The Hacker News

🚨 A supply chain attack hit the telnyx Python package—versions 4.87.1 and 4.87.2 were backdoored to steal credentials. Malware hidden in .WAV files runs on import, exfiltrates data, persists on Windows, and runs fileless on Linux/macOS before deleting traces. 🔗 Read → https://thehackernews.com/2026/03/teampcp-pushes-malicious-telnyx.html

Cybersecurity is now tied to geopolitics. State-backed cyber operations target telecoms, infrastructure, and governments, while hacktivist groups increasingly align with national interests. 🔗 How cyber conflict is reshaping global security → https://thehackernews.com/2026/03/we-are-at-war.html

🛑 Open VSX flaw let attackers publish malicious VS Code extensions by bypassing scans. Single boolean bug treated scan failures as “nothing to scan,” so extensions passed under load and went live. 🔗 How scan failures were misread and checks skipped → https://thehackernews.com/2026/03/open-vsx-bug-let-malicious-vs-code.html

Attackers are hijacking TikTok for Business accounts using AitM phishing pages. Fake login flows use Cloudflare Turnstile to evade detection, then steal credentials for account takeover and malvertising. 🔗 Full breakdown of the TikTok phishing chain → https://thehackernews.com/2026/03/aitm-phishing-targets-tiktok-business.html

🚨 A pro-Ukraine group has carried out 70+ cyberattacks on Russian firms since 2025. Bearlyfy mixes extortion and sabotage, shifting from small companies to large enterprises with six-figure demands. It now uses custom GenieLocker ransomware. 🔗 Read → https://thehackernews.com/2026/03/bearlyfy-hits-70-russian-firms-with.html

⚠️ Three flaws in LangChain and LangGraph expose files, secrets, and chat history. Path traversal, unsafe deserialization, and SQL injection create separate paths to access sensitive data in enterprise AI apps. 🔗 Full breakdown of each CVE and impact → https://thehackernews.com/2026/03/langchain-langgraph-flaws-expose-files.html

A flaw in ClawHub let attackers fake download counts to rank #1. An exposed backend function had no auth or limits, allowing anyone to inflate downloads and push malicious skills to the top—creating false trust and enabling code execution at scale. 🔗 How attackers manipulated ClawHub rankings and spread malicious skills → https://thehackernews.com/2026/03/threatsday-bulletin-pqc-push-ai-vuln.html#bug-lets-attackers-fake-rankings

🛑 A China-linked group has embedded kernel-level sleeper implants in telecom networks since 2021. Its BPFDoor backdoor runs inside the OS, triggers via crafted packets, and enables long-term monitoring of government networks and users. 🔗 Read → https://thehackernews.com/2026/03/china-linked-red-menshen-uses-stealthy.html

⚠️ A flaw in Claude’s Chrome extension let attackers inject prompts by just visiting a page. No clicks. A hidden iframe + XSS chain made the extension treat attacker input as real user commands, enabling data theft and actions like sending emails. 🔗 How the silent prompt injection worked → https://thehackernews.com/2026/03/claude-extension-flaw-enabled-zero.html

Learn to Secure Containers | Free Certification. Transform your team into experts in practical container security. This free, self-paced course covers everything from selecting secure base images and scanning for vulnerabilities to protecting your production environment. Complete the course to earn a shareable certification badge. Start Free Course: https://thn.news/container-security-academy

🚨 Coruna turns a 2023 #iOS espionage exploit into a broader attack kit. Kaspersky confirms it reuses and evolves the Triangulation kernel exploit, now updated for newer chips and iOS versions and still actively maintained. Now bundled into 23 exploits across 5 chains and used beyond targeted ops, it shows #iPhone exploitation is scaling. 🔗 How Coruna evolved and is being deployed → https://thehackernews.com/2026/03/coruna-ios-kit-reuses-2023.html

ThreatsDay Bulletin: quick hits from a very busy week... 🔐 PQC push 🤖 AI bug finds 💿 Pirated backdoors 🧩 Wallet drainer 📱 Firmware backdoor 🎣 Phish kits rebound 📅 RMM via invites 🧠 Fileless stealer 📦 npm key theft 📊 Ranking bug abuse 🖥️ MSSQL scanner 📄 Forms malware 💬 Web3 RAT lures ☎️ Cloud fraud phones 🌐 IIS outdated 📷 CCTV abuse 🔀 TDS scams 💻 PS ransomware 🕵️ NK op exposed 🧬 Polyfill link ⚖️ Case dismissed 🔓 Password powers 📱 Android RAT 🔗 Full roundup → https://thehackernews.com/2026/03/threatsday-bulletin-pqc-push-ai-vuln.html