OpenAI Rolls Out ChatGPT Library to Store Your Personal Files
OpenAI has introduced a new "Library" feature for ChatGPT that lets Plus, Pro and Business users store uploaded files and images in a dedicated cloud location. The library appears automatically in the sidebar and retains files even after the originating chat is deleted. The feature rolls out globally except for the European Economic Area, Switzerland and the United Kingdom. Files remain on OpenAI’s servers until users manually delete them, with a full purge occurring within 30 days of deletion.
Mazda Discloses Security Breach Exposing Employee and Partner Data
Mazda Motor Corp disclosed a security incident that exposed personal data of employees and business partners. The breach, discovered in December, involved 692 records and originated from a vulnerability in a warehouse‑management system used for parts sourced from Thailand. No...
Tycoon2FA Phishing Platform Returns After Recent Police Disruption
The Tycoon2FA phishing‑as‑a‑service platform, disrupted by Microsoft and Europol in early March, has rebounded to pre‑disruption activity levels within days. Law‑enforcement seized 330 domains that hosted its control panels and phishing pages, but the takedown proved temporary. CrowdStrike observed daily...
TeamPCP Deploys Iran-Targeted Wiper in Kubernetes Attacks
TeamPCP, the group behind the recent Trivy supply‑chain breach and the CanisterWorm campaign, has rolled out a new destructive payload that targets Kubernetes clusters configured for Iran. The malware deploys a privileged DaemonSet called "Host‑provisioner‑iran" to wipe host files and...
VoidStealer Malware Steals Chrome Master Key via Debugger Trick
VoidStealer, a malware‑as‑a‑service platform, now bypasses Chrome’s Application‑Bound Encryption by attaching a debugger and setting hardware breakpoints to capture the v20_master_key in plaintext. The technique extracts the master key directly from memory during browser startup, requiring no privilege escalation or...
Microsoft Azure Monitor Alerts Abused for Callback Phishing Attacks
Microsoft Azure Monitor alerts are being exploited to send phishing emails that appear to originate from the legitimate azure‑noreply@microsoft.com address. Attackers create custom alert rules with malicious descriptions, causing the platform to email victims billing‑style warnings and a callback phone...
How CISOs Can Survive the Era of Geopolitical Cyberattacks
Geopolitical cyber threats are shifting from ransomware to destructive wiper campaigns, exemplified by Iran‑linked Handala’s March 2026 attack on Stryker that crippled operations in 79 countries. The article outlines a five‑step containment playbook for CISOs, emphasizing credential protection, zero‑trust network segmentation,...
Navia Discloses Data Breach Impacting 2.7 Million People
Navia Benefit Solutions disclosed a breach that affected nearly 2.7 million individuals, exposing personal identifiers such as names, dates of birth, Social Security numbers, and contact details. The unauthorized actors accessed Navia’s systems from December 22, 2025, to January 15, 2026, with the breach discovered...
ConnectWise Patches New Flaw Allowing ScreenConnect Hijacking
ConnectWise has issued a critical patch for ScreenConnect after uncovering CVE‑2026‑3564, a cryptographic signature verification flaw affecting versions prior to 26.1. The vulnerability enables attackers to extract ASP.NET machine keys and forge authenticated sessions, potentially leading to unauthorized access and...
Ransomware Gang Exploits Cisco Flaw in Zero-Day Attacks Since January
The Interlock ransomware gang has been leveraging a maximum‑severity remote code execution flaw (CVE‑2026‑20131) in Cisco Secure Firewall Management Center since late January, giving them a 36‑day zero‑day window before Cisco’s public advisory on March 4, 2026. The exploit permits unauthenticated attackers...
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
Refund fraud has morphed into a structured underground market where actors sell step‑by‑step tutorials and services for exploiting retailer return and payment dispute processes. Flare researchers analyzed 3,686 posts, uncovering a commercial ecosystem pricing guides between $50 and $300 and...
Nordstrom's Email System Abused to Send Crypto Scams to Customers
Nordstrom customers received fraudulent emails appearing to come from the retailer’s official address, promoting a St. Patrick’s Day cryptocurrency “double‑your‑deposit” scheme. The messages were sent through Salesforce Marketing Cloud after an Okta‑SSO compromise and promised a 200% return within two hours,...
