Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-13 03:00 PDT
- Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
The Hacker News • 2026-03-13 02:17 • thehackernews.com
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.
The list of vulnerabilities is as follows –CVE-2026-3909 (CVSS score: 8.8) – An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML
https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html - Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
The Hacker News • 2026-03-13 01:18 • thehackernews.com
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel’s AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees.
The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The
https://thehackernews.com/2026/03/nine-crackarmor-flaws-in-linux-apparmor.html - Starbucks discloses data breach affecting hundreds of employees
BleepingComputer • 2026-03-13 01:16 • www.bleepingcomputer.com
Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. […]
https://www.bleepingcomputer.com/news/security/starbucks-discloses-data-breach-affecting-hundreds-of-employees/ - A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
SANS ISC Diary (full) • 2026-03-13 00:20 • isc.sans.eduOn Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because the accompanying credential stealing web page was dynamically constructed using React and used a legitimate e-mail service for credential collection.
- Google fixes two new Chrome zero-days exploited in attacks
BleepingComputer • 2026-03-12 23:56 • www.bleepingcomputer.com
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. […]
https://www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/ - Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
The Hacker News • 2026-03-12 22:26 • thehackernews.com
A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud.
“SocksEscort infected home and small business internet routers with malware,” the U.S. Department of Justice (DoJ) said. “The malware allowed SocksEscort to direct internet
https://thehackernews.com/2026/03/authorities-disrupt-socksescort-proxy.html - Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
The Hacker News • 2026-03-12 21:15 • thehackernews.com
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.
The vulnerabilities are as follows –CVE-2026-21666 (CVSS score: 9.9) – A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
CVE-2026-21667 (
https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
