Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-11 13:00 PDT
- SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
BleepingComputer • 2026-03-11 12:38 • www.bleepingcomputer.com
An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication. […]
https://www.bleepingcomputer.com/news/security/sqli-flaw-in-elementor-ally-plugin-impacts-250k-plus-wordpress-sites/ - CISA orders feds to patch n8n RCE flaw exploited in attacks
BleepingComputer • 2026-03-11 11:21 • www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. […]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-n8n-rce-flaw-exploited-in-attacks/ - Medtech giant Stryker offline after Iran-linked wiper malware attack
BleepingComputer • 2026-03-11 10:21 • www.bleepingcomputer.com
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. […]
https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-offline-after-iran-linked-wiper-malware-attack/ - New PhantomRaven NPM attack wave steals dev data via 88 packages
BleepingComputer • 2026-03-11 10:09 • www.bleepingcomputer.com
New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. […]
https://www.bleepingcomputer.com/news/security/new-phantomraven-npm-attack-wave-steals-dev-data-via-88-packages/ - Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
The Hacker News • 2026-03-11 09:38 • thehackernews.com
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps.
The attack, at its core, takes advantage of AI browsers’ tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio
https://thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html - Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
KrebsOnSecurity • 2026-03-11 09:20 • krebsonsecurity.com
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.
https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/ - Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
The Hacker News • 2026-03-11 07:51 • thehackernews.com
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution.
The vulnerabilities are listed below –CVE-2026-27577 (CVSS score: 9.4) – Expression sandbox escape leading to remote code execution (RCE)
CVE-2026-27493 (CVSS score: 9.5) – Unauthenticated
https://thehackernews.com/2026/03/critical-n8n-flaws-allow-remote-code.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