Apple Pushes First Background Security Improvements Update to Fix WebKit Flaw
Apple has rolled out its first Background Security Improvements update to address WebKit vulnerability CVE‑2026‑20643 across iPhone, iPad, and Mac devices. The flaw allowed malicious web content to bypass the Same Origin Policy via the Navigation API, and was patched...
Top 5 Things CISOs Need to Do Today to Secure AI Agents
Agentic AI is reshaping enterprises by giving autonomous software agents the ability to write code, move data, and execute transactions without human oversight. Traditional AI security relies on prompt filtering and output monitoring, which only constrain behavior after access is...
Betterleaks, a New Open-Source Secrets Scanner to Replace Gitleaks
Betterleaks, an open‑source secrets scanner created by the original Gitleaks author, aims to supersede Gitleaks with a faster, more accurate engine. It scans directories, files, and Git repositories using customizable CEL rules and BPE tokenization, achieving 98.6% recall on the...
AppsFlyer Web SDK Hijacked to Spread Crypto-Stealing JavaScript Code
This week the AppsFlyer Web SDK was temporarily hijacked, delivering obfuscated JavaScript that intercepted cryptocurrency wallet addresses entered on client sites and swapped them for attacker‑controlled wallets. The malicious payload was served from the official domain between March 9 22:45 UTC and March 11,...
Microsoft: Windows 11 Users Can't Access C: Drive on some Samsung PCs
Microsoft is investigating a Windows 11 issue on Samsung laptops after the February 2026 security updates, where users lose access to the C:\ drive and cannot launch key applications. The error, “C:\ is not accessible – Access denied,” affects Galaxy Book 4 and...
Poland's Nuclear Research Centre Targeted by Cyberattack
Poland’s National Centre for Nuclear Research (NCBJ) detected and blocked a cyberattack on its IT infrastructure before any damage occurred. The institute’s security systems and rapid response prevented compromise of the MARIA research reactor, which continued operating at full power....
From VMware to What’s Next: Protecting Data During Hypervisor Migration
Broadcom’s 2023 acquisition of VMware has sparked a wave of hypervisor migrations, with Gartner forecasting a 35% workload loss by 2028. Organizations are moving to alternatives such as Hyper‑V, Azure Stack HCI, Nutanix AHV, Proxmox VE, and KVM, but the...
Police Sinkholes 45,000 IP Addresses in Cybercrime Crackdown
Operation Synergia III, an Interpol‑led crackdown from July 2025 to January 2026, sinkholed roughly 45,000 malicious IP addresses and seized 212 servers across 72 countries. The operation resulted in 94 arrests, with another 110 suspects under investigation, and uncovered over 33,000 phishing and fraudulent...
Starbucks Discloses Data Breach Affecting Hundreds of Employees
Starbucks announced a data breach that compromised 889 of its Partner Central employee accounts, exposing names, Social Security numbers, dates of birth, and banking details. The intrusion, traced to credential theft via spoofed login sites, occurred between Jan 19 and Feb 11,...
Google Fixes Two New Chrome Zero-Days Exploited in Attacks
Google issued emergency updates on March 13 2026 to fix two high‑severity Chrome zero‑day flaws—CVE‑2026‑3909 in the Skia graphics library and CVE‑2026‑3910 in the V8 JavaScript/WebAssembly engine. Both vulnerabilities were confirmed to be exploited in the wild, prompting rapid patches for the...
Canadian Retail Giant Loblaw Notifies Customers of Data Breach
Lobster Companies Limited, Canada’s largest food and pharmacy retailer, disclosed a breach affecting a non‑critical segment of its IT network. Hackers accessed basic customer information, including names, phone numbers and email addresses, but no financial, health, or password data appears...
US Charges Another Ransomware Negotiator Linked to BlackCat Attacks
The U.S. Department of Justice has charged former DigitalMint ransomware negotiator Angelo Martino with conspiracy to interfere with interstate commerce by extortion. Martino allegedly supplied BlackCat (ALPHV) operators with confidential negotiation details and received a 20% cut of ransom payments...
SQLi Flaw in Elementor Ally Plugin Impacts 250k+ WordPress Sites
A critical SQL injection flaw (CVE‑2026‑2413) was found in Elementor's Ally plugin, affecting all versions up to 4.0.3 and potentially exposing data on more than 250,000 WordPress sites. The vulnerability allows unauthenticated attackers to inject malicious SQL via a URL...
