Breaking News – Cyber Threats (last 6h)
Generated: 2026-03-11 03:00 PDT
- Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
SANS ISC • 2026-03-11 02:57 • isc.sans.eduA new vulnerability (CVE-2026-0866) has been published: Zombie Zip.
- Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
The Hacker News • 2026-03-11 02:15 • thehackernews.com
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.
Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four
https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html - UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
The Hacker News • 2026-03-11 00:31 • thehackernews.com
A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim’s cloud environment within a span of 72 hours.
The attack started with the theft of a developer’s GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data.
“The threat actor, UNC6426, then used this
https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html - Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
The Hacker News • 2026-03-10 22:12 • thehackernews.com
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.
The Rust packages, published to crates.io, are listed below –chrono_anchor
dnp3times
time_calibrator
time_calibrators
time-syncThe crates, per Socket, impersonate timeapi.io and were published between late February and early March
https://thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
