The Hacker News

Latest edition of Cybersecurity recap worth reading: 🌐 PhaaS network dismantled 📱 Qualcomm 0-day exploited 🔗 iOS hit with 23-exploit chain 📡 Wi-Fi isolation bypassed 🤖 AI writes malware 🕵️ Iran targets US banks 🏴‍☠️ Phobos operator pleads guilty 🔓 WP plugin drops rogue admins 🦊 AI finds 22 Firefox vulns ☁️ AzCopy abused for exfiltration 🔑 1M+ private keys leaked 🧠 MuddyWater upgrades toolkit 📋 ClickFix drops ransomware 💀 LeakBase taken down 🪤 MCP server backdoored 📲 Fake Google page drops RAT 💸 Ransomware payments drop 8% 🌍 90 zero-days tracked in 2025 🔗 Full RECAP → https://thehackernews.com/2026/03/weekly-recap-qualcomm-0-day-ios-exploit.html

🛑 Two Chrome extensions turned malicious after an ownership transfer. Researchers say QuickLens (7,000 users) now strips security headers and pulls remote code every 5 minutes. The payload executes via hidden elements, leaving no malicious code in the extension source. 🔗 Read → https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html

⚠️ A newly tracked threat cluster is quietly breaching critical infrastructure across Asia. Unit 42 says attackers exploit web servers, plant web shells, and dump credentials with tools like Mimikatz to move across networks in aviation, energy, and government sectors. 🔗 Read → https://thehackernews.com/2026/03/web-server-exploits-and-mimikatz-used.html

🔥 OpenAI launched "Codex Security," an AI agent that finds and fixes code vulnerabilities. In testing it scanned 1.2M commits across open-source repos, uncovering 792 critical and 10,561 high-severity flaws in projects including OpenSSH, GnuTLS, PHP, and Chromium. 🔗 Details → https://thehackernews.com/2026/03/openai-codex-security-scanned-12.html

🔥 Anthropic says its #Claude model found 22 Firefox vulnerabilities while scanning ~6,000 C++ files with Mozilla. 14 were high-severity. Turning bugs into exploits proved harder: after hundreds of attempts, the AI succeeded only twice. 🔗 Read → https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html

⚡NATO has cleared #iPhone and iPad to handle classified information. The approval relies on built-in iOS and iPadOS security—no custom hardening or special software required. Germany’s BSI had already cleared the devices for classified government use. 🔗 Details on NATO approval → https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html#nato-clears-consumer-iphones-and-ipads

😮 Car tire pressure sensors may expose where you go. Researchers found TPMS sensors broadcast unchanging IDs in unencrypted radio signals. Receivers up to 40 m away can capture them and recognize the same vehicle again. That enables long-term tracking—no cameras, no line of sight. 🔗 How TPMS signals reveal vehicle movement → https://thehackernews.com/2026/03/threatsday-bulletin-redis-rce-ddr5-bot.html#tpms-signals-allow-covert-vehicle-tracking

⚡ Bitdefender says Pakistan-aligned Transparent Tribe (APT36) is targeting Indian government entities with AI-generated malware. The campaign spreads polyglot implants in Nim, Zig, and Crystal and hides C2 inside Slack, Supabase, and Google Sheets. 🔗 Inside: phishing chain, malware tools, and infrastructure → https://thehackernews.com/2026/03/transparent-tribe-uses-ai-to-mass.html

⚠️ VOID#GEIST malware delivers 3 RATs: XWorm, AsyncRAT, and Xeno RAT through a layered script chain. Phishing emails pull a batch file from TryCloudflare, open a fake invoice PDF, then use Python to decrypt shellcode and inject it into explorer.exe via Early Bird APC. 🔗 Inside the full fileless attack chain → https://thehackernews.com/2026/03/multi-stage-voidgeist-malware.html

Your shiny new AI agent can now: 🔗 Browse 🛠️ Execute code ☢️ Touch production systems Agency Gap = tools + APIs + permissions = new attack surface. Secure your agents BEFORE they get owned. 🔗 Join the webinar → https://thehacker.news/ai-agents-attack-surface

MSPs trying to scale cybersecurity hit the same wall: manual risk assessments that don’t scale. AI-powered risk management automates assessments, maps compliance, and turns findings into remediation—enabling continuous security services instead of one-off fixes. 🔗 Inside: framework for scalable risk-first cybersecurity services → https://thehackernews.com/2026/03/the-msp-guide-to-using-ai-powered-risk.html

🛑 Iran-linked hackers quietly embedded inside multiple U.S. organizations, Broadcom researchers report. The campaign is tied to MuddyWater, an #Iranian state group. Attackers deployed a Deno-based backdoor and tried exfiltrating data using Rclone to cloud storage. 🔗 Read → https://thehackernews.com/2026/03/iran-linked-muddywater-hackers-target.html