Sami Laiho

FBI investigates breach of surveillance and wiretap systems The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants.

www.bleepingcomputer.com/news/securit...

Google uncovers Coruna iOS Exploit Kit targeting iOS 13–17.2.1 Google warns of the Coruna iOS exploit kit, using 23 exploits across five chains to target iPhones running iOS 13–17.2.1.

securityaffairs.com/188928/secur...

LeakBase marketplace unplugged by cops in 14 countries The action coordinated by Europol seized two of the group's domains and captured the forum's data, as well as making arrests.

www.csoonline.com/article/4141...

LatAm Now Faces 2x More Cyberattacks Than US Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage.

LatAm Now Faces 2x More Cyberattacks Than US
www.darkreading.com/threat-intel...

Abusing .arpa: The TLD That Isn’t Supposed to Host Anything The .arpa domain is being abused to host phishing content on domains that should not resolve to an IP address, but do.

Abusing .arpa: The TLD That Isn’t Supposed to Host Anything
www.infoblox.com/blog/threat-...

Look What You Made Us Patch: 2025 Zero-Days in Review | Google Cloud Blog Our analysis of 90 zero-day vulnerabilities tracked in 2025, focusing on techniques and how AI will accelerate the vulnerability landscape.

Look What You Made Us Patch: 2025 Zero-Days in Review
cloud.google.com/blog/topics/...

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Cisco warns CVE-2026-20122 and CVE-2026-20128 in Catalyst SD-WAN Manager are actively exploited; patches released across multiple software versions.

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager
Vulnerabilities
thehackernews.com/2026/03/cisc...

Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company This activity began in early February and has continued in recent days. What organizations should expect next from Iran-aligned groups and the steps they should take to guard against cyberattacks.

Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company
www.security.com/threat-intel...

Israel says it knocked out Iran’s cyber warfare headquarters But it’s unclear if the strike has fully taken out Iran’s ability to launch cyberattacks as the Middle East war expands.

Israel says it knocked out Iran’s cyber warfare headquarters
www.politico.com/news/2026/03...

Security Bulletins for HUAWEI Phones/Tablets, March 2026
URL: consumer.huawei.com/en/support/b...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.6

Google uncovers Coruna iOS Exploit Kit targeting iOS 13–17.2.1 Google warns of the Coruna iOS exploit kit, using 23 exploits across five chains to target iPhones running iOS 13–17.2.1.

securityaffairs.com/188928/secur...

Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion The digital front is expanding alongside the physical one in the region, with hacktivist groups simultaneously targeting more nations in the Middle East than ever before.

Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring
Lion
www.radware.com/security/thr...

United States Leads Dismantlement of One of the World’s Largest Hacker Forums The Department of Justice announced today the seizure of the LeakBase database, one of the world’s largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools.

United States Leads Dismantlement of One of the World’s Largest Hacker Forums
www.justice.gov/opa/pr/unite...

Global phishing-as-a-service platform taken down in coordinated public-private action – Intelligence shared through Europol’s Cyber Intelligence Extension Programme leads to operational results | Euro... A major phishing-as-a-service platform used to bypass multi-factor authentication (MFA) and enable large-scale account compromise has been disrupted following a coordinated international operation sup...

Global phishing-as-a-service platform taken down in coordinated public-private
action
www.europol.europa.eu/media-press/...

Signed malware impersonating workplace apps deploys RMM backdoors | Microsoft Security Blog Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise environments. Organizations must harden certificate controls and monitor RMM ...

Signed malware impersonating workplace apps deploys RMM backdoors
www.microsoft.com/en-us/securi...

The files were digitally signed using an Extended
Validation (EV) certificate issued to TrustConnect Software PTY LTD.

Russian hackers deploy new malware in phishing campaign targeting Ukraine Researchers have identified a suspected Russian espionage campaign targeting Ukraine that uses two previously undocumented malware strains.

Russian hackers deploy new malware in phishing campaign targeting Ukraine
therecord.media/russian-ukra...

Stable Channel Update for Desktop The Stable channel has been updated to 145.0.7632.159/160 for Windows/Mac  and  145.0.7632.159 for Linux, which will roll out over the com...

Google Chrome Stable Channel Update for Desktop
URL: chromereleases.googleblog.com/2026/03/stab...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: None

dlink dir-868l ssdp command injection
URL: nvd.nist.gov/vuln/detail/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 8.9

Cisco Event Response: March 2026 Cisco Secure Firewall ASA, Secure FMC, and
Secure FTD Software Security Advisory Bundled Publication
URL: sec.cloudapps.cisco.com/security/cen...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0

ICS Advisories 2026-03-03: Hitachi Energy, Portwell Engineering, Labkotec,
Mobiliti, ePower, Everon
URL: www.cisa.gov/news-events/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.4

Claude code abused to steal 150GB in cyberattack on Mexican agencies Hackers abused Claude Code to build exploits and steal 150GB of data in a cyberattack targeting Mexican government systems.

securityaffairs.com/188696/ai/cl...

AI-powered attack kits go open source, and CyberStrikeAI may be just the beginning CyberStrikeAI lowers the barrier to complex cyberattacks by combining AI orchestration, MCP integration, and more than 100 offensive tools into a single, public GitHub repository.

www.csoonline.com/article/4140...

Silver Dragon Targets Organizations in Southeast Asia and Europe - Check Point Research Key Findings Introduction In recent months, Check Point Research (CPR) has been tracking a sophisticated, Chinese-aligned threat group whose activity demonstrates operational correlation with campaign...

Silver Dragon Targets Organizations in Southeast Asia and Europe
research.checkpoint.com/2026/silver-...

OAuth redirection abuse enables phishing and malware delivery | Microsoft Security Blog OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.

OAuth redirection abuse enables phishing and malware delivery
www.microsoft.com/en-us/securi...

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited Google’s March 2026 Android update patches 129 vulnerabilities, including exploited Qualcomm flaw CVE-2026-21385 and critical RCE CVE-2026-0006.

Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
thehackernews.com/2026/03/goog...

Talos on the developing situation in the Middle East Cisco Talos continues to monitor the ongoing conflict in the Middle East. As always, we will be watching closely for any cyber-related incidents that are tied to the conflict.

Talos on the developing situation in the Middle East
blog.talosintelligence.com/talos-develo...

Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages Follow us on all social media platforms @Hackread

Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages
hackread.com/pakistan-new...

StegaBin: 26 Malicious npm Packages Use Pastebin Steganograp... Socket uncovered 26 malicious npm packages tied to North Korea's Contagious Interview campaign, retrieving a live 9-module infostealer and RAT from th...

socket.dev/blog/stegabi...

Android Security Bulletin—March 2026
URL: source.android.com/docs/securit...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign.

securityaffairs.com/188767/apt/a...