The Hacker News

🚨 Attackers are abusing npm and GitHub to deliver malware disguised as dev tools. Sudo password phishing during install triggers a multi-stage chain that deploys a RAT, stealing crypto wallets, credentials, SSH keys, and tokens. 🔗 Read → https://thehackernews.com/2026/03/ghost-campaign-uses-7-npm-packages-to.html

🚨 A malvertising campaign uses tax searches to deliver kernel-level EDR killers via rogue ScreenConnect installers. Cloaking hides payloads; a signed Huawei driver is abused via BYOVD to disable Defender, Kaspersky, and SentinelOne before credential theft and lateral movement. 🔗 Read → https://thehackernews.com/2026/03/tax-search-ads-deliver-screenconnect.html

⚡ Cybersecurity tools improved, but teams still struggle with basics. Missing understanding of their own systems leads to wrong priorities, poor tool choices, and weak risk focus. More tools do not fix this. 🔗 Why security still breaks without strong foundations → https://thehackernews.com/2026/03/the-hidden-cost-of-cybersecurity.html

⚠️ ALERT: Fake resumes are infecting enterprise systems and the full attack runs in ~25 seconds. Obfuscated VBScript deploys credential stealers and a Monero miner, using Dropbox, #WordPress C2, and SMTP for exfiltration. It selectively targets domain-joined machines. 🔗 Read → https://thehackernews.com/2026/03/hackers-use-fake-resumes-to-steal.html

Security teams are using more tools—but still struggling to prioritize real risk. Focus is shifting to exposure validation and business impact, not just alerts and scans, as highlighted at Gartner’s first event. 🔗 5 key learnings shaping modern security → https://thehackernews.com/2026/03/5-learnings-from-first-ever-gartner.html

ActiveState Curated Catalog: Secure Open Source Built From Source. Introducing the ActiveState Curated Catalog: a vetted source of truth for open-source. Instead of pulling from public registries, your team accesses a private catalog of rebuilt-from-source packages to ensure security and compliance from the start. Start Free Course: https://thn.news/ai-code-catalogs

🚨 TeamPCP expanded its supply chain attack to Checkmarx GitHub Actions, deploying the same CI credential stealer used in the Trivy breach. Stolen tokens are reused to push malicious commits into other repos, enabling a cascading compromise across CI workflows. 🔗 Read → https://thehackernews.com/2026/03/teampcp-hacks-checkmarx-github-actions.html

Telegram blocked 43M+ channels in 2025, yet threat actors stayed. Yochai Corem shows they adapted—rebuilding in days, gating access, and shifting sensitive comms off-platform while keeping Telegram for scale. 🔗 How criminals evolved despite Telegram’s crackdown → https://thehackernews.com/expert-insights/2026/03/telegrams-crackdown-changed-how-threat.html

🛑 A Russian access broker was sentenced to 81 months in U.S. prison for fueling ransomware attacks. He sold network access to groups like Yanluowang, enabling dozens of intrusions and over $9M in confirmed losses across U.S. organizations. 🔗 Read → https://thehackernews.com/2026/03/us-sentences-russian-hacker-to-675.html

⚠️ Citrix patched a critical NetScaler flaw (CVSS 9.3) enabling unauthenticated memory leaks. The issue exposes sensitive appliance data when SAML IDP is enabled, alongside a second bug that can mix user sessions in gateway or AAA setups. 🔗 Read → https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

⚠️ North Korea’s Contagious Interview campaign now uses malicious VS Code projects to deploy StoatWaffle. Opening the folder can auto-run tasks.json, install Node.js if missing, and fetch stealer or RAT payloads on developer systems. 🔗 Read → https://thehackernews.com/2026/03/north-korean-hackers-abuse-vs-code-auto.html

As AI reshapes the cyber workforce, leaders need clarity and practitioners need direction. Download the 2026 Cybersecurity Workforce Report. 🔗 Download → https://thn.news/sans-workforce-2026