Cybersecurity Articles

144/69 Thursday, March 12, 2026 Researchers from Aryaka have identified a cyberattack campaign targeting Human Resources (HR) departments across multiple organizations for more than a year. The attacks are delivered through spear-phishing emails that include malicious ISO files disguised as resumes, often pretending to originate from cloud services such as Dropbox. When the file is […]

143/69 Thursday, March 12, 2026 The security team of Salesforce (CSOC) has warned that threat actors are actively scanning publicly accessible Salesforce Experience Cloud websites using a modified version of AuraInspector to identify and extract sensitive data. The original AuraInspector is an open-source tool developed by Google and Mandiant to audit Salesforce Aura and Experience […]

142/69 Thursday, March 12, 2026 Security researchers from Kaspersky have discovered a new Android malware called BeatBanker, which spreads through websites designed to closely mimic the appearance of the Google Play Store in order to trick users into installing a fake Starlink app. The malware acts as a dangerous “two-in-one” threat, functioning both as a […]

141/69 Wedesday, March 11, 2026 Law enforcement agencies led by Europol, in collaboration with Microsoft and several industry partners, have successfully dismantled the infrastructure behind Tycoon 2FA, a major Phishing-as-a-Service (PhaaS) platform used to send tens of millions of phishing emails targeting more than 500,000 organizations worldwide. According to reports, by mid-2025 the service accounted […]

140/69 Wedesday, March 11, 2026 Ericsson Inc., a subsidiary of the Swedish telecommunications and networking equipment manufacturer, has disclosed a data breach resulting from a cyberattack on a third-party service provider responsible for storing employee and customer information. According to the company, unauthorized actors were able to access certain data between April 17 and April […]

139/69 Wedesday, March 11, 2026 Cybersecurity experts have identified a new malware campaign involving A0Backdoor, which specifically targets employees within global financial institutions and healthcare organizations. Attackers begin by sending large volumes of spam emails to disrupt victims. They then impersonate corporate IT staff and contact employees through Microsoft Teams, offering assistance in resolving the […]

138/69 Tuesday, March 10, 2026 Security researchers from JFrog have discovered a malicious npm package named @openclaw-ai/openclawai, uploaded on March 3, 2026. The package impersonates an installer for the OpenClaw application and is designed to spread malware on macOS systems. The package has already been downloaded more than 180 times and remains available for download. […]

137/69 Tuesday, March 10, 2026 A critical security vulnerability has been discovered in Nginx UI, tracked as CVE-2026-27944 with a CVSS score of 9.8. The flaw could allow attackers to download and decrypt server backup files without authentication, potentially exposing sensitive information such as system configurations, credentials, and encryption keys-particularly if the management interface is […]

136/69 Tuesday, March 10, 2026 Security experts from Infoblox have discovered a sophisticated phishing campaign in which attackers abuse the “.arpa” top-level domain (TLD)-a domain normally reserved for internet infrastructure-to host malicious links. The .arpa domain is typically used for infrastructure functions such as Reverse DNS lookups, where IP addresses are mapped back to hostnames. […]

135/69 Monday, March 9, 2026 Anthropic has announced the discovery of 22 previously unknown vulnerabilities in the Mozilla Firefox browser through a collaboration with Mozilla. The findings were made using the large language model Claude Opus 4.6, which analyzed Firefox source code for only two weeks in January 2026. Among the vulnerabilities discovered, 14 were […]