Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-18 08:00 PDT
- The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
BleepingComputer • 2026-03-18 07:05 • www.bleepingcomputer.com
Refund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. […]
https://www.bleepingcomputer.com/news/security/the-refund-fraud-economy-exploiting-major-retailers-and-payment-platforms/ - New “Darksword” iOS exploit used in infostealer attack on iPhones
BleepingComputer • 2026-03-18 07:02 • www.bleepingcomputer.com
A new exploit kit for iOS devices and delivery framework dubbed “Darksword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. […]
https://www.bleepingcomputer.com/news/security/new-darksword-ios-exploit-used-in-infostealer-attack-on-iphones/ - Nordstrom's email system abused to send crypto scams to customers
BleepingComputer • 2026-03-18 06:55 • www.bleepingcomputer.com
Customers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick’s Day promotion. […]
https://www.bleepingcomputer.com/news/security/nordstroms-email-system-abused-to-send-crypto-scams-to-customers/ - Scans for "adminer", (Wed, Mar 18th)
SANS ISC Diary (full) • 2026-03-18 06:18 • isc.sans.eduA very popular target of attackers scanning our honeypots is “phpmyadmin”. phpMyAdmin is a script first released in the late 90s, before many security concepts had been discovered. It's rich history of vulnerabilities made it a favorite target. Its alternative, “adminer”, began appearing about a decade later (https://www.adminer.org). One of its main “selling” points was simplicity. Adminer is just a single PHP file. It requires no configuration. Copy it to your server,…
https://isc.sans.edu/diary/rss/32808 - Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
The Hacker News • 2026-03-18 05:30 • thehackernews.com
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges.
The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in the LINEMODE Set
https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html - Claude Code Security and Magecart: Getting the Threat Model Right
The Hacker News • 2026-03-18 04:58 • thehackernews.com
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins.
A detailed analysis of where Claude
https://thehackernews.com/2026/03/claude-code-security-and-magecart.html - 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
The Hacker News • 2026-03-18 04:42 • thehackernews.com
Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts.
The nine vulnerabilities, discovered by Eclypsium, span four different products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. The most severe of them allow
https://thehackernews.com/2026/03/9-critical-ip-kvm-flaws-enable.html - Meta’s AI Glasses and Privacy
Schneier on Security • 2026-03-18 04:07 • www.schneier.comSurprising no one, Meta’s new AI glasses are a privacy disaster.
I’m not sure what can be done here. This is a technology that will exist, whether we like it or not.
Meanwhile, there is a new Android app that detects when there are smart glasses nearby.
https://www.schneier.com/blog/archives/2026/03/metas-ai-glasses-and-privacy.html
- ISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)
SANS ISC Diary (full) • 2026-03-18 04:05 • isc.sans.edu
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
https://isc.sans.edu/diary/rss/32806 - The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
Securelist • 2026-03-18 04:00 • securelist.com
Kaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt for this threat.
https://securelist.com/horabot-campaign/119033/ - Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
The Hacker News • 2026-03-18 03:30 • thehackernews.com
Security teams today are not short on tools or data. They are overwhelmed by both.
Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context:
Q: Which exposures, misconfigurations, and vulnerabilities chain together to create viable attack paths to crown jewels?
Even the most mature security teams can’t answer that
https://thehackernews.com/2026/03/product-walkthrough-how-mesh-csma.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
