Cybersecurity March 2026
Global headlines curated by our intelligent agents.
Latest News
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
CVE-2026-3502 (CVSS 7.8) exploited in early 2026 via TrueConf updates, enabling Havoc malware deployment across government networks
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Unit 42 found excessive P4SA permissions in Vertex AI, enabling credential theft and cloud data exposure, increasing breach risk.
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority
AI weaponizes the kill chain across hours or days, forcing continuous exposure and agentic defense to reduce exploitation risk.
Google Drive has some new tricks to help if you get hit by a ransomware attack
Google Drive can now detect ransomware activity and help restore your files, though full protection depends on your plan.
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
ChatGPT and Codex flaws patched Feb 2026 exposed DNS exfiltration and GitHub tokens, raising enterprise AI security risks.
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.
Apple Subsidiary Fined Over $500,000 for Breaching Russian Sanctions
Apple's Irish subsidiary has been fined £390,000 ($516,110) by the UK government for making payments to a sanctioned Russian streaming platform in 2022. The Office of Financial Sanctions Implementation (OFSI) said that Apple Distribution International Ltd.
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Russian CTRL toolkit spread via malicious LNK files in February 2026, routing C2 through FRP-tunneled RDP to evade detection.
If Google is serious about Android scams, there’s a bigger problem than sideloading
Google's new sideloading rules for Android ignore the Play Store's own malware problem, undermining its commitment to stopping scams.
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three China-linked clusters targeted a Southeast Asian government in 2025, deploying multiple malware families to secure persistent access.
Sunday Reboot: Addiction, VR, and how the iPhone Air doesn't suck
In this week's "Sunday Reboot," social addiction is a slippery slope for Apple's App Store, Nvidia CloudXR is a great thing for Apple Vision Pro gaming, and the iPhone Air isn't as bad as you'd think.
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Iran-linked Handala Hack breached FBI Director’s email amid MOIS domain seizures, escalating destructive cyber ops.
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
CVE-2026-3055 targets Citrix NetScaler with active reconnaissance, risking data leaks on SAML IDP setups.
TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
TA446 used leaked DarkSword on March 26 to target iOS devices, prompting Apple alerts and widening mobile espionage risks.
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked
Apple says it has no record of a successful spyware attack against any device running Lockdown Mode, the opt-in security feature it introduced in 2022. "We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device," an Apple spokesperson told TechCrunch. Lockdown Mode is available on the iPhone, iPad, and Mac, and dramatically restricts certain system features that are commonly exploited by mercenary spyware.
Apple claims a 100% protection rate with iPhone Lockdown Mode
Apple says that nobody has ever been successfully hacked when their iPhone or other device was in Lockdown Mode, showing just how vital the security feature can be.
Apple Now Sending Critical Security Alerts to iPhones Running iOS 17 and Earlier
Apple has begun pushing Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS, warning users of active web-based attacks. The alerts, which appear as a "Critical Software" notification from the Settings app, warn that Apple "is aware of attacks targeting out-of-date iOS software, including the version on your iPhone," and urge users to install a critical update to protect their device.
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
AitM phishing hijacks TikTok Business accounts via Cloudflare Turnstile evasion as SVG malware linked to BianLian targets Venezuela.
Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
Bearlyfy launched 70+ attacks since 2025 using GenieLocker ransomware, targeting Russian firms, driving high ransom payments.
LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until Feb 19, 2026 fix.
Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
81% of attacks are malware-free as AI-driven mimicry hides threats in trusted systems, increasing detection difficulty and risk.