Skip to content
[email protected] (The Hacker News) Page 13

[email protected] (The Hacker News)

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are rated Critical, and 76 are… 

Read More »Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours

Ravie LakshmananMar 11, 2026DevSecOps / AI Security A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim’s cloud environment… 

Read More »UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed below – chrono_anchor dnp3times time_calibrator… 

Read More »Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials

Ravie LakshmananMar 10, 2026Network Security / Vulnerability Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks.  The activity… 

Read More »FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
New “LeakyLooker” Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

New “LeakyLooker” Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Ravie LakshmananMar 10, 2026Database Security / Vulnerability Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims’ databases and exfiltrate sensitive data… 

Read More »New “LeakyLooker” Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military

Ravie LakshmananMar 10, 2026Cyber Espionage / Threat Intelligence The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military… 

Read More »APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Ravie LakshmananMar 10, 2026Cloud Security / API Security Salesforce has warned of an increase in threat actor activity that’s aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized… 

Read More »Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool