linked actor is using a custom, memory-only backdoor to target telecom and government agencies. By minimizing its disk footprint and using legitimate admin tools, the group maintains long-term, stealthy access. More info
Unit 42 Tracks SE Asian Espionage: A suspected state-sponsored campaign is using “PingPull” and “Sword24” backdoors to target government organizations in Southeast Asia, focusing on the exfiltration of sensitive diplomatic documents. More info
Infiniti Stealer Hits macOS via ClickFix: A new Python-based malware compiled with Nuitka is targeting macOS users. It uses fake browser update prompts to steal credentials, crypto wallets, and sensitive files. More info
Pay2Key Ransomware Resurfaces: The Iran-linked group has returned with updated lateral movement tactics, using compromised VPN credentials to infiltrate networks for double-extortion attacks. More info
- EtherRAT Uses Ethereum Blockchain for C2: This Remote Access Trojan embeds instructions within blockchain transactions to obscure traffic, making it nearly impossible for traditional filters to block its C2 communications. More info
📈 Trends
Hijacked Developer Accounts on npm: A spike in malware distribution has been linked to compromised legitimate developer accounts. Attackers push malicious updates to trusted packages, highlighting the need for mandatory 2FA for maintainers. More info
PXA Stealer Targets Financial Firms: A specialized malware variant is targeting corporate finance accounts by harvesting session cookies and login credentials via sophisticated, tailored phishing lures. More info
TikTok for Business Phishing: A focused campaign is targeting professional TikTok accounts with fake “violation” or “verification” emails to harvest credentials and session tokens. More info
Modern Fraud Pipeline Analysis: Research details the evolution of fraud from automated bot signups using headless browsers to targeted account takeovers involving manual human intervention. More info
Preemptive Defense via Acalvio Shadowplex: A review of deception technology shows how creating a fabric of “honeytokens” and decoys can increase attacker costs and reduce threat dwell time. More info
💥 Breaches & Leaks
Ajax Football Club Data Breach: The Dutch club disclosed a breach that exposed fan contact details and ticket histories. The attack enabled “ticket hijacking,” where digital tickets could be redirected by attackers. More info
LeakBase Admin Arrested in Russia: Authorities have arrested the suspected owner of LeakBase, a major cybercrime forum for trading stolen databases and “combolists.” More info
⚖️ Legal & Policy
- UK Sanctions Xinbi Marketplace: The UK has imposed sanctions on the Xinbi marketplace for its role in laundering proceeds from Southeast Asian “pig butchering” scam centers. More info