⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-03-12 05:18
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched
SANS ISC
| 2026-03-12 02:00
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The Register
| 2026-03-12 01:37
Like deleting data, exposing keys, and loading malicious content - which may be why Beijing has reportedly banned it China’s National Computer Network Emergency Response Technical Team has warned locals that the OpenClaw agentic AI tool poses significant security risks.…
SANS ISC
| 2026-03-12 01:19
[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program]
The Register
| 2026-03-11 22:18
State news published a list of nearly 30 sites that could be targeted Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran’s state-affiliated Tasnim news agency.…
Dark Reading
| 2026-03-11 22:00
Government agencies, emergency clinics, and others in Australia, New Zealand, and Tonga have had serious run-ins with the prolific ransomware outfit.
The Register
| 2026-03-11 20:40
Meanwhile, Verifone says 'no evidence' to support the digital intruders' claims A hacking crew with ties to Iran's intelligence agency claimed to be behind a global network outage at med-tech firm Stryker on Wednesday, and said the cyberattack was in response to the US-Israel airstrikes.…
Dark Reading
| 2026-03-11 20:22
Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.
BleepingComputer
| 2026-03-11 20:06
WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join. [...]
⚠️ ZERO-DAY DETECTED
BleepingComputer
| 2026-03-11 19:38
An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication. [...]
⚠️ ZERO-DAY DETECTED
BleepingComputer
| 2026-03-11 18:21
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. [...]
The Register
| 2026-03-11 17:21
150k accounts nuked, 21 suspects arrested Not every scam starts with malware or a compromised account. Sometimes all it takes is a friend request or a link shared via chat.…
BleepingComputer
| 2026-03-11 17:21
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. [...]
BleepingComputer
| 2026-03-11 17:09
New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. [...]
The Hacker News
| 2026-03-11 16:38
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps.
The attack, at its core, takes advantage of AI browsers' tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio
Krebs on Security
| 2026-03-11 16:20
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters...
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-03-11 14:51
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution.
The vulnerabilities are listed below -
CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE)
CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated
Dark Reading
| 2026-03-11 14:46
Two attacks on Qatari entities signal a shift in focus for China-backed actors and demonstrate how quickly they can pivot in response to geopolitical events.
The Register
| 2026-03-11 14:06
Blue-on-blue internal investigation lands force £66k fine The UK's data protection watchdog has fined Police Scotland £66,000 ($88,000) for what it calls a "serious failure" in handling an alleged victim's sensitive data.…
BleepingComputer
| 2026-03-11 13:29
Meta is introducing new anti-scam protections across its platforms, deploying systems and user-facing warnings to protect users against scammers. [...]
The Hacker News
| 2026-03-11 13:15
Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia.
The effort also led to 21 arrests made by the Royal Thai Police, the company said. The action builds upon
The Register
| 2026-03-11 12:31
Officials suspend Basel-Stadt trial and launch probe A Swiss canton has suspended its pilot of electronic voting after failing to count 2,048 votes cast in national referendums held on March 8.…
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-03-11 12:26
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems.
The vulnerabilities in question listed below -
CVE-2019-17571 (CVSS score: 9.8) - A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)
CVE-2026-27685 (CVSS score: 9.1) - An insecure deserialization
The Register
| 2026-03-11 12:12
17-year-old allegedly withdrew large sums of cash from ATMs Dutch police have arrested a 17-year-old boy who detectives suspect was responsible for 16 bank card frauds across the Netherlands.…
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-03-11 11:30
“You knew, and you could have acted. Why didn’t you?”
This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident.
For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing
The Register
| 2026-03-11 11:29
Advocate General urges rethink of PSD2 to speed compensation after scams Analysis One of the European Union's top legal advisors is trying to change how banks treat cybercrime victims – meaning they could enjoy greater financial protections sooner than expected.…
Schneier on Security
| 2026-03-11 11:04
Canada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Sovereign AI Compute Strategy. Will any value generated by “sovereign AI” be captured in Canada, making a difference in the lives of Canadians, or is this just a passthrough to investment in American Big Tech?
Forcing the question is OpenAI,...
⚠️ ZERO-DAY DETECTED
SANS ISC
| 2026-03-11 09:57
A new vulnerability (CVE-2026-0866) has been published: Zombie Zip.
⚠️ ZERO-DAY DETECTED
The Hacker News
| 2026-03-11 09:15
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known.
Of these, eight are rated Critical, and 76 are rated Important in severity. Forty-six of the patched vulnerabilities relate to privilege escalation, followed by 18 remote code execution, 10 information disclosure, four
The Register
| 2026-03-11 09:00
Reflecting on the relaunch of the UK Cyber Team and introducing the next phase of leadership Partner Content The UK Cyber Team is a government initiative led by the Department for Science, Innovation and Technology in partnership with SANS Institute. Its purpose is to identify, develop, and support the UK’s most promising emerging cyber talent, while ensuring the UK is represented with...