174/69 Thursday, March 26, 2026 Google has released Chrome 146 to address eight high-severity vulnerabilities, primarily related to memory safety issues affecting seven different components of the browser. The most notable flaw, CVE-2026-4673, is a heap buffer overflow in WebAudio, for which the researcher received a $7,000 bug bounty reward. Another issue, CVE-2026-4677, involves an […]
173/69 Thursday, March 26, 2026 QualDerm Partners, a U.S.-based provider of dermatology clinic management services, has disclosed a data breach that occurred in December 2025, affecting more than 3.1 million individuals. The incident involved unauthorized access to the company’s internal systems, allowing attackers to exfiltrate sensitive data. QualDerm supports multiple dermatology clinics by providing administrative, […]
172/69 Thursday, March 26, 2026 The Federal Communications Commission (FCC) has announced a major escalation in cybersecurity measures by adding consumer-grade routers manufactured outside the United States to its Covered List. This move means that new router models not produced domestically will no longer be eligible for authorization to be marketed or sold in the […]
171/69 Wednesday, March 25, 2026 Law enforcement agencies from 23 countries, led by German authorities and Europol, have successfully carried out “Operation Alice”, targeting one of the largest fraudulent networks on the dark web. The operation resulted in the takedown of more than 373,000 onion domains. The investigation began in 2021, initially focusing on a […]
170/69 Wednesday, March 25, 2026 Cybersecurity firm Resecurity has reported the discovery of threat activity linked to a cyber threat group known as Nasir Security, which is targeting energy sector organizations across the Middle East. The activity comes amid heightened regional security tensions, particularly within Gulf Cooperation Council (GCC) countries. The energy sector remains a […]
169/69 Wednesday, March 25, 2026 Security researchers have identified a rapidly spreading new worm named CanisterWorm, active since March 20, 2026. The campaign is attributed to the hacker group TeamPCP, which leveraged a software supply chain attack by embedding malicious code into more than 45 npm packages. The compromise is believed to stem from stolen […]
168/69 Tuesday, March 24, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. These vulnerabilities carry CVSS scores ranging from 7.8 to 10.0 and include issues such as buffer overflow, improper locking, and […]
167/69 Tuesday, March 24, 2026 Oracle has released security updates to address a critical vulnerability tracked as CVE-2026-21992 (CVSS score: 9.8), affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw allows unauthenticated attackers to exploit the systems remotely over HTTP, potentially leading to Remote Code Execution (RCE). Successful exploitation could result in full […]
166/69 Tuesday, March 24, 2026 Since February 27, 2026, cybersecurity researchers from Netcraft have identified a large-scale attack campaign targeting websites running the popular e-commerce platform Magento. More than 7,500 domains have been compromised through website defacement, affecting over 15,000 hostnames globally. The attack involves uploading simple text files (.txt) directly into website infrastructures, impacting […]
165/69 Monday, March 23, 2026 The ransomware group WorldLeaks added the City of Los Angeles to its leak site on March 20, 2026, claiming it had stolen approximately 159.9 GB of data across 779 files. The group operates as a cybercriminal network focused on data exfiltration and extortion, pressuring victims to pay in exchange for […]
