Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-30 08:00 PDT
- TeamPCP Supply Chain Campaign: Update 004 – Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)
SANS ISC Diary (full) • 2026-03-30 07:55 • isc.sans.eduThis is the fourth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 003 covered developments through March 28, including the first 48-hour pause in new compromises and the campaign's shift to monetization. Thi…
https://isc.sans.edu/diary/rss/32846 - Apple adds macOS Terminal warning to block ClickFix attacks
BleepingComputer • 2026-03-30 07:32 • www.bleepingcomputer.com
Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. […]
https://www.bleepingcomputer.com/news/security/apple-adds-macos-terminal-warning-to-block-clickfix-attacks/ - How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
BleepingComputer • 2026-03-30 07:01 • www.bleepingcomputer.com
AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner’s questions for evaluating AI SOC agents and separating real impact from hype. […]
https://www.bleepingcomputer.com/news/security/how-to-evaluate-ai-soc-agents-7-questions-gartner-says-you-should-be-asking/ - ⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
The Hacker News • 2026-03-30 06:56 • thehackernews.com
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention.
There’s a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring
https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html - 3 SOC Process Fixes That Unlock Tier 1 Productivity
The Hacker News • 2026-03-30 06:00 • thehackernews.com
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier 1 move faster, reduce unnecessary escalations, and improve how the entire SOC responds under pressure
https://thehackernews.com/2026/03/3-soc-process-fixes-that-unlock-tier-1.html - Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
The Hacker News • 2026-03-30 05:18 • thehackernews.com
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders.
The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling
https://thehackernews.com/2026/03/russian-ctrl-toolkit-delivered-via.html - The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
The Hacker News • 2026-03-30 04:30 • thehackernews.com
Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded.
This year’s findings reveal three core trends: AI has
https://thehackernews.com/2026/03/the-state-of-secrets-sprawl-2026-9.html - Apple’s Camera Indicator Lights
Schneier on Security • 2026-03-30 04:08 • www.schneier.comA thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording.
The reason it’s tempting to think that a dedicated camera indicator light is more secure than an on-display indicator is the fact that hardware is generally more secure than software, because it’s harder to tamper with. With hardware, a dedicated hardware indicator light can be connec…
https://www.schneier.com/blog/archives/2026/03/apples-camera-indicator-lights.html - Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
BleepingComputer • 2026-03-30 03:59 • www.bleepingcomputer.com
F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. […]
https://www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-f5-big-ip-flaw-in-attacks-patch-now/ - Microsoft pulls KB5079391 Windows update over install issues
BleepingComputer • 2026-03-30 02:38 • www.bleepingcomputer.com
Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-windows-kb5079391-update-over-0x80073712-install-errors/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
