Mohit Kumar

Security teams are using more tools—but still struggling to prioritize real risk. Focus is shifting to exposure validation and business impact, not just alerts and scans, as highlighted at Gartner’s first event. 🔗 5 key learnings shaping modern security → thehackernews.com/2026/03/5-lear…

⚠️ Citrix patched a critical NetScaler flaw (CVSS 9.3) enabling unauthenticated memory leaks. The issue exposes sensitive appliance data when SAML IDP is enabled, alongside a second bug that can mix user sessions in gateway or AAA setups. 🔗 Read → thehackernews.com/2026/03/citrix…

🚨 TeamPCP expanded its supply chain attack to Checkmarx GitHub Actions, deploying the same CI credential stealer used in the Trivy breach. Stolen tokens are reused to push malicious commits into other repos, enabling a cascading compromise across CI workflows. 🔗 Read → thehackernews.com/2026/03/teampc…

Biggest security stories this week 👇 🔥 Trivy backdoor — CI/CD worm 🤖 4 DDoS botnets down 📱 iOS DarkSword — 6 vulns 🦠 Android malware in IPTV apps 🔓 Cisco FMC 0-day exploited ⚡ Langflow RCE in 20h 🕵️ FBI buys location data 🌐 WhatsApp testing usernames 🐻 APT28 toolkit leak 💀 373K domains seized 🎯 Phishing hits Pakistan energy 🧠 VoidStealer bypasses Chrome ABE 💰 Beast ransomware leak 📦 Malicious npm account hijack 🎣 OpenClaw devs crypto phishing 🇨🇳 China PQC standards 🚨 25+ critical CVEs exploited Full cybersecurity recap → thehackernews.com/2026/03/weekly…

⚠️ WARNING - A Trivy-linked supply chain attack has escalated into a self-propagating npm worm now spreading across dozens of packages. It steals npm tokens, republishes itself, and spreads through developer machines and CI. Uses an ICP canister to rotate payloads and resist takedowns. 🔗 How the worm spreads and updates payloads → thehackernews.com/2026/03/trivy-…

🛑 ALERT - Trivy, a popular open-source vulnerability scanner, was compromised after attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer. It ran in CI pipelines, stealing creds and tokens, then exfiltrating data or staging it via stolen GitHub PATs. 🔗 Attack flow, impacted versions, fixes → thehackernews.com/2026/03/trivy-…

⚡ Google adding a 24-hour delay for installing #Android apps from unverified developers. Users must enable developer mode, reboot, and confirm again after a day. This is meant to stop #malware and scams that trick users into disabling Play Protect or giving access. 🔗 Details here → thehackernews.com/2026/03/google…

⚠️ A critical Magento flaw lets attackers upload files without login and take over stores. The issue, PolyShell, uses the REST API to upload hidden malicious files as images. This can lead to remote code execution or stored XSS. No fix for current versions yet. 🔗 Read → thehackernews.com/2026/03/magent…

⚠️ WARNING - Apple warns outdated iPhones are now exposed to mass-scale exploit kits like Coruna and DarkSword. Compromised websites can silently trigger infections and steal sensitive data from unpatched devices. 🔗 Read → thehackernews.com/2026/03/apple-…

⚡ WEBINAR: Security spend is rising. Breaches aren’t slowing. The gap is proof your defenses work. Continuous validation tests controls against real attacker behavior. Automate CTI-driven testing. Feed results into SOC workflows. 🔗 Live demo + practical setup → thehacker.news/automate-testi…

🔥 54 EDR killers now use BYOVD, abusing 34 signed drivers to reach kernel access. Ransomware operators deploy them first to disable defenses, not evade detection inside the encryptor. Evasion has moved out—into dedicated tools built to break EDR reliably. 🔗 Tools, tactics, and defensive gaps explained → thehackernews.com/2026/03/54-edr…

This week in ThreatsDay Bulletin… it’s the quiet stuff you shouldn’t ignore 👇 🔓 FortiGate RaaS ⚙️ ITSM → RCE 🦠 New C2 malware 🔗 Deep link exec 📡 Citrix spikes 💬 Teams → access 🎣 ClickFix backdoor 🎮 Game-borne stealers 💳 Live chat phishing 🌍 Expanding APT ops 🤖 1.75M bad apps blocked 🔐 28M+ secrets leaked Read before you miss something important → thehackernews.com/2026/03/threat…

🚨 WARNING - A new #iOS exploit kit, DarkSword, has been active since late 2025 across multiple threat groups. It targets #iPhone on iOS 18.4–18.7, chaining zero-days to gain full access and rapidly extract data—files, messages, credentials, and crypto wallets—then wipe traces within minutes. 🔗 DarkSword details here → thehackernews.com/2026/03/darksw…

🛑 Shai-Hulud 2.0 ran code before security scans, quietly breaking CI/CD at the source. As Jonny Rivera from @ActiveState explains, it stole cloud credentials and turned GitHub runners into attacker-controlled botnets—long before detection kicked in. Fix: control what enters the pipeline. 🔗 How curated catalogs stop pre-install attacks → thehackernews.com/expert-insight…

⚠️ Amazon says Interlock #ransomware exploited a Cisco firewall flaw rated 10.0 CVSS as a zero-day weeks before disclosure. Attackers gained root access via insecure deserialization, then deployed RATs, proxies, and persistence tools. 🔗 Read → thehackernews.com/2026/03/interl…

AI comes with potential risks and vulnerabilities, but you can protect your workers and your organization. One of the best places to start is with a comprehensive AI usage policy. This template provides: ✅ A definition of artificial intelligence ✅ A breakdown of acceptable and prohibited AI use ✅ Customizable guidelines for training, human oversight, accountability, and amendments 🔗 Get your AI employee usage policy template → thn.news/ai-policy-guide

⚠️ Low-cost IP KVM devices expose a direct path to full system takeover. Researchers found 9 flaws across 4 devices, including unauthenticated root access and remote code execution. Operating below the OS, they let attackers bypass security tools and maintain silent, persistent control. 🔗 Read → thehackernews.com/2026/03/9-crit…

⚠️ CERT/CC warns a ZIP flaw tracked as CVE-2026-0866 lets attackers hide malware using malformed archive headers. Security tools trust the header and miss the payload, while it can still be extracted and executed with the right method. It breaks how AV and EDR validate files. 🔗 How Zombie ZIP bypasses detection and runs payloads → #zip-evasion-technique" target="_blank" rel="nofollow noopener">thehackernews.com/2026/03/threat…

🛑 A Magecart skimmer hid its payload in a favicon’s EXIF metadata, never entering the codebase. A fake CDN script fetched the image, decoded a hidden URL, and executed it in the browser. No repo changes. No scan alerts. Payment data was exfiltrated at checkout. 🔗 Loader chain and why static tools missed it → thehackernews.com/2026/03/claude…

⚠️ WARNING - An unpatched critical telnetd bug (CVE-2026-32746) lets attackers gain full system access with no credentials. One connection to port 23 is enough to trigger memory corruption and execute code as root. No patch yet. Prior telnet flaw is already exploited in the wild. 🔗Read → thehackernews.com/2026/03/critic…