Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-03 12:00 PST
- Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
The Hacker News • 2026-03-03 09:15 • thehackernews.com
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack.
The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from
https://thehackernews.com/2026/03/fake-tech-support-spam-deploys.html - Google Chrome shifts to two-week release cycle for increased stability
BleepingComputer • 2026-03-03 09:00 • www.bleepingcomputer.com
Google Chrome will shift from a four-week to a two-week release cycle to roll out new features, bug fixes, and performance improvements more frequently. […]
https://www.bleepingcomputer.com/news/security/google-chrome-shifts-to-two-week-release-cycle-for-increased-stability/ - They seized $4.8m in crypto… then gave the master key to the internet
Graham Cluley • 2026-03-03 08:09 • www.bitdefender.com
South Korea’s National Tax Service (NTS) has found itself in the middle of a deeply embarrassing – and costly – blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/they-seized-4-8m-in-crypto-then-gave-the-master-key-to-the-internet - LexisNexis confirms data breach as hackers leak stolen files
BleepingComputer • 2026-03-03 07:40 • www.bleepingcomputer.com
American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information. […]
https://www.bleepingcomputer.com/news/security/lexisnexis-confirms-data-breach-as-hackers-leak-stolen-files/ - Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
SANS ISC Diary (full) • 2026-03-03 07:01 • isc.sans.eduCrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape the VFS sandbox and achieve RCE), CVE-2025-31161 (the auth-bypass that handed over the crushadmin account on a silver platter), and the July 2025 zero-day CVE-2025-54309 that was actively exploited in the wild.
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets
BleepingComputer • 2026-03-03 07:01 • www.bleepingcomputer.com
Compromised cPanel credentials are being sold in bulk across underground channels as plug-and-play phishing and scam infrastructure. Flare explains how analyzing 200,000 underground posts reveals a commoditized market for hacked site management panels. […]
https://www.bleepingcomputer.com/news/security/compromised-site-management-panels-are-a-hot-item-in-cybercrime-markets/ - Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
The Hacker News • 2026-03-03 06:30 • thehackernews.com
Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive and organizational pressures that quietly erode SOC performance over time.
The Paradox at the Gate:
https://thehackernews.com/2026/03/building-high-impact-tier-1-3-steps.html - Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
The Hacker News • 2026-03-03 06:29 • thehackernews.com
The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks.
The new findings come from Team Cymru, which detected its use following an analysis of the IP address (“212.11.64[.]250”) that was used by the suspected
https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