New PhantomRaven NPM Attack Wave Steals Dev Data via 88 Packages
Security researchers have identified a new wave of the PhantomRaven supply‑chain campaign targeting the npm registry. Between November 2025 and February 2026, Endor Labs discovered 88 malicious packages distributed through 50 disposable accounts, many employing slopsquatting and Remote Dynamic Dependencies...
New BeatBanker Android Malware Poses as Starlink App to Hijack Devices
BeatBanker is a new Android malware that masquerades as a Starlink app on counterfeit Google Play Store pages, tricking users into side‑loading the malicious APK. The payload blends a banking trojan, the BTMOB remote‑access trojan, and a Monero XMRig miner,...
New 'Zombie ZIP' Technique Lets Malware Slip Past Security Tools
Researchers at Bombadil Systems have identified a new “Zombie ZIP” technique that manipulates ZIP headers to hide malicious payloads from antivirus and endpoint detection and response tools. By marking the compression method as STORED while actually using DEFLATE, scanners read...
Microsoft March 2026 Patch Tuesday Fixes 2 Zero-Days, 79 Flaws
Microsoft released its March 2026 Patch Tuesday update, delivering security patches for 79 vulnerabilities across Windows, Azure, .NET, and Office products. The bulletin includes two publicly disclosed zero‑day flaws, though Microsoft says neither has been observed in the wild. Among the...
HPE Warns of Critical AOS-CX Flaw Allowing Admin Password Resets
Hewlett Packard Enterprise has released patches for multiple vulnerabilities in Aruba Networking’s AOS‑CX operating system, the most severe being CVE‑2026‑23813, a critical authentication‑bypass that allows unauthenticated actors to reset admin passwords. The flaw resides in the web‑based management interface of...
New KadNap Botnet Hijacks ASUS Routers to Fuel Cybercrime Proxy Network
A new botnet named KadNap has infected roughly 14,000 ASUS routers and other edge devices since August 2025, forming a peer‑to‑peer network that communicates via a custom Kademlia Distributed Hash Table protocol. The decentralized architecture makes its command‑and‑control infrastructure harder...
The New Turing Test: How Threats Use Geometry to Prove 'Humanness'
Picus Security’s Red Report 2026, which examined over 1.1 million malicious files, reveals a decisive move toward stealthy, evasion‑centric malware. Virtualization and sandbox‑evasion (ATT&CK T1497) now appear in 20 % of samples, ranking as the fourth most‑used technique in 2025. Modern payloads perform system...
CISA: Recently Patched Ivanti EPM Flaw Now Actively Exploited
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has classified the high‑severity Ivanti Endpoint Manager vulnerability CVE‑2026‑1603 as actively exploited and placed it in the Known Exploited Vulnerabilities catalog. The flaw, which allows unauthenticated cross‑site scripting to bypass authentication and steal...
FBI Warns of Phishing Attacks Impersonating US City, County Officials
The FBI has issued a public service announcement warning that cybercriminals are impersonating city and county planning and zoning officials to defraud businesses and individuals applying for land‑use permits. Attackers harvest publicly available permit data, craft emails from non‑government domains,...
EU Court Adviser Says Banks Must Immediately Refund Phishing Victims
Advocate General Athanasios Rantos of the EU Court of Justice issued an opinion that banks must instantly refund victims of unauthorized phishing transactions under the EU Payment Services Directive (PSD2), unless they have reasonable grounds to suspect fraud. The opinion...
Termite Ransomware Breaches Linked to ClickFix CastleRAT Attacks
Velvet Tempest, a long‑standing ransomware affiliate, leveraged a ClickFix malvertising lure to breach a U.S. nonprofit’s network of 3,000+ endpoints. The group performed hands‑on AD reconnaissance, harvested Chrome credentials, and staged the DonutLoader and CastleRAT backdoor, but stopped short of...
Microsoft: Hackers Abusing AI at Every Stage of Cyberattacks
Microsoft’s threat‑intelligence report reveals that cyber‑criminals are increasingly embedding generative AI across the entire attack lifecycle. Threat groups use large language models to draft phishing emails, create fake professional identities, and accelerate malware development. The report highlights specific North Korean...
