Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-26 08:00 PDT
- TikTok for Business accounts targeted in new phishing campaign
BleepingComputer • 2026-03-26 07:09 • www.bleepingcomputer.com
Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. […]
https://www.bleepingcomputer.com/news/security/tiktok-for-business-accounts-targeted-in-new-phishing-campaign/ - WhatsApp rolls out more AI features, iOS multi-account support
BleepingComputer • 2026-03-26 07:06 • www.bleepingcomputer.com
WhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts on iOS, and chat history transfer between iOS and Android devices. […]
https://www.bleepingcomputer.com/news/software/whatsapp-rolls-out-more-ai-features-ios-multi-account-support/ - Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
BleepingComputer • 2026-03-26 07:00 • www.bleepingcomputer.com
Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. […]
https://www.bleepingcomputer.com/news/security/inside-a-modern-fraud-attack-from-bot-signups-to-account-takeovers/ - [Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
The Hacker News • 2026-03-26 06:12 • thehackernews.com
Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control.
But one question usually stays unanswered: Would your defenses actually stop a real attack?
That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule is active, so it’s expected to catch something. But very
https://thehackernews.com/2026/03/webinar-stop-guessing-learn-to-validate.html - Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
The Hacker News • 2026-03-26 06:11 • thehackernews.com
Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page.
The flaw “allowed any website to silently inject prompts into that assistant as if the user wrote them,” Koi Security researcher Oren Yomtov said in a report shared with The Hacker News. “No clicks, no
https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html - Coruna iOS exploit framework linked to Triangulation attacks
BleepingComputer • 2026-03-26 06:10 • www.bleepingcomputer.com
The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. […]
https://www.bleepingcomputer.com/news/security/coruna-ios-exploit-framework-linked-to-triangulation-attacks/ - Russia arrests suspected owner of LeakBase cybercrime forum
BleepingComputer • 2026-03-26 05:50 • www.bleepingcomputer.com
Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. […]
https://www.bleepingcomputer.com/news/security/russia-arrests-suspected-owner-and-admin-of-leakbase-cybercrime-forum/ - Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
The Hacker News • 2026-03-26 04:58 • thehackernews.com
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit masterworks of Picasso, Matisse, and Renoir to unsuspecting collectors and renowned museums. Over the next several decades,
https://thehackernews.com/2026/03/masters-of-imitation-how-hackers-and.html - Suspected RedLine infostealer malware admin extradited to US
BleepingComputer • 2026-03-26 04:51 • www.bleepingcomputer.com
An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. […]
https://www.bleepingcomputer.com/news/security/suspected-redline-infostealer-administrator-extradited-to-us/ - ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
The Hacker News • 2026-03-26 04:45 • thehackernews.com
Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching.
There’s a little bit of everything in this one, too. Weird delivery tricks, old problems coming back in slightly worse forms, shady infrastructure doing
https://thehackernews.com/2026/03/threatsday-bulletin-pqc-push-ai-vuln.html - Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
Graham Cluley • 2026-03-26 04:27 • grahamcluley.com
A disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin – signing his extortion emails from a company called “Loot.”Meanwhile, two people drive up to the entrance of the UK’s nuclear submarine base at Faslane and politely ask if they can have a look around. Tourists? Spies? Something in between?
All this and more in episode 460 of the “Smashing Security” podcast with cybersecurity veteran Graham Cluley, and special guest Jenny Radcliffe.
https://grahamcluley.com/smashing-security-podcast-460/ - Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
The Hacker News • 2026-03-26 04:07 • thehackernews.com
The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky.
“When Coruna was first reported, the public evidence wasn’t sufficient to link its code to Triangulation — shared
https://thehackernews.com/2026/03/coruna-ios-kit-reuses-2023.html - As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
Schneier on Security • 2026-03-26 04:06 • www.schneier.comIn December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any constraints and consequences on their deployment of AI, while undermining the efforts of consumers, advocates, and industry associa…
https://www.schneier.com/blog/archives/2026/03/as-the-us-midterms-approach-ai-is-going-to-emerge-as-a-key-issue-concerning-voters.html - An AI gateway designed to steal your data
Securelist • 2026-03-26 04:01 • securelist.com
Dissecting the supply-chain attack on LiteLLM – a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.
https://securelist.com/litellm-supply-chain-attack/119257/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
