Sami Laiho

Massive GitHub malware operation spreads BoryptGrab stealer Experts found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system info, and more

Massive GitHub malware operation spreads BoryptGrab stealer
securityaffairs.com/189110/malwa...

How AI Assistants are Moving the Security Goalposts AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers ...

krebsonsecurity.com/2026/03/how-...

EU Auto Rules Shift Gears on Cybersecurity Standards The European Union is taking new precautions as climate change and cybersecurity threats rise across the automotive industry.

EU Auto Rules Shift Gears on Cybersecurity Standards
www.darkreading.com/cyber-risk/e...

One click on this fake Google Meet update can give attackers control of your PC We found a fake Google Meet update that enrolls the victim's Windows PC in an attacker's device management system.

One click on this fake Google Meet update can give attackers control of your
PC
www.malwarebytes.com/blog/threat-...

Mobile spyware campaign impersonates Israel's Red Alert rocket warning system Acronis Threat Research Unit (TRU) has identified a targeted campaign distributing a trojanized version of the Red Alert rocket warning Android app to Israeli users via SMS messages impersonating offi...

Mobile spyware campaign impersonates Israel's Red Alert rocket warning system
www.acronis.com/en/tru/posts...

Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition | Google Cloud Blog Proactive recommendations organizations must prioritize to protect against destructive attacks within an environment.

Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
cloud.google.com/blog/topics/...

Vulnerability landscape in Q4 2025 This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 frameworks in APT attacks.

securelist.com/vulnerabilit...

The 4th quarter of 2025 went down as one of the most intense periods on
record for, critical vuln disclosures, hitting popular
libraries and mainstream applications. Several vulnerabilities were
picked up by attackers and exploited in the wild almost immediately.

Patch, track, repeat: The 2025 CVE retrospective Thor analyzes CVE data from 2025 and provides recommendations for where and how organizations should strengthen their defenses.

Patch, track, repeat: The 2025 CVE retrospective
blog.talosintelligence.com/patch-track-...

Wikipedia hit by self-propagating JavaScript worm that vandalized pages The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

Wikipedia hit by self-propagating JavaScript worm that vandalized pages
www.bleepingcomputer.com/news/securit...

FBI investigates breach of surveillance and wiretap systems The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants.

www.bleepingcomputer.com/news/securit...

Google uncovers Coruna iOS Exploit Kit targeting iOS 13–17.2.1 Google warns of the Coruna iOS exploit kit, using 23 exploits across five chains to target iPhones running iOS 13–17.2.1.

securityaffairs.com/188928/secur...

LeakBase marketplace unplugged by cops in 14 countries The action coordinated by Europol seized two of the group's domains and captured the forum's data, as well as making arrests.

www.csoonline.com/article/4141...

LatAm Now Faces 2x More Cyberattacks Than US Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage.

LatAm Now Faces 2x More Cyberattacks Than US
www.darkreading.com/threat-intel...

Abusing .arpa: The TLD That Isn’t Supposed to Host Anything The .arpa domain is being abused to host phishing content on domains that should not resolve to an IP address, but do.

Abusing .arpa: The TLD That Isn’t Supposed to Host Anything
www.infoblox.com/blog/threat-...

Look What You Made Us Patch: 2025 Zero-Days in Review | Google Cloud Blog Our analysis of 90 zero-day vulnerabilities tracked in 2025, focusing on techniques and how AI will accelerate the vulnerability landscape.

Look What You Made Us Patch: 2025 Zero-Days in Review
cloud.google.com/blog/topics/...

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Cisco warns CVE-2026-20122 and CVE-2026-20128 in Catalyst SD-WAN Manager are actively exploited; patches released across multiple software versions.

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager
Vulnerabilities
thehackernews.com/2026/03/cisc...

Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company This activity began in early February and has continued in recent days. What organizations should expect next from Iran-aligned groups and the steps they should take to guard against cyberattacks.

Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company
www.security.com/threat-intel...

Israel says it knocked out Iran’s cyber warfare headquarters But it’s unclear if the strike has fully taken out Iran’s ability to launch cyberattacks as the Middle East war expands.

Israel says it knocked out Iran’s cyber warfare headquarters
www.politico.com/news/2026/03...

Security Bulletins for HUAWEI Phones/Tablets, March 2026
URL: consumer.huawei.com/en/support/b...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.6

Google uncovers Coruna iOS Exploit Kit targeting iOS 13–17.2.1 Google warns of the Coruna iOS exploit kit, using 23 exploits across five chains to target iPhones running iOS 13–17.2.1.

securityaffairs.com/188928/secur...

Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring Lion The digital front is expanding alongside the physical one in the region, with hacktivist groups simultaneously targeting more nations in the Middle East than ever before.

Retaliatory Hacktivist DDoS Activity Following Operation Epic Fury/Roaring
Lion
www.radware.com/security/thr...

United States Leads Dismantlement of One of the World’s Largest Hacker Forums The Department of Justice announced today the seizure of the LeakBase database, one of the world’s largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools.

United States Leads Dismantlement of One of the World’s Largest Hacker Forums
www.justice.gov/opa/pr/unite...

Global phishing-as-a-service platform taken down in coordinated public-private action – Intelligence shared through Europol’s Cyber Intelligence Extension Programme leads to operational results | Euro... A major phishing-as-a-service platform used to bypass multi-factor authentication (MFA) and enable large-scale account compromise has been disrupted following a coordinated international operation sup...

Global phishing-as-a-service platform taken down in coordinated public-private
action
www.europol.europa.eu/media-press/...

Signed malware impersonating workplace apps deploys RMM backdoors | Microsoft Security Blog Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise environments. Organizations must harden certificate controls and monitor RMM ...

Signed malware impersonating workplace apps deploys RMM backdoors
www.microsoft.com/en-us/securi...

The files were digitally signed using an Extended
Validation (EV) certificate issued to TrustConnect Software PTY LTD.

Russian hackers deploy new malware in phishing campaign targeting Ukraine Researchers have identified a suspected Russian espionage campaign targeting Ukraine that uses two previously undocumented malware strains.

Russian hackers deploy new malware in phishing campaign targeting Ukraine
therecord.media/russian-ukra...

Stable Channel Update for Desktop The Stable channel has been updated to 145.0.7632.159/160 for Windows/Mac  and  145.0.7632.159 for Linux, which will roll out over the com...

Google Chrome Stable Channel Update for Desktop
URL: chromereleases.googleblog.com/2026/03/stab...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: None

dlink dir-868l ssdp command injection
URL: nvd.nist.gov/vuln/detail/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 8.9

Cisco Event Response: March 2026 Cisco Secure Firewall ASA, Secure FMC, and
Secure FTD Software Security Advisory Bundled Publication
URL: sec.cloudapps.cisco.com/security/cen...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0

ICS Advisories 2026-03-03: Hitachi Energy, Portwell Engineering, Labkotec,
Mobiliti, ePower, Everon
URL: www.cisa.gov/news-events/...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.4

Claude code abused to steal 150GB in cyberattack on Mexican agencies Hackers abused Claude Code to build exploits and steal 150GB of data in a cyberattack targeting Mexican government systems.

securityaffairs.com/188696/ai/cl...