Live Feeds
-
CISA flags actively exploited n8n RCE flaw as KEV entry
CISA has added CVE-2025-68613, a critical remote code execution flaw in n8n, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, with fixes available in patched releases published by n8n.
-
Google fixes two Chrome zero-days exploited in the wild affecting Skia and V8
Google has released Chrome security updates to fix two high-severity zero-days, CVE-2026-3909 and CVE-2026-3910, that were exploited in the wild and later added to CISA’s Known Exploited Vulnerabilities catalog.
-
Threat actors mass-scan Salesforce Experience Cloud using modified AuraInspector tool
Salesforce says threat actors are increasingly targeting publicly accessible Experience Cloud sites with a customized AuraInspector tool to exploit overly permissive guest-user configurations and gain access to sensitive information.
-
Malicious npm package posing as OpenClaw installer deploys RAT, steals macOS credentials
Researchers say a malicious npm package named @openclaw-ai/openclawai masqueraded as an OpenClaw installer, deployed a remote access trojan, and stole sensitive data from macOS systems after being uploaded by a user named openclaw-ai on March 3, 2026.
-
UNC4899 breached crypto firm after developer AirDropped trojanized file to work device
The North Korea-linked threat actor UNC4899 is suspected of breaching a cryptocurrency organization in 2025 after a developer transferred a trojanized file to a work device, leading to a cloud compromise and the theft of millions of dollars in cryptocurrency.
-
APT28 used BEARDSHELL and COVENANT to spy on Ukrainian military personnel
ESET says the Russian state-sponsored group APT28 has used two implants called BEARDSHELL and COVENANT since April 2024 to conduct long-term surveillance of Ukrainian military personnel.
-
Iran-linked MuddyWater targets U.S. networks with new Dindoor backdoor
Broadcom’s Symantec and Carbon Black Threat Hunter Team say the Iran-linked MuddyWater group embedded itself inside several U.S. organizations, including banks, airports, a non-profit, and the Israeli arm of a software company, using a newly identified backdoor named Dindoor.
-
China-linked UAT-9244 used TernDoor, PeerTime, and BruteEntry in South American telecom attacks
Cisco Talos says China-linked threat actor UAT-9244 has targeted telecommunications providers in South America since 2024, using the TernDoor, PeerTime, and BruteEntry implants across Windows, Linux, and edge devices in a campaign it says is closely associated with FamousSparrow.
-
Hikvision and Rockwell Automation CVSS 9.8 flaws added to CISA KEV catalog
CISA has added two CVSS 9.8 vulnerabilities affecting Hikvision IP cameras and Rockwell Automation ThinManager to its Known Exploited Vulnerabilities catalog, giving federal agencies until March 26, 2026, to apply mitigations or discontinue use.
-
Microsoft says ClickFix campaign used Windows Terminal to deploy Lumma Stealer
Microsoft says a widespread ClickFix campaign observed in February 2026 used Windows Terminal instead of the Run dialog to launch a multi-stage attack chain that downloaded payloads, set scheduled-task persistence, added Defender exclusions, and injected Lumma Stealer into Chrome and Edge.