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
EC‑Council unveiled its Enterprise AI Credential Suite, adding four role‑based AI certifications and an updated Certified CISO v4 program. The launch targets the estimated 700,000 U.S. workers needing AI and cybersecurity reskilling and the $5.5 trillion global AI risk exposure identified by...
Microsoft 365 Backup to Add File-Level Restore for Faster Recovery
Microsoft announced that Microsoft 365 Backup will soon support file‑ and folder‑level restores for SharePoint and OneDrive, moving beyond its current site‑wide recovery model. The granular restore lets administrators browse backup points, search, and pull specific items, cutting recovery time dramatically. The...
Ghanain Man Pleads Guilty to Role in $100 Million Fraud Ring
A 40‑year‑old Ghanaian national, Derrick Van Yeboah, pleaded guilty to conspiracy to commit wire fraud. He was a senior member of a fraud operation that stole more than $100 million from U.S. victims through romance scams and business‑email‑compromise attacks between 2016...
Chinese State Hackers Target Telcos with New Malware Toolkit
Chinese state‑linked APT group UAT‑9244 has been compromising telecom service providers across South America since 2024. The campaign deploys three previously undocumented malware families—TernDoor, a Windows backdoor using DLL side‑loading; PeerTime, a multi‑architecture Linux ELF backdoor that leverages BitTorrent for...
Wikipedia Hit by Self-Propagating JavaScript Worm that Vandalized Pages
The Wikimedia Foundation experienced a self‑propagating JavaScript worm that briefly hijacked both user‑level and site‑wide scripts, injecting malicious loaders into MediaWiki:Common.js and dozens of user common.js files. The worm originated from a test script on Russian Wikipedia and was triggered...
FBI Arrests Suspect Linked to $46M Crypto Theft From US Marshals
The FBI, in coordination with France's elite Gendarmerie unit, arrested John Daghita on Saint Martin for allegedly stealing more than $46 million in cryptocurrency seized by the U.S. Marshals Service. Daghita, the son of a government‑contractor CEO, is accused of abusing his...
Bitwarden Adds Support for Passkey Login on Windows 11
Bitwarden announced native support for Windows 11 passkey login, letting users authenticate with credentials stored in their encrypted vault. The feature works across all plans, including the free tier, and uses a QR‑code flow to confirm the passkey on a mobile...
Mail2Shell Zero-Click Attack Lets Hackers Hijack FreeScout Mail Servers
Researchers at OX Security disclosed a maximum‑severity zero‑click vulnerability (CVE‑2026‑28289) in the open‑source FreeScout help‑desk platform. By embedding a zero‑width space before a malicious filename, attackers can bypass recent upload filters and achieve remote code execution through a single crafted...
Windows 10 KB5075039 Update Fixes Broken Recovery Environment
Microsoft released KB5075039, a Windows 10 update that restores the Windows Recovery Environment (WinRE) after the October 2025 KB5068164 patch broke it. WinRE is essential for offline system repair, malware removal, and OS restoration. The fix requires a hidden WinRE partition of...
Cisco Warns of Max Severity Secure FMC Flaws Giving Root Access
Cisco has issued emergency patches for two maximum‑severity flaws in its Secure Firewall Management Center (FMC) software. The authentication‑bypass vulnerability (CVE‑2026‑20079) lets unauthenticated attackers gain root access, while the remote code execution bug (CVE‑2026‑20131) permits arbitrary Java code execution as...
Hacker Mass-Mails HungerRush Extortion Emails to Restaurant Patrons
Customers of restaurants using the HungerRush point‑of‑sale platform received extortion emails claiming the attacker possessed millions of customer records, including credit‑card details. The messages were sent through Twilio SendGrid, passing SPF, DKIM and DMARC checks, making them appear authentic from...
Europol-Coordinated Action Disrupts Tycoon2FA Phishing Platform
Europol coordinated an international operation that dismantled the Tycoon2FA phishing‑as‑a‑service platform. Law enforcement seized 330 domains supporting the service’s infrastructure across six European countries. The platform, active since August 2023, had been delivering tens of millions of phishing emails each month,...
LexisNexis Confirms Data Breach as Hackers Leak Stolen Files
LexisNexis Legal & Professional confirmed a breach after hackers exploited an unpatched React frontend, using the React2Shell vulnerability to access its AWS environment. The threat actor FulcrumSec leaked over 2 GB of data, including 21,042 customer accounts, 45 attorney password hashes,...