The Hacker News

⚡ WEBINAR — Your dashboard says “all good.” Attackers see gaps. Stop guessing. Learn to validate your defenses against real attacks as experts demonstrate testing with real threat behavior to uncover gaps and prove what works. 🔗 See how it works → https://thehackernews.com/2026/03/webinar-stop-guessing-learn-to-validate.html

⚠️ A new Magento skimmer uses WebRTC data channels instead of HTTP to steal payment data. It pulls payloads and exfiltrates card details over encrypted UDP, bypassing CSP and staying invisible to most monitoring tools. Attacks are exploiting the PolyShell RCE flaw at scale. 🔗 Read → https://thehackernews.com/2026/03/webrtc-skimmer-bypasses-csp-to-steal.html

⚠️ Russia has arrested the alleged admin of LeakBase, a major cybercrime forum. 147,000+ users traded stolen data including credentials, bank info, and corporate records used for fraud and account takeovers. Authorities say user accounts, messages, and IP logs have been seized. 🔗 Read → https://thehackernews.com/2026/03/leakbase-admin-arrested-in-russia-over.html

A state-backed actor used an AI agent to run cyber ops, with 80–90% handled autonomously. Compromise an AI agent already inside your environment, and the kill chain disappears. It already has access, permissions, and normal data flows—so activity looks legitimate. 🔗 How AI agents bypass traditional detection models → https://thehackernews.com/2026/03/the-kill-chain-is-obsolete-when-your-ai.html

GlassWorm now delivers a multi-stage malware chain via malicious packages and hijacked accounts. It hides C2 in Solana memos, installs a fake Google Docs Chrome extension, and steals cookies, sessions, and crypto wallet data, with added hardware wallet phishing. 🔗 Read → https://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.html

👾 Breaches now start in the browser — Attackers exploit legit functionality, dump data, and demand ransom. Get Push Security’s 2026 Browser Attacks Report to see what teams can do. 🔗https://thn.news/browser-push-2026-t

✨ GRC Insights from Harvard Business Review. Manual oversight can’t keep pace with today’s risk environment. Learn how organizations are using AI to connect GRC across the enterprise. In this Harvard Business Review Analytic Services report, explore how AI is transforming GRC. Read The Resilient Enterprise: Using AI to Connect Governance, Risk, and Compliance to explore: • How connected platforms replace fragmented risk processes • The role of artificial risk intelligence in proactive GRC • How to scale AI responsibly across the enterprise Get your copy: https://thn.news/resilient-ai-governance

⚡ A Russian botnet operator tied to #ransomware attacks on U.S. firms has been sentenced. 2 years prison + $100K fine for co-running TA551, which sold access to hacked systems used by gangs like BitPaymer, leading to $14M+ in extortion. 🔗 How TA551 enabled ransomware attacks on 70+ companies → https://thehackernews.com/2026/03/russian-hacker-sentenced-to-2-years-for.html

🛑 A device code phishing campaign is hitting 340+ Microsoft 365 orgs using OAuth abuse. Victims enter codes on real Microsoft pages, generating access and refresh tokens attackers reuse—even after password resets. 🔗 Read → https://thehackernews.com/2026/03/device-code-phishing-hits-340-microsoft.html

Universities run complex identity systems. As Robert Kraczek (@OneIdentity) explains, high turnover and hybrid AD + Entra ID gaps leave orphaned accounts and excess access that attackers exploit. 🔗 Where higher ed identity security breaks down → https://thehackernews.com/expert-insights/2026/03/why-institutions-of-higher-education.html

🔥 The FCC is banning new foreign-made consumer routers from U.S. markets over security risks. Officials say these devices expose supply chain weaknesses and have been used in espionage and attacks on critical infrastructure. 🔗 Read → https://thehackernews.com/2026/03/fcc-bans-new-foreign-made-routers-over.html

🛑 Malicious LiteLLM versions 1.82.7–1.82.8 deploy credential theft, Kubernetes lateral movement, and a persistent backdoor. Linked to the Trivy CI/CD compromise, the payload runs on import or via .pth at Python startup, spreads across nodes, and installs a systemd service. 🔗 Full story → https://thehackernews.com/2026/03/teampcp-backdoors-litellm-versions.html