Tag: supply-chain

Ransomware Devastates Oceania Healthcare While New Threats Target Critical Infrastructure

Healthcare systems across Australia, New Zealand, and Tonga face ransomware attacks from the INC group while Chinese state-backed actors shift focus to Qatar amid regional tensions. Supply chain attacks compromise GitHub Actions and new malware variants target HR departments with EDR evasion capabilities.

Mar 12, 2026Dark Reading, Infosecurity Magazine

ransomwarehealthcaresupply-chain

🇺🇸Google

criticalMalware & Threats

Week in Malware: CISA Adds n8n to KEV, Iran-Linked Wiper Hits Medical Giant

CISA added an actively exploited n8n RCE vulnerability to its KEV catalog, mandating federal patches by March 25. Meanwhile, Iranian-linked Handala group deployed wiper malware against medical technology giant Stryker.

Mar 12, 2026BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Bitdefender Labs

ransomwaresupply-chaincisa-kev

🇷🇺BlackCat

🇺🇸Google🇺🇸Meta Platforms

highVulnerabilities & Exploits

March Patch Tuesday: Microsoft Fixes 84 Flaws Including Zero-Days, Supply Chain Attacks Surge

Microsoft's March Patch Tuesday addresses 84 vulnerabilities including two publicly known zero-days, while concurrent supply chain attacks target npm and Rust ecosystems. Active campaigns exploit FortiGate devices and router botnets demonstrate continued infrastructure targeting.

Mar 11, 2026The Hacker News, Qualys, SANS ISC, MSRC Security Updates

patch-tuesdaymicrosoftsupply-chain

🇺🇸Google

criticalVulnerabilities & Exploits

CISA KEV Updates, APT28 Campaign, and Agentic AI Security Challenges

CISA flagged three actively exploited vulnerabilities for immediate patching while APT28 continues surveillance operations against Ukrainian forces. Meanwhile, the cybersecurity community grapples with new attack vectors in AI agents and supply chain compromises.

Mar 10, 2026The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates

cisa-kevapt28agentic-ai

🇷🇺APT28

mediumPrivacy & Surveillance

Dutch Defense Secretary Proposes Jailbreaking F-35 Jets to Reduce US Software Dependency

The Dutch Defense Secretary has proposed jailbreaking F-35 fighter jets to accept third-party software, reflecting growing international concerns about dependency on US-controlled maintenance and software updates for critical defense systems.

Mar 10, 2026Schneier on Security

supply-chaindefense-systemsjailbreaking

highMalware & Threats

AI Agent Hackerbot-Claw Compromises Microsoft, DataDog, and CNCF GitHub Repositories

Pillar Security identified Hackerbot-Claw, an AI-powered attack agent that leveraged natural language capabilities to successfully compromise GitHub repositories from major organizations including Microsoft, DataDog, and the Cloud Native Computing Foundation. The agent, part of a campaign called Chaos Agent, demonstrated the ability to hijack developer tools through automated attacks.

Mar 9, 2026Hackread

ai-malwaregithub-securitysupply-chain

mediumVulnerabilities & Exploits

Chrome Extensions Go Rogue After Ownership Transfer: Weekly Security Roundup

Two Chrome extensions became malicious following ownership transfers, allowing attackers to inject code and steal user data. Meanwhile, mid-market organizations continue struggling to achieve enterprise-level security postures amid increasing supply chain attack awareness.

Mar 9, 2026The Hacker News, SANS ISC

chrome-extensionssupply-chainmalware

🇺🇸Google

mediumNation-State & APT

Iranian Prayer App Compromised for US/Israeli Propaganda Campaign

A popular Iranian prayer app with over 5 million downloads was allegedly compromised by US and/or Israeli intelligence services to broadcast propaganda messages to users immediately following explosions in Iran. The rapid deployment suggests pre-existing access to the application infrastructure.

Mar 5, 2026Schneier on Security

nation-statemobile-appspropaganda

🏴Play

🇺🇸Google

highVulnerabilities & Exploits

Multi-Platform RATs, AI-Driven Attacks, and Certificate Abuse: Weekly Vulnerability Roundup

Multiple sophisticated attack campaigns emerged this week, including cross-platform RATs distributed via fake Laravel packages, APT41-linked Silver Dragon targeting governments, and AI-assisted attacks hitting FortiGate devices across 55 countries. Certificate abuse and social engineering tactics continue enabling persistent enterprise access.

Mar 4, 2026The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates

malwareaptsupply-chain

🇨🇳APT41

🇺🇸Google

highNation-State & APT

US Government iPhone Exploitation Toolkit 'Coruna' Allegedly Compromised by Foreign Adversaries

Security researchers have identified evidence suggesting that 'Coruna,' an advanced iPhone exploitation toolkit believed to be developed for US government use, has been obtained by foreign spy agencies and criminal groups. The toolkit's compromise could enable sophisticated surveillance operations against iPhone users globally.

Mar 4, 2026Hacker News (filtered)

mobile-securityios-exploitationgovernment-tools

🇺🇸Apple

highIndustry & Policy

Critical AI Tool Flaws and Supply Chain Exposure Highlight Security Challenges

A critical vulnerability in the popular OpenClaw AI tool joins a growing list of AI security issues, while research reveals 26,000 organizations were impacted by supply chain attacks. Meanwhile, law enforcement scored a major win with 30 arrests from 'The Com' cybercriminal collective.

Mar 3, 2026Dark Reading, Infosecurity Magazine

ai-securitysupply-chainvulnerability-management

mediumData Breaches & Incidents

Iranian Prayer App BadeSaba Compromised to Broadcast Anti-Government Messages

Hackers breached BadeSaba, a widely-used Iranian prayer and calendar application, using the platform to distribute anti-government messages and calls for military defection. The incident highlights the vulnerability of mobile applications as vectors for politically motivated attacks.

Mar 3, 2026Hackread

iranmobile-apphacktivism