The Hacker News

⚠️ Langflow CVE-2026-33017 was exploited in 20 hours of disclosure. An exposed API runs attacker-supplied Python with no auth, enabling full server takeover. Real attacks show credential theft, file access, and staged payload delivery. 🔗 Read → https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.html

AI is making cyber attacks look normal. Phishing and malware now act like real users, not obvious threats. That breaks rule-based and signature defenses. Attackers use valid logins and stay within limits. Security now shifts to identity and real-time context. 🔗 How AI attacks bypass detection and what replaces it → https://thehackernews.com/2026/03/the-importance-of-behavioral-analytics.html

⚠️ A critical Magento flaw lets attackers upload files without login and take over stores. The issue, PolyShell, uses the REST API to upload hidden malicious files as images. This can lead to remote code execution or stored XSS. No fix for current versions yet. 🔗 Read → https://thehackernews.com/2026/03/magento-polyshell-flaw-enables.html

⚡ Google adding a 24-hour delay for installing #Android apps from unverified developers. Users must enable developer mode, reboot, and confirm again after a day. This is meant to stop #malware and scams that trick users into disabling Play Protect or giving access. 🔗 Details here → https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html

🛑 The U.S. disrupted IoT botnets behind record DDoS attacks, including a 31.4 Tbps spike in seconds. These networks hijacked millions of TVs, routers, and cameras, then sold that power for attacks and extortion. 🔗Learn more → https://thehackernews.com/2026/03/doj-disrupts-3-million-device-iot.html

⚠️ WARNING - Apple warns outdated iPhones are now exposed to mass-scale exploit kits like Coruna and DarkSword. Compromised websites can silently trigger infections and steal sensitive data from unpatched devices. 🔗 Read → https://thehackernews.com/2026/03/apple-warns-older-iphones-vulnerable-to.html

Speagle malware is abusing Cobra DocGuard to quietly steal data. It sends exfiltration through a legitimate DocGuard server, blending into normal traffic and avoiding detection. It only runs on systems with DocGuard installed, signaling targeted espionage activity. 🔗 How it hides, steals, and wipes traces → https://thehackernews.com/2026/03/speagle-malware-hijacks-cobra-docguard.html

🔥 54 EDR killers now use BYOVD, abusing 34 signed drivers to reach kernel access. Ransomware operators deploy them first to disable defenses, not evade detection inside the encryptor. Evasion has moved out—into dedicated tools built to break EDR reliably. 🔗 Tools, tactics, and defensive gaps explained → https://thehackernews.com/2026/03/54-edr-killers-use-byovd-to-exploit-34.html

⚡ WEBINAR: Security spend is rising. Breaches aren’t slowing. The gap is proof your defenses work. Continuous validation tests controls against real attacker behavior. Automate CTI-driven testing. Feed results into SOC workflows. 🔗 Live demo + practical setup → https://thehacker.news/automate-testing-security-posture

This week in ThreatsDay Bulletin… it’s the quiet stuff you shouldn’t ignore 👇 🔓 FortiGate RaaS ⚙️ ITSM → RCE 🦠 New C2 malware 🔗 Deep link exec 📡 Citrix spikes 💬 Teams → access 🎣 ClickFix backdoor 🎮 Game-borne stealers 💳 Live chat phishing 🌍 Expanding APT ops 🤖 1.75M bad apps blocked 🔐 28M+ secrets leaked Read before you miss something important → https://thehackernews.com/2026/03/threatsday-bulletin-fortigate-raas.html

⚡ 25,000 U.S. businesses already use macOS, and the number keeps growing. Yet macOS threats are still flying under the radar for most security teams. Attackers know this. 👀 And they're quietly adding more cross-platform threats to take advantage of it, targeting sensitive data. That's exactly why #ANYRUN just levelled up. The sandbox now supports #macOS alongside #Windows, #Linux, and #Android — one unified place, full visibility, faster verdicts. 👉 Close the gap before it becomes a costly one: https://thn.news/mac-threat-analysis

🛑 Perseus, a new #Android malware, enables full device takeover via Accessibility abuse. It runs live remote sessions, steals banking credentials, and scans notes apps for sensitive data. It spreads through IPTV-style apps delivered via phishing and sideloading. 🔗 Read → https://thehackernews.com/2026/03/new-perseus-android-banking-malware.html