March 2026

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper 2026-03-23 at 15:31 By Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, […]

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems 2026-03-23 at 15:31 By Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks 2026-03-23 at 15:31 By Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency

Intel’s Core Ultra 270K, 250K Plus are an appeal to cash-strapped PC enthusiasts 2026-03-23 at 15:17 By Tobias Mann More cores, higher clocks, and lower prices? What’s not to like? Review  It’s a tough time to be a PC enthusiast. Between the memory crunch and the AI boom driving up prices on storage, DDR5, and

US chip testing firm shrugged off ransomware hit as minor – then came the data leak 2026-03-23 at 15:17 By Carly Page Trio-Tech International initially said hack wasn’t ‘material,’ but then stolen data was published Trio-Tech International initially shrugged off a ransomware attack at a Singapore subsidiary as immaterial, only to reverse course days later

RSAC 2026: Uncle Sam backs out, and AI agents are everywhere 2026-03-23 at 15:17 By Brandon Vigliarolo Infosec pros descend on San Francisco kettle  When El Reg cybersecurity editor Jessica Lyons joins infosec industry colleagues in San Francisco for RSAC 2026 this week, she’s expecting agentic AI to be on everyone’s lips – at least

Is Crowdsourcing Your Security Plan a Career Risk? 2026-03-23 at 15:16 By Build meaningful insights from relationships with other security leaders. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

We Found Eight Attack Vectors Inside AWS Bedrock. Here’s What Attackers Can Do with Them 2026-03-23 at 15:16 By AWS Bedrock is Amazon’s platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware 2026-03-23 at 15:16 By Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper 2026-03-23 at 15:16 By Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4,

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems 2026-03-23 at 15:16 By Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks 2026-03-23 at 15:16 By Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure Security Agency

Built for This Moment (and All Those to Come) 2026-03-23 at 13:51 By Jason Rolleston Introducing Symantec CBX: Finally, a security platform for smaller teams fighting larger threats This article is an excerpt from SECURITY.COM View Original Source

Microsoft fixes broken Windows update days after vowing fewer broken updates 2026-03-23 at 13:50 By Richard Speed The era of reliability begins… right after this out-of-band patch Microsoft has released an out-of-band update to resolve bugs introduced by a Windows patch just days after promising improved reliability.… This article is an excerpt from The Register